ssh-keygen -t rsa

then look in your /etc/ssh/sshd_config and see -
HostKey /etc/ssh/ssh_host_rsa_key, uncomment that line if it's not all ready.

RSAAuthentication
PubkeyAuthentication
AuthorizedKeysFile

than add-
AllowUsers
for whom should be allowed in.

I have been getting these types of things for like three months. I really hate people like that that don't have anything better to do but go around and muck with other peoples' data!

thank you man, I had trouble with this so far because no article was exacty about this matter and especially my problem was with sshd_config because I don't have 2 machines all the time to test only when I'm in my office I have it as a client machine to test my home server and as you can imagine if I mess up the conf I don't have connection )

btw: when u have let's say one user in allowed users do we need deny used line in sshd_config although it works for me but I can't understand from the log exactly if it's denied by this criteria or because no such user at all

I also had these attempts almost everyday with my sshd server.
Is tracking the ip's and e-mailing the ISP worth doing, or just a waste of time?

i would have to see the line that you mean.

this is a spot of mine. you can tell what it means.
Mar 27 11:53:25 xxxxx sshd[21772]: User root not allowed because not listed in AllowUsers

Mar 25 05:38:34 fbi sshd[20078]: Failed password for invalid user test from 211.
176.33.46 port 59510 ssh2
Mar 25 05:38:39 fbi sshd[20083]: Failed password for invalid user guest from 211
.176.33.46 port 59666 ssh2
Mar 25 05:38:45 fbi sshd[20088]: Failed password for invalid user admin from 211
.176.33.46 port 59807 ssh2
Mar 25 05:38:50 fbi sshd[20093]: Failed password for invalid user admin from 211
.176.33.46 port 59948 ssh2

well they are in sshd_config:

AllowUsers XXXXXX
DenyGroups root bin daemon sys adm tty disk lp mem kmem wheel floppy mail news uucp man games slocate utmp smmsp mysql rpc sshd shadow ftp nogroup console xcdwrite
DenyUsers root bin daemon adm lp sync shutdown halt mail news uucp operator games ftp smmsp mysql rpc sshd nobody test guest user admin apache www wwwrun httpd irc www-data www pamela cosmin noc patrick horde iceuser rolo data matt jane deniro

but it's not looking like yours what am I doing wrong?

so I have the keys in my /~/.ssh/id_rsa and .pub I imported the id_rsa in my client, and when I try key authentication method it's falling back to password auth method

I couldn't find on server log why it's not accepted

maybe it's from AuthorizedKeysFile or HostKey /etc/ssh/ssh_host_rsa_key section?
also I'm trying to allow only key auth method so it should not accept the fallback to password method?
any help will be very appreciated, thanks in advance!

get rid of the denyusers, denygroups.

look in your sshd_config and see what your keys are supposed to look like and where they are supposed to belong. it's in there, you just have to look.

well I have key as I said in my ~/.ssh (generated with sshkeygen according to user in use)
but also in /etc/ssh/ <- the file specified by Hostkey=
there should be some automatic pointing to the key according to the user attempting to log on.
my main concern is how to enable ONLY RSA based autyhentication?

my sshd_config could be posted but what you suggested is in there in shape

:

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
#ServerKeyBits 768

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
#MaxAuthTries 6


RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

UsePAM=yes

what is wrong here? pls help me out some

run the keygen again. when it asks for you to type in a passwd, just hit enter twice. once that is done, then you have to put your id_pub, the the sever that you want to connect to, in the ~/.ssh/authorized_keys file.

then if things go right, when you type ssh whateverserver you should log right in. i have a problem with a friends that doesn't allow me to, and i've asked and asked to see the file, yet he won't let me. won't even give me the answer to my question so i can make it work. so if it doesn't work for you, i don't know what might be broke to fix it, since mine works fine, and your file looks fine to me.

Change it to UseAPM=no

leaving this on yes allows you to still access the server without key
(least had that problem on my system but could be down to some annomalies between ssh2 and openssh)

I believe I do not need to point out how to run ssh-agent and ssh-add,

well if you may pls tell about ssh-agent and ssh-add

if some one has a good security set sshd_config pls post it here

This has bothered me for years. What I'd like to see is a setup something like this:
1. My main account - no password accepted, key required
2. A dedicated external account - password accepted but would be a very long / hard to
guess password.

That way inside my firewall, my simplier passwords are ok. But from the outside
I have to go through a few extra steps and lengthly passwords to get in. Short of
running 2 sshd daemons, I can't figure out how to accomplish this.