On Sat, Oct 16, 2010 at 4:12 PM, Basil Kurian <[email protected]> wrote:
>
> Hi Siju
>
> Can you add the details of enabling ssh login into DragonflyBSD box , in that 
> wiki ?
>
> I tried adding  sshd_enable="YES" into rc.conf and rcstart sshd
>

If you try to ssh to a newly installed dfly you will get this error

~$ ssh [email protected]
ssh: connect to host 172.16.50.62 port 22: Connection refused

This is because sshd is not up and running on dfly

At this pint if you check /etc/ssh you only have the following files

# ls
blacklist.DSA-1024      blacklist.RSA-2048      ssh_config
blacklist.DSA-2048      blacklist.RSA-4096      sshd_config
blacklist.RSA-1024      moduli

you don't have any host keys generated for the system

When you start sshd for the first time it is best to start it through
the "/etc/rc.d/sshd" script which will automatically generate the host
keys. For this to work right you need to do the following steps

1) Enable sshd in rc.conf

#echo "sshd_enable=yes" >> /etc/rc.conf

2) Start the sshd server using the rc script


# /etc/rc.d/sshd start
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
........
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
........
Starting sshd.


Now if you go back and look in /etc/ssh you will find more files

# ls
blacklist.DSA-1024      moduli                  ssh_host_key.pub
blacklist.DSA-2048      ssh_config              ssh_host_rsa_key
blacklist.RSA-1024      ssh_host_dsa_key        ssh_host_rsa_key.pub
blacklist.RSA-2048      ssh_host_dsa_key.pub    sshd_config
blacklist.RSA-4096      ssh_host_key

Ok now. if you try to ssh to the dfly you will get the error you got

~$ ssh [email protected]
The authenticity of host '172.16.50.62 (172.16.50.62)' can't be established.
RSA key fingerprint is 46:77:28:c2:70:86:93:1a:23:32:5f:01:2c:80:de:de.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.50.62' (RSA) to the list of known hosts.
Permission denied (publickey).

This is because of the line

# To disable tunneled clear text passwords, change to no here!
# We disable cleartext passwords by default
PasswordAuthentication no

in /etc/ssh/sshd_config to

PasswordAuthentication yes

and

# /etc/rc.d/sshd reload
Reloading sshd config files.

then you can login as a normal user

$ ssh [email protected]
[email protected]'s password:
Last login: Tue Oct 19 04:17:47 2010
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

DragonFly v2.7.3.1283.gfa568-DEVELOPMENT (GENERIC.MP) #3: Thu Oct 14
12:01:24 IST 2010

....

But if you try to ssh login as root to dfly at this point you get an error

$ ssh [email protected]
[email protected]'s password:
Permission denied, please try again.

If you investigate the logs of the dfly server /var/log/auth.log you
will find a line like

Failed password for root from 172.16.2.0 port 59865 ssh2

even if you typed the right password for root.

It is because of the Line


# only allow root logins via public key pair
PermitRootLogin without-password

in /etc/ssh/sshd_config which alloes only SSH key based authentication.

if you change it to

PermitRootLogin yes

and

# /etc/rc.d/sshd reload
Reloading sshd config files.

then you will have

$ ssh [email protected]
[email protected]'s password:
Last login: Fri Oct  8 12:22:40 2010
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

DragonFly v2.7.3.1283.gfa568-DEVELOPMENT (GENERIC.MP) #3: Thu Oct 14
12:01:24 IST 2010

Welcome to DragonFly!

on the dfly log file /var/log/auth.log you will find

Accepted password for root from 172.16.2.0 port 56468 ssh2


I will update the dragonflybsd wiki as i get time.
Thanks for the suggestion :-)

hope this helps

--Siju
_______________________________________________
bsd-india mailing list
[email protected]
http://www.bsd-india.org/mailman/listinfo/bsd-india

Reply via email to