hi--just rejoined the list.. anyway can ordinary users connect using ssh? root has a few more configuration variables in /etc/ssh/sshd_config. Here's mine:
# JondZ Tue Feb 18 16:16:35 EST 2003 # PermitRootLogin possible values: yes no without-password forced-commands-only PermitRootLogin without-password #StrictModes yes check out the variable above, could be it... also monitor /var/log/secure on server side (if its there). jondz On Sat, 2004-08-21 at 00:50, Allen Umlas wrote: > --- Eric Noel <[EMAIL PROTECTED]> wrote: > > > Allen Umlas wrote the following on 8/21/2004 12:21 > > PM: > > > > >Fellow Pluggers, > > > > > > I have plenty of linux boxs(Redhat) running > > on > > >my local network, i setup an ssh passwordless with > > my > > >servers, its work almost on my boxes but there is a > > >certain 2 linux box which i cant configure a > > >vice-versa ssh passwordless, heres my scenario > > > > > >server1 connect ssh passwordless to server2 > > > > > > but > > > > > >server2 cannot connect to server1 with or without > > >using ssh passwordless, with password configuration > > >its always hung-up after typing the password. > > > > > >heres what i do to my configuration > > > > > >1. make ssh-keygen generator to client (ssh-keygen > > -t > > >dsa) and created file id_dsa.pub > > > > > >2. copy id_dsa.pub to the servers that i want to > > >connect(cp id_dsa.pub ~.ssh/authorized_keys) > > > > > >3.chmod to 700 .ssh/ > > > > > >4 connect and test using ssh [EMAIL PROTECTED] > > > > > >my other servers work on both servers connection > > ssh > > >passwordless > > > > > >whats seems to be the problem? pls help any > > additional > > >configuration do i have to make. :) > > > > > >TY > > > > > > > > > > > > > > use ssh -v [EMAIL PROTECTED] to have some verbose messages > > which might help > > debugging the problem > heres the result of server1 which cannot connect > > server1 $ ssh -v [EMAIL PROTECTED] > OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL > 0x0090602f > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Rhosts Authentication disabled, originating > port will not be trusted. > debug1: restore_uid > debug1: ssh_connect: getuid 0 geteuid 0 anon 1 > debug1: Connecting to 10.35.0.2 [10.35.0.2] port 22. > debug1: temporarily_use_uid: 0/0 (e=0) > debug1: restore_uid > debug1: temporarily_use_uid: 0/0 (e=0) > > heres the server2 result connected to server 1 > > server2$ ssh -v [EMAIL PROTECTED] > OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL > 0x0090602f > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Rhosts Authentication disabled, originating > port will not be trusted. > debug1: restore_uid > debug1: ssh_connect: getuid 0 geteuid 0 anon 1 > debug1: Connecting to 10.33.21.1 [10.33.21.1] port 22. > debug1: temporarily_use_uid: 0/0 (e=0) > debug1: restore_uid > debug1: temporarily_use_uid: 0/0 (e=0) > debug1: restore_uid > debug1: Connection established. > debug1: read PEM private key done: type DSA > debug1: read PEM private key done: type RSA > debug1: identity file /root/.ssh/identity type -1 > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: identity file /root/.ssh/id_dsa type 2 > debug1: Remote protocol version 1.99, remote software > version OpenSSH_3.1p1 > debug1: match: OpenSSH_3.1p1 pat OpenSSH* > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.1p1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: dh_gen_key: priv key bits set: 137/256 > debug1: bits set: 1624/3191 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host '10.33.21.1' is known and matches the RSA > host key. > debug1: Found key in /root/.ssh/known_hosts:2 > debug1: bits set: 1564/3191 > debug1: ssh_rsa_verify: signature correct > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: done: ssh_kex2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug1: authentications that can continue: > publickey,password,keyboard-interactive > debug1: next auth method to try is publickey > debug1: try privkey: /root/.ssh/identity > debug1: try privkey: /root/.ssh/id_rsa > debug1: try pubkey: /root/.ssh/id_dsa > debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 > lastkey 0x8090258 hint 2 > debug1: read PEM private key done: type DSA > debug1: ssh-userauth2 successful: method publickey > debug1: channel 0: new [client-session] > debug1: send channel open 0 > debug1: Entering interactive session. > debug1: ssh_session2_setup: id 0 > debug1: channel request 0: pty-req > debug1: channel request 0: shell > debug1: fd 5 setting TCP_NODELAY > debug1: channel 0: open confirm rwindow 0 rmax 32768 > > TY. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- JondZ <[EMAIL PROTECTED]> -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
