Jose, >From experience, the two most common problems related to SSH public key authentication are file permissions (of both the directory and authorized_keys file) and the public key not properly concatenated into the authorized keys file.
Make sure it all fits on one line and there are no extra characters at the end. Minh -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Soad Gmail Sent: March-05-08 2:23 PM To: [email protected] Subject: Re: [FW-1] Checkpoint exporting rules Hello all. I been trying to set up an ssh session using ssh keys, this are the steps that I followed: > Generate public and private keys > ssh-keygen -t rsa I used an empty passphrase mv /root/.ssh/id_rsa.pub to my firewall module Change the following lines on sshd_config > #RSAAuthentication yes > #PubkeyAuthentication yes > #AuthorizedKeysFile .ssh/authorized_keys > to: > RSAAuthentication yes > PubkeyAuthentication yes > AuthorizedKeysFile .ssh/authorized_keys and set up the client key on the firewall cat syslog.pub >> /root/.ssh/authorized_keys But I still getting asked for the password I do a lot of modifications on my sshd_config but nothing seems to work. I do exactly the same configuration to allow ssh key from the firewall module to my linux server and it works. My Firewall version: is This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R61) HFA_03, Hotfix 603 - Build 009 sshd version OpenSSH_3.6.1p2 My linux client: soad[.ssh] # uname -a Linux valdivj 2.6.18-5-686 #1 SMP Mon Dec 24 16:41:07 UTC 2007 i686 GNU/Linux soad[.ssh] # ssh -v OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006 This is my ssh debug output: OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 155.17.68.136 [155.17.68.136] port 22. debug1: Connection established. debug1: identity file /home/soad/.ssh/identity type -1 debug1: identity file /home/soad/.ssh/id_rsa type 1 debug1: identity file /home/soad/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9 debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied A parameter was malformed Validation error debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied A parameter was malformed Validation error debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '155.17.68.136' is known and matches the RSA host key. debug1: Found key in /home/soad/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/soad/.ssh/identity debug1: Offering public key: /home/soad/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /home/soad/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password Seems to be like for some reason the public key is not accepted. Regards. -- Jose Valdivia Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
