SSH connectivity
I have setup SSH on my linux box. I ran the genkey command to create my rsa1,rsa and dsa keys. I edited the sshd_config file and made the following entries: sshd_config
# Explicitly set who can and who can not login by way of ssh AllowGroups users AllowUsers dabeast # Everything that isn't above DenyGroups root bin daemon sys adm tty disk lp mem kmem wheel floppy mail news uucp man games slocate utmp smmsp mysql rpc sshd shadow ftp nogroup console xcdwrite DenyUsers root bin daemon adm lp sync shutdown halt mail news uucp operator games ftp smmsp mysql rpc sshd nobody test guest user admin apache www wwwrun httpd When I connect using PUTTY I can put my login name: dabeast and then when I attempt to put my password in it says access denied and cuts off. Any ideas? |
Get anything in your logfiles that might narrow it down? SSHD or PAM messages?
What about commenting out the AllowGroups/DenyGroups AllowUsers/DenyUsers statements: does it work then? Also, why are you using both Groups and Users, wouldn't one be sufficient? Additionally, if you are IN (supplementary group) any of the DenyGroups, it WILL deny you. |
By the way, I have a group on my box called "sshusers". I have "AllowGroups sshusers" and add users to that group as needed. All other users are automatically denied, by this action.
|
I have disabled PAM and my other question is under sshd_config if I wanted to change the port that ssh runs on would I just do it in there and or would I also have to change it /etc/services?
|
Only the sshd_config change is neccessary.
|
Yes, check /var/log/messages and/or /var/log/syslog to see what's going on.
I would advise against rsa1. Do you have a line like the following in sshd_config? Code:
Protocol 2 I believe that if you want to do key authentication, you need the following lines in /etc/ssh/sshd_config: Code:
HostKey /etc/ssh/ssh_host_rsa_key Code:
PermitRootLogin no Code:
cp /home/dabeast/.ssh/id_rsa.pub /home/dabeast/.ssh/authorized_keys Hope this helps, Garry ps. If you generated your user's keys without a "password", you can connect via ssh using keypair authentication only (no need to enter any password). To do that, you just need to add the following to sshd_config: Code:
PasswordAuthentication no Don't forget to restart your sshd daemon after editing the config file. |
what is pagent?
|
can you please show me one of your sshd_config files so that I may compare with mine? thanks
|
pageant comes with putty. It's role is (more or less) to automaticaly provide the public key to putty (or pftp, etc) when connecting to a ssh server that requests a public key. When you run it, it sits in your system tray. Just double-click on the icon and choose "add key". The rest is self-explanatory...
Good luck, Garry |
the PAGENT agent is asking me for a Putty *ppk file. How can I convert the *pub file into that format. I am at work using a windows machine trying to connect to my linux box!
|
Is my id_rsa.pub the public key that I need to convert to Putty format in order to be able to use PAGENT. I was reading a little bit about ssh2 format and they are different for different programs like PUTTY OPENSSH and etc.. Please clarify! thanks
|
Yes, I forgot that you have to convert your user's .pub file to a .ppk. This is possible with puttygen (also part of the putty* tools).
Then you run pageant and add the file (you'll have to do this each time unless you create a shortcut that automatically opens the .ppk keyfile). This should do the trick: Code:
"C:\<folder where you unzipped putty>\pageant.exe" <server>.ppk I'm even thinking I don't really need a keyboard/monitor connected to my linux box anymore. Found I switch the KVM over to it much less frequently now that SSH is working. Good luck, Garry |
It still doesnt work. Awnser me one question! Have you seen this happen before where you type in the user name and then swoosh everything disappears. Is this the authenications doing this?
|
When I generated my keys I placed them in etc/ssh directory. Should I copy my ID_RSA.PUB key to the ~/.ssh/authorized_key and is ~ mean your root or is that a separate folder somewhere in cyberspace. Also is authorized_key a file or a folder and if it is a file do I just add the path of my ID_RSA.PUB file inside of authorized_key file? I am a little confused!
|
Well, I believe putty shuts the window. I'm pretty sure it happened to me before I correctly imported the keys in pageant. If you check your ssh logs (I can't remember if the default place is /var/log/syslog or /var/log/messages, but it should be clear if you look at the end of the files). (ie. tail <file>)
The location of they keys is one of the questions I attempted to clarify in my 1st post under this subject. There are 2 sets of keys -- one for the server (in /etc/ssh) and one for the user (in ~/.ssh). Notice the "." (period). And "~" means the user's home directory (if you're logged in as root, it's /root; if a user, it'll be /home/<user>). I would not use the same keys for the server and for the user. That's a very bad idea. Plus it defeats the purpose of key authentication. oh. forgot to clarify. authorized_keys is a file. You can just copy the id_rsa.pub file to the same folder as I mentioned above: Code:
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys Garry |
All times are GMT -5. The time now is 08:48 AM. |