Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You are looking for YOUR keys in your home directory. These are the keys generated and employed for your use in connecting to an ssh server. The pub/private pair that the machine owns, and uses to facilitate and maintain incoming connections reside in /etc/ssh or /etc/sshd.
I am sorry I didn't phase the question properly. My question is, how come I can still login to Linux using PuTTY on port 22 without a correct public key copied to my Linux account?
Here is what I have done:
1. Linux SuSE 9.0 with openSSH installed.
2. WinNT with PuTTY and SSH enabled.
3. Generate public and private key on PuTTY.
4. *** Did not copy the public key to Linux ***
5. Use PuTTY connect to Linux port 22.
6. Somehow I can still login.
Why did it work? Is my login name and passwd transmitted in SSH? Is my session still inside SSH after I logged in?
Originally posted by aleet2600 login as: user1
Server refused our key
Password:
Last login: Wed Apr 14 18:07:32 2004 from 1.2.3.4
Have a lot of fun...
user1@linux:~>
You tried to send your private key but the server refused it bc it didnt have any public key for user1. So it asked for your linux password and u entered it -> u were successfully logged in.
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes
# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
UsePAM yes
#KeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
Compression yes
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
