I'm not sure if this is the right place for this or the security mailing list,
but I am extremely confused by RSA/DSA authentication and using it with 
My current setup is that I have a freebsd box at home acting as a 
I'd like to access it from work using Putty on Windows 2000.  Right now I have 
authentication with a good strong username/password, Denyhosts and I feel safe. 
 I just wanted
to try a little extra security (for kicks) so I started reading and 
implementing RSA.
Well now after reading what there was in the handbook, freebsddairy, and a 
nice article about it on IBM I have no idea how to get this to work and am just
a little frustrated. I believe I'm getting messed up on the public and private 
and where they should go on the computer i'm trying to connect to or connect 
I used ssh-keygen and putty to generate a key (RSA w/passphrase) and both times 
I've gotten 
neither to work from what I've been able to tell.

One time I was close and got something saying that my key's permissions had to 
be changed
because they were to open so I fixed that warning and then it said that my key 
was accepted
and I entered my passphrase. But then just to play around I removed my key 
(wanted to see
if it wouldn't let me connect).  It did and asked for my password not 
passphrase. What I was
hoping for was that the server would see that i didn't have a key and deny my 
access but
saddly it didn't.

Now I'm editing some of my /etc/ssh/sshd_config file like uncommenting:
(correct? I shouldn't be editing /etc/ssh/ssh_config?)

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      /root/.ssh/authorized_keys 
(I did rename the key I was using this and made sure it was all on one line)

PasswordAuthentication no

but I still don't have anything working.  I've restarted sshd by doing:

/etc/rc.d/sshd restart

each time as well. Am I wrong to assume the server should deny
me access if I don't have the key or is using RSA/DSA authentication just to 
myself that I'm actually connecting to my server and not some other person's 
to get my passwords?

Thank you for reading this mess, as you can tell I'm pretty bewildered.

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to