Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
in message [EMAIL PROTECTED], wrote david bryce thusly... Thanks for replying, Garrett! Would you please stop changing the Subject to some meaningless text? If you need attention of someone in particular, please just send them the mail directly. - Parv -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On Thu, 2 Feb 2006 02:33:00 -0500, Parv [EMAIL PROTECTED] said: in message [EMAIL PROTECTED], wrote david bryce thusly... Thanks for replying, Garrett! Would you please stop changing the Subject to some meaningless text? If you need attention of someone in particular, please just send them the mail directly. - Parv -- Thanks for pointing this out, Parv. I will take care in the future to avoid this from happening. Is there any way of replying to a message from the list without subscribing to the list? If the poster cc'ed me when he sent the message to the list, I know I can just reply to that and cc the list, and the freebsd archive web page knows automatically to attach my message to the thread. But what if the poster didn't cc my email? Or if I just want to reply to a message that wasn't sent to me? Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - IMAP accessible web-mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On Feb 1, 2006, at 9:16 PM, david bryce wrote: It looks like someone has installed the ssh2 package on this machine (using pkg_add -r ssh2). So this is not a standard freebsd ssh installation. In fact, testing on another box with freebsd 6, I can connect with Putty using public key authentication. Does anyone know how to get the standard ssh to work on this machine without upsetting things too much? It is currently running a mail server and cvs, so I'm ginger about doing anything radical on it. Doing a ps -ax shows that it's sshd2 that is running, and not sshd. But the binaries ARE there for sshd. Except the hostkey doesn't seem to be there. Could fixing this be as simple as creating a hostkey for sshd as well, and running it on a different port than sshd2 is running on? Hi All, We finally got everything to work using sshd2 (the other option was to remove sshd2 and use sshd, but we got sshd2 to work). All we had to do was generate the key on the server instead of using puttygen (with ssh-keygen2), then put a line pointing to the public key in the .ssh2/authorization file. Then we copied the private key to the windows boxes, opened it in puttygen and saved it again (to convert it to putty's format), put it in pagent, and everything works! Regarding the previous thread about CVS: CVS imports now work perfectly (using the CVSUMASK, which now works because we're using SSH instead of pserver connections). Thank you very much to everyone who helped us getting this to work! This mailing list is terrific, and you guys are great! Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - Email service worth paying for. Try it for free ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On 2006-02-03 13:48, david bryce [EMAIL PROTECTED] wrote: On Thu, 2 Feb 2006 02:33:00 -0500, Parv [EMAIL PROTECTED] said: in message [EMAIL PROTECTED], wrote david bryce thusly... Thanks for replying, Garrett! Would you please stop changing the Subject to some meaningless text? If you need attention of someone in particular, please just send them the mail directly. Thanks for pointing this out, Parv. I will take care in the future to avoid this from happening. Is there any way of replying to a message from the list without subscribing to the list? If the poster cc'ed me when he sent the message to the list, I know I can just reply to that and cc the list, and the freebsd archive web page knows automatically to attach my message to the thread. But what if the poster didn't cc my email? Or if I just want to reply to a message that wasn't sent to me? All the mailers have a reply to all or group reply feature. Just use that by default, and limit reply (to the author only) for responses that you really mean to be personal. Parv is also right that manually editing the subject to add Attention Foo Bar is annoying, as it tends to break sorting of the messages by subject and then by date. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication
On 2006-02-03 13:57, david bryce [EMAIL PROTECTED] wrote: We finally got everything to work using sshd2 [...] Cool! Thanks for posting the details as a followup. Unfortunately, the Attention Foo Bar stuff in the subject will make it hard for people looking in mailing list archives by subject to find the response, but at least it works for thread-sorted messages. Having the way this work in the archives is a definite plus though :) Regarding the previous thread about CVS: CVS imports now work perfectly (using the CVSUMASK, which now works because we're using SSH instead of pserver connections). Heh. I sort of expected that. CVS through ssh is cool and it also lets you commit securely from any place around the world, as long as you have the keys set up correctly ;))) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On Fri, 3 Feb 2006 05:31:48 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: Is there any way of replying to a message from the list without subscribing to the list? If the poster cc'ed me when he sent the message to the list, I know I can just reply to that and cc the list, and the freebsd archive web page knows automatically to attach my message to the thread. But what if the poster didn't cc my email? Or if I just want to reply to a message that wasn't sent to me? All the mailers have a reply to all or group reply feature. Just use that by default, and limit reply (to the author only) for responses that you really mean to be personal. Thanks, Giorgos. I think I didn't explain myself clearly in my question. To rephrase: If I am not subscribed to the mailing list, is there a way I can reply to a message from the list (and have it attached to the correct thread)? Also, supposing I just subscribed to the mailing list today: is there a way I can reply to a message that appeared on the list last month (that I saw in the web based archive)? I.e a message that was sent to the list before I subscribed to the list. Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - A fast, anti-spam email service. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication
On Fri, 3 Feb 2006 05:35:21 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: On 2006-02-03 13:57, david bryce [EMAIL PROTECTED] wrote: We finally got everything to work using sshd2 [...] Cool! Thanks for posting the details as a followup. Unfortunately, the Attention Foo Bar stuff in the subject will make it hard for people looking in mailing list archives by subject to find the response, but at least it works for thread-sorted messages. Having the way this work in the archives is a definite plus though :) Regarding the previous thread about CVS: CVS imports now work perfectly (using the CVSUMASK, which now works because we're using SSH instead of pserver connections). Heh. I sort of expected that. CVS through ssh is cool and it also lets you commit securely from any place around the world, as long as you have the keys set up correctly ;))) Thanks very much, Giorgos! Your help on this has been wonderful! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - A no graphics, no pop-ups email service ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On 2006-02-03 14:42, david bryce [EMAIL PROTECTED] wrote: On Fri, 3 Feb 2006 05:31:48 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: Is there any way of replying to a message from the list without subscribing to the list? If the poster cc'ed me when he sent the message to the list, I know I can just reply to that and cc the list, and the freebsd archive web page knows automatically to attach my message to the thread. But what if the poster didn't cc my email? Or if I just want to reply to a message that wasn't sent to me? All the mailers have a reply to all or group reply feature. Just use that by default, and limit reply (to the author only) for responses that you really mean to be personal. Thanks, Giorgos. I think I didn't explain myself clearly in my question. To rephrase: If I am not subscribed to the mailing list, is there a way I can reply to a message from the list (and have it attached to the correct thread)? Not easily. Also, supposing I just subscribed to the mailing list today: is there a way I can reply to a message that appeared on the list last month (that I saw in the web based archive)? I.e a message that was sent to the list before I subscribed to the list. You can download raw copies of the messages from: http://docs.freebsd.org/mail/ and import these into your mailer, i.e. this week's freebsd-questions traffic is available at: http://docs.freebsd.org/mail/archive/2006/freebsd-questions/20060129.freebsd-questions.html By following the [Archive] link near the bottom of the page, you can download a compressed mailbox with the messages displayed in each week's listing. Then replying works as usual :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On Fri, 3 Feb 2006 05:49:00 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: Also, supposing I just subscribed to the mailing list today: is there a way I can reply to a message that appeared on the list last month (that I saw in the web based archive)? I.e a message that was sent to the list before I subscribed to the list. You can download raw copies of the messages from: http://docs.freebsd.org/mail/ and import these into your mailer, i.e. this week's freebsd-questions traffic is available at: http://docs.freebsd.org/mail/archive/2006/freebsd-questions/20060129.freebsd-questions.html By following the [Archive] link near the bottom of the page, you can download a compressed mailbox with the messages displayed in each week's listing. Then replying works as usual :) Thanks, Giorgos! I assume the compressed mailbox would be in unix format, and not work with the web mailer I use (www.fastmail.fm). I used to be subscribed to the mailing list but the constant flow of messages is a bit distracting. I subscribed to the mailing list again today, and this time set it automatically direct all messages from the mailing list to a separate folder. Although I dont think this web mailer let's you automatically delete messages older than a few days. Which will cause it fill up... Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On 2006-02-03 15:18, david bryce [EMAIL PROTECTED] wrote: On Fri, 3 Feb 2006 05:49:00 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: You can download raw copies of the messages from: http://docs.freebsd.org/mail/ Thanks, Giorgos! I assume the compressed mailbox would be in unix format, and not work with the web mailer I use (www.fastmail.fm). Ouch! Probably not... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Tue, 31 Jan 2006 11:41:35 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: Giorgos, Thanks very much for replying! I wasn't aware of this environment variable (even though I spent quite a while on this problem). Using CVSUMASK certainly works when working on the server machine! We are currently using a pserver installation, with developers using windows machines. We need a way to achieve the same effect with a user on a windows machine doing an import. Do you have any idea how this can be done? Thank you! I'm not sure. I know that the setting of CVSUMASK on the server machine works if you use SSH tunneling though. If it's not too much trouble, you can set up SSH-based authentication instead of :pserver: and make sure the .bashrc or .cshrc of the developers on the server machine sets CVSUMASK correctly. SSH-tunneled CVS is what the FreeBSD project uses in the official CVS repository, so I guess this setup works as expected :) Giorgos, Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. We are getting a 'Key Refused' error when trying to use public key authentication. I have tried doing several things including editing the /etc/ssh/sshd_config file: PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys We also had to make these changes in order to get password based ssh to work: UsePAM no PermitRootLogin yes We also tried putting the public key into various files: .ssh/authorized_keys .ssh/authorized_keys2 .ssh2/authorized_keys .ssh2/authorized_keys2 (and made sure they are not group/world writable. The keys are SSH2 DSA 1024 bits) I tried looking in the /var/log/auth.log file, and what I'm seeing is: Feb 2 10:19:26 mail1 sshd2[15343]: connection from xxx.xx.xxx.x Feb 2 10:19:26 mail1 sshd2[15344]: WARNING: DNS lookup failed for xxx.xx.xxx.\ x. Feb 2 10:19:29 mail1 sshd2[15344]: Local disconnected: Connection closed. Feb 2 10:19:29 mail1 sshd2[15344]: connection lost: 'Connection closed.' (I set LogLevel DEBUG3 in sshd_config. I don't think the DNS error is relevant, because password based ssh is working. But I could wrong. What do you think?) Do you have any idea where I can look to find out why the key is being refused? Are there any other logfiles other than auth.log that could give a clue to what's going wrong? Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - A fast, anti-spam email service. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On 2006-02-02 10:30, david bryce [EMAIL PROTECTED] wrote: On Tue, 31 Jan 2006 11:41:35 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: We are currently using a pserver installation, with developers using windows machines. We need a way to achieve the same effect with a user on a windows machine doing an import. Do you have any idea how this can be done? Thank you! I'm not sure. I know that the setting of CVSUMASK on the server machine works if you use SSH tunneling though. If it's not too much trouble, you can set up SSH-based authentication instead of :pserver: and make sure the .bashrc or .cshrc of the developers on the server machine sets CVSUMASK correctly. SSH-tunneled CVS is what the FreeBSD project uses in the official CVS repository, so I guess this setup works as expected :) Giorgos, Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( Perhaps someone else on freebsd-questions can help with Putty? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Thu, 2 Feb 2006 01:48:37 +0200 Giorgos Keramidas [EMAIL PROTECTED] wrote: I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( erhm.. cd /usr/ports/security/putty;make install :-) -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
Try one or more of the following things: - Use puttygen to import your private key, and then export as .ppk - Load your key.ppk into pageant, and let it manage your private key(s) - Log in using your private key from the server (ie. login to the server with your password, and then from the shell ssh [EMAIL PROTECTED]). Please inform me of your results. On 2/2/06, david bryce [EMAIL PROTECTED] wrote: On Tue, 31 Jan 2006 11:41:35 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: Giorgos, Thanks very much for replying! I wasn't aware of this environment variable (even though I spent quite a while on this problem). Using CVSUMASK certainly works when working on the server machine! We are currently using a pserver installation, with developers using windows machines. We need a way to achieve the same effect with a user on a windows machine doing an import. Do you have any idea how this can be done? Thank you! I'm not sure. I know that the setting of CVSUMASK on the server machine works if you use SSH tunneling though. If it's not too much trouble, you can set up SSH-based authentication instead of :pserver: and make sure the .bashrc or .cshrc of the developers on the server machine sets CVSUMASK correctly. SSH-tunneled CVS is what the FreeBSD project uses in the official CVS repository, so I guess this setup works as expected :) Giorgos, Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. We are getting a 'Key Refused' error when trying to use public key authentication. I have tried doing several things including editing the /etc/ssh/sshd_config file: PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys We also had to make these changes in order to get password based ssh to work: UsePAM no PermitRootLogin yes We also tried putting the public key into various files: .ssh/authorized_keys .ssh/authorized_keys2 .ssh2/authorized_keys .ssh2/authorized_keys2 (and made sure they are not group/world writable. The keys are SSH2 DSA 1024 bits) I tried looking in the /var/log/auth.log file, and what I'm seeing is: Feb 2 10:19:26 mail1 sshd2[15343]: connection from xxx.xx.xxx.x Feb 2 10:19:26 mail1 sshd2[15344]: WARNING: DNS lookup failed for xxx.xx.xxx.\ x. Feb 2 10:19:29 mail1 sshd2[15344]: Local disconnected: Connection closed. Feb 2 10:19:29 mail1 sshd2[15344]: connection lost: 'Connection closed.' (I set LogLevel DEBUG3 in sshd_config. I don't think the DNS error is relevant, because password based ssh is working. But I could wrong. What do you think?) Do you have any idea where I can look to find out why the key is being refused? Are there any other logfiles other than auth.log that could give a clue to what's going wrong? Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - A fast, anti-spam email service. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Thu, 2 Feb 2006 01:48:37 +0200, Giorgos Keramidas Giorgos, Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( Perhaps someone else on freebsd-questions can help with Putty? Thanks, Giorgos! What about on the freebsd server side? Are there any logfiles I can look at on the server? Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - mmm... Fastmail... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Thu, 2 Feb 2006 01:04:19 +0100, Daniel A. [EMAIL PROTECTED] said: Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. We are getting a 'Key Refused' error when trying to use public key authentication. I have tried doing several things including editing the /etc/ssh/sshd_config file: Try one or more of the following things: - Use puttygen to import your private key, and then export as .ppk - Load your key.ppk into pageant, and let it manage your private key(s) - Log in using your private key from the server (ie. login to the server with your password, and then from the shell ssh [EMAIL PROTECTED]). Please inform me of your results. Daniel, Thank you for taking the time to reply. We are currently using pageant to manage the private key. However, the keys we are using are generated with puttygen (not from the server). The public key was then copied to the authorized_keys file on the server. Would you recommend generating the keys on the server? Do you have an idea where are some instructions about how to generate the keys on the server? Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - The way an email service should be ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On 2006-02-02 11:27, david bryce [EMAIL PROTECTED] wrote: On Thu, 2 Feb 2006 01:48:37 +0200, Giorgos Keramidas I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( Perhaps someone else on freebsd-questions can help with Putty? What about on the freebsd server side? Are there any logfiles I can look at on the server? Thanks! /var/log/auth.log and /var/log/messages are the ones I'd look at. But I didn't notice anything interesting in the auth.log snippet you posted. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Feb 1, 2006, at 4:33 PM, david bryce wrote: On Thu, 2 Feb 2006 01:04:19 +0100, Daniel A. [EMAIL PROTECTED] said: Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. We are getting a 'Key Refused' error when trying to use public key authentication. I have tried doing several things including editing the /etc/ssh/sshd_config file: Try one or more of the following things: - Use puttygen to import your private key, and then export as .ppk - Load your key.ppk into pageant, and let it manage your private key(s) - Log in using your private key from the server (ie. login to the server with your password, and then from the shell ssh [EMAIL PROTECTED]). Please inform me of your results. Daniel, Thank you for taking the time to reply. We are currently using pageant to manage the private key. However, the keys we are using are generated with puttygen (not from the server). The public key was then copied to the authorized_keys file on the server. Would you recommend generating the keys on the server? Do you have an idea where are some instructions about how to generate the keys on the server? Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - The way an email service should be Can you login using any key in the authorized_keys file? Also, what's the umask for authorized keys (ls -l .ssh/authorized_keys)? -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Thu, Feb 02, 2006 at 11:27:54AM +1100, david bryce wrote: What about on the freebsd server side? Are there any logfiles I can look at on the server? Thanks! I often find it more useful to temporarily run a second sshd on an alternate port, with stderr directed to the console and sshd in no-detach and debug mode. Try the following: $ sshd -d -d -d -e -D -p 222 Then watch the output as you try to connect on that port $ sshd myhost -p 222 If you'd like, you can redirect the output to a file, too, but I find that screen(1)'s scrollback usually is enough for me. -- o--{ Will Maier }--o | jabber:[EMAIL PROTECTED] | email:[EMAIL PROTECTED] | | [EMAIL PROTECTED] | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--* ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On 2006-02-02 00:57, albi [EMAIL PROTECTED] wrote: On Thu, 2 Feb 2006 01:48:37 +0200 Giorgos Keramidas [EMAIL PROTECTED] wrote: I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( erhm.. cd /usr/ports/security/putty;make install :-) Heh! Well, fancy that... That's one of the side-effects of having an SSH client in the base-system, I guess. Thanks to DES, I never needed Putty on FreeBSD so far :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
david bryce wrote: On Thu, 2 Feb 2006 01:04:19 +0100, Daniel A. [EMAIL PROTECTED] said: Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. We are getting a 'Key Refused' error when trying to use public key authentication. I have tried doing several things including editing the /etc/ssh/sshd_config file: Try one or more of the following things: - Use puttygen to import your private key, and then export as .ppk - Load your key.ppk into pageant, and let it manage your private key(s) - Log in using your private key from the server (ie. login to the server with your password, and then from the shell ssh [EMAIL PROTECTED]). Please inform me of your results. Daniel, Thank you for taking the time to reply. We are currently using pageant to manage the private key. However, the keys we are using are generated with puttygen (not from the server). The public key was then copied to the authorized_keys file on the server. Would you recommend generating the keys on the server? Do you have an idea where are some instructions about how to generate the keys on the server? Thanks! Regards, DB Out of curiosity did you use save public key or copy and paste out of the public key for pasting in openssh authorized_keys file box? If I remember correctly, the save public key does not produce an openssh compatible public key. Doing the copy and paste routine should work. HTH, Micah ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Feb 1, 2006, at 4:54 PM, Giorgos Keramidas wrote: On 2006-02-02 00:57, albi [EMAIL PROTECTED] wrote: On Thu, 2 Feb 2006 01:48:37 +0200 Giorgos Keramidas [EMAIL PROTECTED] wrote: I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( erhm.. cd /usr/ports/security/putty;make install :-) Heh! Well, fancy that... That's one of the side-effects of having an SSH client in the base-system, I guess. Thanks to DES, I never needed Putty on FreeBSD so far :) Putty's just a nice lightweight GUI ssh client for Windows that was ported to Unix sometime in the past 2 years. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Thu, 2 Feb 2006 02:38:29 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: On 2006-02-02 11:27, david bryce [EMAIL PROTECTED] wrote: On Thu, 2 Feb 2006 01:48:37 +0200, Giorgos Keramidas I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( Perhaps someone else on freebsd-questions can help with Putty? What about on the freebsd server side? Are there any logfiles I can look at on the server? Thanks! /var/log/auth.log and /var/log/messages are the ones I'd look at. But I didn't notice anything interesting in the auth.log snippet you posted. Thanks, Giorgos! /var/log/messages didn't have anything in it either. You'd think there'd be a way to force sshd to write to the log why it rejected a private key. Thank you! Regards. DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - Access all of your messages and folders wherever you are ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Wed, 01 Feb 2006 16:59:53 -0800, Micah [EMAIL PROTECTED] said: david bryce wrote: We are currently using pageant to manage the private key. However, the keys we are using are generated with puttygen (not from the server). The public key was then copied to the authorized_keys file on the server. Would you recommend generating the keys on the server? Do you have an idea where are some instructions about how to generate the keys on the server? Thanks! Regards, DB Out of curiosity did you use save public key or copy and paste out of the public key for pasting in openssh authorized_keys file box? If I remember correctly, the save public key does not produce an openssh compatible public key. Doing the copy and paste routine should work. HTH, Micah Thanks, Micah! I did use copy and paste out of the public key memo box. Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - Send your email first class ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
Daniel, Thank you for taking the time to reply. We are currently using pageant to manage the private key. However, the keys we are using are generated with puttygen (not from the server). The public key was then copied to the authorized_keys file on the server. Would you recommend generating the keys on the server? Do you have an idea where are some instructions about how to generate the keys on the server? Thanks! Can you login using any key in the authorized_keys file? Also, what's the umask for authorized keys (ls -l .ssh/authorized_keys)? -Garrett Thanks for replying, Garrett! There is only one key in the authorized_keys file (the one I'm trying to use), and I cannot login with it. The umask is: -rw-r--r-- 1 root cvs 601 Feb 1 16:08 authorized_keys -rw-r--r-- 1 root cvs 601 Feb 2 10:27 authorized_keys2 -rw-r--r-- 1 root cvs 13 Feb 1 17:10 known_hosts Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - I mean, what is it about a decent email service? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SSH with Public Key Authentication
What about on the freebsd server side? Are there any logfiles I can look at on the server? Thanks! I often find it more useful to temporarily run a second sshd on an alternate port, with stderr directed to the console and sshd in no-detach and debug mode. Try the following: $ sshd -d -d -d -e -D -p 222 Then watch the output as you try to connect on that port $ sshd myhost -p 222 If you'd like, you can redirect the output to a file, too, but I find that screen(1)'s scrollback usually is enough for me. -- o--{ Will Maier }--o | jabber:..wcmaier at jabber.ccc.de | email:..wcmaier at ml1.net | | \.wcmaier at cae.wisc.edu | \..wcmaier at cae.wisc.edu | *--[ BSD Unix: Live Free or Die ]--* Thanks, Will! I think we're finally getting somewhere! The output from this: debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.8.1p1 FreeBSD-20040419 Could not load host key: /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting. Then I tried doing a /usr/local/bin/ssh-keygen -t dsa /etc/ssh/ssh_host_dsa_key. Is this the right way to do it? Probably not, because then I got: debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.8.1p1 FreeBSD-20040419 debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type unknown Could not load host key: /etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting. Doing a /usr/local/bin/ssh-keygen -t rsa /etc/ssh/ssh_host_dsa_key didn't seem to make much difference. Any ideas what to try next? Thank you! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - Email service worth paying for. Try it for free ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
on 02-02-2006, david bryce wrote: Daniel, Thank you for taking the time to reply. We are currently using pageant to manage the private key. However, the keys we are using are generated with puttygen (not from the server). The public key was then copied to the authorized_keys file on the server. Would you recommend generating the keys on the server? Do you have an idea where are some instructions about how to generate the keys on the server? Thanks! Can you login using any key in the authorized_keys file? Also, what's the umask for authorized keys (ls -l .ssh/authorized_keys)? -Garrett Thanks for replying, Garrett! There is only one key in the authorized_keys file (the one I'm trying to use), and I cannot login with it. The umask is: -rw-r--r-- 1 root cvs 601 Feb 1 16:08 authorized_keys -rw-r--r-- 1 root cvs 601 Feb 2 10:27 authorized_keys2 -rw-r--r-- 1 root cvs 13 Feb 1 17:10 known_hosts Thanks! Regards, DB -- david bryce [EMAIL PROTECTED] -- What's the permissions for the .ssh directory. I had problems in the past if it's not 700. There was an entry in /var/log/messages or its equivalent, stating as such. This would come up on new systems, because I usually had to create the .ssh directory and the umask would cause it to have 755. -- Clayton Scott Kern [EMAIL PROTECTED]The software stated it required UNIX System Administrator Microsoft Windows 2000 or higher, FreeBSD, Linux, Solaris so I installed FreeBSD. HP-UX ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On Wed, 1 Feb 2006 23:24:47 -0500, Clayton Scott Kern What's the permissions for the .ssh directory. I had problems in the past if it's not 700. There was an entry in /var/log/messages or its equivalent, stating as such. This would come up on new systems, because I usually had to create the .ssh directory and the umask would cause it to have 755. -- Clayton Scott Kern [EMAIL PROTECTED]The software stated it required UNIX System Administrator Microsoft Windows 2000 or higher, FreeBSD, Linux, Solaris so I installed FreeBSD. HP-UX Thanks, Clayton! It looks like someone has installed the ssh2 package on this machine (using pkg_add -r ssh2). So this is not a standard freebsd ssh installation. In fact, testing on another box with freebsd 6, I can connect with Putty using public key authentication. Does anyone know how to get the standard ssh to work on this machine without upsetting things too much? It is currently running a mail server and cvs, so I'm ginger about doing anything radical on it. Doing a ps -ax shows that it's sshd2 that is running, and not sshd. But the binaries ARE there for sshd. Except the hostkey doesn't seem to be there. Could fixing this be as simple as creating a hostkey for sshd as well, and running it on a different port than sshd2 is running on? Thank you! Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - And now for something completely differentÂ… ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
On Wed, 01 Feb 2006 16:59:53 -0800, Micah [EMAIL PROTECTED] said: david bryce wrote: On Thu, 2 Feb 2006 01:04:19 +0100, Daniel A. [EMAIL PROTECTED] said: Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). Out of curiosity did you use save public key or copy and paste out of the public key for pasting in openssh authorized_keys file box? If I remember correctly, the save public key does not produce an openssh compatible public key. Doing the copy and paste routine should work. HTH, Micah Hi All, I must apologize to all, as there seems to be a sshd2 installation on this machine which was muddying the water. Please see the thread titled Attention: Garrett Cooper (Was: SSH with Public Key Authentication). Regards, DB -- david bryce [EMAIL PROTECTED] -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Attention: Garrett Cooper (Was: SSH with Public Key Authentication)
On Feb 1, 2006, at 9:16 PM, david bryce wrote: On Wed, 1 Feb 2006 23:24:47 -0500, Clayton Scott Kern What's the permissions for the .ssh directory. I had problems in the past if it's not 700. There was an entry in /var/log/messages or its equivalent, stating as such. This would come up on new systems, because I usually had to create the .ssh directory and the umask would cause it to have 755. -- Clayton Scott Kern [EMAIL PROTECTED]The software stated it required UNIX System Administrator Microsoft Windows 2000 or higher, FreeBSD, Linux, Solaris so I installed FreeBSD. HP-UX Thanks, Clayton! It looks like someone has installed the ssh2 package on this machine (using pkg_add -r ssh2). So this is not a standard freebsd ssh installation. In fact, testing on another box with freebsd 6, I can connect with Putty using public key authentication. Does anyone know how to get the standard ssh to work on this machine without upsetting things too much? It is currently running a mail server and cvs, so I'm ginger about doing anything radical on it. Doing a ps -ax shows that it's sshd2 that is running, and not sshd. But the binaries ARE there for sshd. Except the hostkey doesn't seem to be there. Could fixing this be as simple as creating a hostkey for sshd as well, and running it on a different port than sshd2 is running on? Thank you! Regards, DB -- david bryce [EMAIL PROTECTED] Add sshd_enable=YES to /etc/rc.conf and for the time being if you don't want to reboot, run /etc/rc.d/sshd start. Make sure to turn off and disable sshd2 though (there might be a reference to it in rc.conf as well) by running /usr/local/etc/rc.d/sshd2 stop (or something like that). If you're logged in remotely and don't have physical access to the machine, just run /usr/local/etc/rc.d/sshd2 stop /etc/rc.d/sshd start. Note the single ampersand--very important. That should stop the first sshd daemon and start the one you want. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions))
david bryce wrote: On Thu, 2 Feb 2006 02:38:29 +0200, Giorgos Keramidas [EMAIL PROTECTED] said: On 2006-02-02 11:27, david bryce [EMAIL PROTECTED] wrote: On Thu, 2 Feb 2006 01:48:37 +0200, Giorgos Keramidas I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. Unfortunately, I can't help with the Windows side. I'm only using UNIX machines as clients, so Putty is something new to me :-( Perhaps someone else on freebsd-questions can help with Putty? What about on the freebsd server side? Are there any logfiles I can look at on the server? Thanks! /var/log/auth.log and /var/log/messages are the ones I'd look at. But I didn't notice anything interesting in the auth.log snippet you posted. Thanks, Giorgos! /var/log/messages didn't have anything in it either. You'd think there'd be a way to force sshd to write to the log why it rejected a private key. Thank you! You do know that putty generates keys using the preferred SSH2-compatible format of SSH Corp (http://www.ssh.com/) whereas the FreeBSD box you're trying to log into uses the slightly different format from the OpenSSH project (http://www.openssh.org/)? If you generate your keys within putty, then copy the public key onto your FreeBSD box you can convert the format like so: # ssh-keygen -i -f putty.pubkey openssh.pubkey If you examine the two files, you'll see that the differences are that the OpenSSH one doesn't have the 'BEGIN' and 'END' lines, and all of the data is on one single long line. There's also a '-e' option for exporting OpenSSH keys to the SSH2-compatible format. Oh, and to get more logging info out of sshd, run it with 3 '-d' flags on a separate port number: sshd -d -d -d -p That will cause ssh not to daemonize, so it will quit when you end your ssh session. You don't want to run sshd with max debug turned on all the time, as it will potentially leak sensitive information. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
SSH and public key authentication..
Hi all.. I am trying to use public key authentication between a freebsd 4.6 box and a sun box. I have numerous other sun boxes doing publickey authentication, mainly for scp scripts. I have setup the bsd box so it is configured the same. I have generated the keys and copyied the id_dsa.pub to the sun server and placed it in the authorized_keys file. However, everytime I invoke scp or ssh on the bsd box, it is forcing password authentication. Output with -v -v; debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1001 geteuid 1001 anon 1 debug1: Connecting to filestore [10.203.60.137] port 22. debug1: temporarily_use_uid: 1001/1001 (e=1001) debug1: restore_uid debug1: temporarily_use_uid: 1001/1001 (e=1001) debug1: restore_uid debug1: Connection established. debug3: No RSA1 key file /home/esix/.ssh/id_dsa.pub. debug1: identity file /home/esix/.ssh/id_dsa.pub type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1 debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH debug1: Local version string SSH-1.5-OpenSSH_2.9 FreeBSD localisations 20011202 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug3: check_host_in_hostfile: filename /home/esix/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'filestore' is known and matches the RSA1 host key. debug1: Found key in /home/esix/.ssh/known_hosts:1 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. If I do the same on the sun boxes, I see it's authenticating via publickey,password,interactive. What will get ssh on fbsd to do this? TIA Eric To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
SSH and public key authentication..
Hi all.. I am trying to use public key authentication between a freebsd 4.6 box and a sun box. I have numerous other sun boxes doing publickey authentication, mainly for scp scripts. I have setup the bsd box so it is configured the same. I have generated the keys and copyied the id_dsa.pub to the sun server and placed it in the authorized_keys file. However, everytime I invoke scp or ssh on the bsd box, it is forcing password authentication. Output with -v -v; debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 1001 geteuid 1001 anon 1 debug1: Connecting to filestore [10.203.60.137] port 22. debug1: temporarily_use_uid: 1001/1001 (e=1001) debug1: restore_uid debug1: temporarily_use_uid: 1001/1001 (e=1001) debug1: restore_uid debug1: Connection established. debug3: No RSA1 key file /home/esix/.ssh/id_dsa.pub. debug1: identity file /home/esix/.ssh/id_dsa.pub type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1 debug1: match: OpenSSH_3.0.2p1 pat ^OpenSSH debug1: Local version string SSH-1.5-OpenSSH_2.9 FreeBSD localisations 20011202 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug3: check_host_in_hostfile: filename /home/esix/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'filestore' is known and matches the RSA1 host key. debug1: Found key in /home/esix/.ssh/known_hosts:1 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. If I do the same on the sun boxes, I see it's authenticating via publickey,password,interactive. What will get ssh on fbsd to do this? TIA Eric To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message