sorry for my long one ;-) just send two mails to another (very interesting list) os-group regarding this issue:
but do not forget to use at least OpenSSH 3.0.2 the earlyer rels have a huuughe security hole. Von: Holger Baxmann <[EMAIL PROTECTED]> An: DarwinOS Userlist <[EMAIL PROTECTED]> Betreff: Re: SSH without Password ? Datum: 15 Feb 2002 10:35:06 +0100 just try to cp the identity.pub to authorized_keys2 cause you have the Protocol 2,1 option in your config, so ssh tries @ 1st to connect via ssh2 hth bax Von: Holger Baxmann <[EMAIL PROTECTED]> An: DarwinOS Userlist <[EMAIL PROTECTED]> Betreff: Re: SSH without Password ? Datum: 15 Feb 2002 10:43:32 +0100 soory for beeing incomplete :)) [bax@host136 .ssh]$ ssh-keygen -t rsa [bax@host136 .ssh]$ cat id_rsa.pub >> authorized_keys2 you have to construct a ssh2 priv/pub key pair, named id_rsa and id_rsa.pub the default is -t rsa1 for openssh protocol 1 Am Fre, 2002-02-15 um 10.35 schrieb Holger Baxmann: > just try to cp the identity.pub to authorized_keys2 cause you have the > Protocol 2,1 option in your config, so ssh tries @ 1st to connect via > ssh2 > > hth > bax > > For that i created a private and public key (ssh-keygen) on the client > > host, after that i have copied the public-key (identity.pub) to the > > Server Machine in > > $HOME/.ssh/authorized_keys file of the user home i want to login with to > > the server. > > > > When i try to login it still wants the users password. But as i read in > > the man File the server should authenticate to client with the public > > and private key, without the password. > > > > Can someone help me? > > I do not have a huge expirience with it. > > > > sshd = SSH-1.99-OpenSSH_2.9p2 > > > > This is my sshd_conf file: > > > > # $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $ > > > > # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin > > > > # This is the sshd server system-wide configuration file. See sshd(8) > > # for more information. > > > > Port 22 > > #Protocol 2,1 > > #ListenAddress 0.0.0.0 > > #ListenAddress :: > > HostKey /etc/ssh_host_key > > HostKey /etc/ssh_host_rsa_key > > HostKey /etc/ssh_host_dsa_key > > ServerKeyBits 768 > > LoginGraceTime 600 > > KeyRegenerationInterval 3600 > > PermitRootLogin yes > > # > > # Don't read ~/.rhosts and ~/.shosts files > > IgnoreRhosts yes > > # Uncomment if you don't trust ~/.ssh/known_hosts for > > RhostsRSAAuthentication > > #IgnoreUserKnownHosts yes > > StrictModes yes > > X11Forwarding no > > X11DisplayOffset 10 > > PrintMotd yes > > #PrintLastLog no > > KeepAlive yes > > > > # Logging > > SyslogFacility AUTH > > LogLevel INFO > > #obsoletes QuietMode and FascistLogging > > > > RhostsAuthentication no > > # > > # For this to work you will also need host keys in /etc/ssh_known_hosts > > RhostsRSAAuthentication no > > # similar for protocol version 2 > > HostbasedAuthentication no > > # > > RSAAuthentication yes > > > > # To disable tunneled clear text passwords, change to no here! > > PasswordAuthentication yes > > PermitEmptyPasswords no > > > > # Uncomment to disable s/key passwords > > #ChallengeResponseAuthentication no > > > > # Uncomment to enable PAM keyboard-interactive authentication > > # Warning: enabling this may bypass the setting of > > 'PasswordAuthentication' > > #PAMAuthenticationViaKbdInt yes > > > > # To change Kerberos options > > #KerberosAuthentication no > > #KerberosOrLocalPasswd yes > > #AFSTokenPassing no > > #KerberosTicketCleanup no > > > > # Kerberos TGT Passing does only work with the AFS kaserver > > #KerberosTgtPassing yes > > > > #CheckMail yes > > #UseLogin no > > > > #MaxStartups 10:30:60 > > #Banner /etc/issue.net > > #ReverseMappingCheck yes > > > > Subsystem sftp /usr/libexec/sftp-server > > > > > > > > > > Regards > > Radek > > _______________________________________________ > > darwinos-users mailing list | [EMAIL PROTECTED] > > Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwinos-users > > Do not post admin requests to the list. They will be ignored. > Am Fre, 2002-02-15 um 19.04 schrieb Dave Myers: > I'm alittle confused on where I place the private and public > keys after running ssh-keygen -t dsa > > I'm using openssh-server-2.9p2-11 on a RH 7.2 system > and also using putty.exe release 0.52 > > I copied the private key down to my desktop > and took the default locations for the keys when > I ran ssh-keygen on the S/390 platform??? > > But..I don't get prompted for any passphrase when I try > loggin in using SSH V2 > > I suspect (after reviewing the man pages) that I may > need to tweak the /etc/ssh/sshd_config file to use DSA, > if so...can someone send me an example of that??? > > Tia > Dave
