hmnn, I can now login using the ssh client in linux sans the authorization
and identification files (but i do have
authorized_keys as before). But I still cant from my windows client, Putty
SSH.. Where are public keys normally placed on a windows machine? Putty
doesnt come with a config for that... But im still at a loss why root logs
in well from this client while others cannot.. at my linux box, im asked of
an RSA passphrase while at the windows client, a password.. so i guess
that's
a fallback authentication in the windows client?
----- Original Message -----
From: Ronneil Camara <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 27, 2000 11:01 AM
Subject: Re: [plug] Openssh too
> Mary Christie Generalao wrote:
>
> > While some on the list are on ssh, then perhaps i can throw in my own
> > problems too. I was able to sucessfully compile openssl and openssh on
> > a redhat 6.1. For ssh, i defined DISABLE_PAM.. when i tried logging
> > thru client, i find it weird to find that only root can login (I set
> > PermitRootLogin to yes), but others cannot even if i make no explicit
> > restrictions. I explicitly added another user thru the directive
> > AllowUsers <username> , but still no luck.. A check on
> > /var/log/messages yields: May 26 12:18:51 max sshd[4263]: Failed
> > password for user from 208.185.235.53 port 1548 The password is
> > correct as entered. Anything i particularly missed? mary christie
> > generalao
>
> I have installed openssl and openssh before. I'm using rsa for the
> authentication and 3des as my preferred cipher.
> Did you create authorization and identification file under $HOME/.ssh?
> Did you make a copy of $HOME/.ssh/identity.pub to
> $HOME/.ssh/authorized_keys? And make sure that the perms should be
> similar below
>
> -rw-r----- 1 ronneilc ronneilc 18 Apr 6 11:51 authorization
> -rw-r----- 1 ronneilc ronneilc 336 Apr 6 11:50 authorized_keys
> -rw-r----- 1 ronneilc ronneilc 16 Apr 6 11:51 identification
> -rw-r----- 1 ronneilc ronneilc 532 Apr 6 11:49 identity
> -rw-r----- 1 ronneilc ronneilc 336 Apr 6 11:49 identity.pub
>
> Btw, eto ang mga laman ng dalawang file ko.
>
> [ronneilc@firewall .ssh]$ cat authorization
> Key identity.pub
>
> [ronneilc@firewall .ssh]$ cat identification
> IdKey identity
>
> Eto naman ang laman ng /etc/ssh/sshd_config
>
/*------------------------------------------BEGIN---------------------------
-------------*/
>
> [root@firewall ssh]# cat sshd_config
> # This is ssh server systemwide configuration file.
>
> Port 22
> ListenAddress 0.0.0.0
> #ListenAddress ::
> HostKey /etc/ssh/ssh_host_key
> ServerKeyBits 768
> LoginGraceTime 600
> KeyRegenerationInterval 3600
> PermitRootLogin no
> #
> # Don't read ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # Uncomment if you don't trust ~/.ssh/known_hosts for
> RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> StrictModes yes
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd yes
> KeepAlive yes
>
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> #obsoletes QuietMode and FascistLogging
>
> RhostsAuthentication no
> #
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> #
> RSAAuthentication yes
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication no
> PermitEmptyPasswords no
>
> CheckMail no
> UseLogin no
>
/*------------------------------------------END-----------------------------
-----------*/
>
> And I'm using TeraTerm Secure Shell extension, v1.5.1 for Windows 9x.
> All I have to do is to generate an identity in linux using ssh_keygen,
> then download the generated identity file to my Win9x box.
>
> I hope this helps.
>
>
>
> -
> Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
