LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-29-2003, 12:58 AM   #1
thanat0s
LQ Newbie
 
Registered: Aug 2003
Posts: 7

Rep: Reputation: 0
Question ssh RSA key


For the last few nights i've been attempting to get RSA authentication for the user root up and running. My goal is to be able to log in as a regular user using a password but require RSA authentication (which i want to save on a floppy and use Putty to log in) for root access. I'm running the OpenSSH_3.6.1p2 server off a Mandrake 9.1 machine on my network. I thought it would be a simple task to accomplish, was I ever wrong...

my 'ssh -v -l root -i id_rsa 192.168.0.104' output looks like this:

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to rhost [192.168.0.104] port 22.
debug1: Connection established.
debug1: identity file id_rsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.0.104' is known and matches the RSA host key.
debug1: Found key in /home/*user*/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: id_rsa
Enter passphrase for key 'id_rsa':
Enter passphrase for key 'id_rsa':
Enter passphrase for key 'id_rsa':
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password

Notice the three attempted authentications?

Then it asks for a password (which is disabled for root)
I've heard there was a problem with MD5, the authentication used for passphrases on an ssh-key. So i installed the libsasl2-plug-crammd5-2.1.12-1mdk , but to my dismay did not fix my problem

ANY HELP/LINKS/EXPERIENCE will be greatly appreciated... GREATLY
 
Old 09-29-2003, 03:33 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well it'd appear that you've created an rsa with a passphrase in it. if you don't want one you'll need to recreate the rsa key, and just press enter when prompted, instead of typing in a passphrase.
 
Old 09-29-2003, 06:41 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
...besides that you sneaked in this little phrase: "for root access", and I tell you you must NOT do that. "Best practices" advice is to treate and use a regular user account to log in to the system and then use sudo to su to root.
 
Old 09-29-2003, 10:51 PM   #4
thanat0s
LQ Newbie
 
Registered: Aug 2003
Posts: 7

Original Poster
Rep: Reputation: 0
Thank you for you replies.

thank you for noticing the passphrase thing, but yes that was my initial intention, i much rather set it up to be valid ONLY with a passphrase, my concern is more as to how i can add support to the openssh library (OpenSSH_3.6.1p2) to support passphrase authentication through my Putty clilent (on a floppy).
Unspawn: thank you for the security advisory any clues on how to set RSA authentication for a regular user?


preciate any help...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which is better RSA or DSA public key? tarballedtux Linux - Security 12 02-03-2009 07:15 AM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 11:25 AM
RSA host key for 172.17.5.60 has changed ssharma_02 Red Hat 3 11-15-2006 10:55 AM
ssh rsa key changed after upgrade itsjustme Linux - General 11 11-06-2003 10:12 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration