How to RSA authentication

I configured SSH with RSA authentication.
But when I start SSH , it showed following message. What is it mean?
I think RSA authentication of my server SSH is not good ?

Message is :

"... Disabling protocol version 2. Could not load host key"

Step configuration is :
---------------------------------------------

I have changed config file SSH "/etc/ssh/sshd_config"
(There is not showed other config which is default.)

Port 22

HostKey /etc/ssh/ssh_host_key

KeyRegenerationInterval 3600

SyslogFacility AUTHPRIV

PermitRootLogin no

RsaAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

IgnoreRhosts yes

IgnoreUserKnownHosts yes


X11Forwarding yes

AllowUsers user1 user2

---------------------------------------------

I have created a local RSA key:

ssh-keygen -t rsa -f /home/user/.ssh/user_id.pub

mv .ssh/user_id.pub .ssh/authorized_keys

*********************************

When i login to SSH remote to using (same when i not use it) "user_id.pub" , it is OK.
So i think RSH authentication is not completed.

Could u help me to find my mistake ??????

I don't think that it is the RSA conf but something seems to be going wrong with your Host key file.

If I am not mistaken the conf for Prot2 should have something like this at the top

Furthermore I would change this line to
Also make sure that PAM auth is disabled.

I don't know at the moment if you need both host files or not - I have both.

about the PAM
you should have a line like this somewhere

I'll have a look into the hostkeys

I think rsa is for protocol 1, and dsa is for 2???

Just a thought... I think that's what I read recently....

HTH

YES, So I enabled protocol 1 , desabled protocol 2.
But after this config or ... , showing following error:

"... Disabling protocol version 2. Could not load host key"

I wouldn't enable Prot 1 if I was you - it is unsecure.

SSH2 needs both DSA and RSA keys as hostkeys as SSH knows 3 types of encryptions for Host keys

SSH1 RSA / SSH2 DSA /SSH2 RSA if I am not totally mistaken.

use these commands to generate new SSH2 hoskeypairs (the strenght can be set by you to something higher if wished)
hope it helps

I could it ..........

I have display my config file here for people wich is first time set SSH RSA authentication. We write here How to create host key and other.
Following config only for RSA, when want to use DSA , please change RSA -> dsa.

*************************
I have changed config file SSH "/etc/ssh/sshd_config"
(There is not showed other config which is default.)

Port 22
Protocol 1,2

HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key

KeyRegenerationInterval 3600

PermitRootLogin no

RsaAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

IgnoreRhosts yes

IgnoreUserKnownHosts yes

AllowUsers user1 user2
**********************************

I hope you don't mind me jump starting an old thread. But in case you haven't sorted this out yet...

I was getting the same warning message as you until I changed that to:

I also wouldn't use:

As explained above, it is the "old" (rsa1=protocol1) way of doing things. I would stick with rsa and/or dsa (protocol2).

That makes the following unnecessary, since (I believe) it applies only to rsa1:

I'm not sure about the following settings, but they weren't necessary to get public-key authentication working.

After a few days of learning the ropes and and many hours of trial and error, I think I've managed to get public-key authentication working successfully. So I'm by no means an expert. But if you still haven't gotten it working to your satisfaction, I'd be happy to help.

Garry

I hope you don't mind me asking, why is this preferable to:

Cheers!

Garry

If I'm not entirely mistaken - due to some heavy headaches - it was because some versions of ssh had problems and wanted the full path.

Also I tend to give cfg files the full path to stop confussion.

If it works fine for you with .ssh/ ... then leave it.