Gustav,
>Eric Sisler wrote:
><and Gustav snipped a lot>
[more snippage]
> > 1) On the client, run ssh-keygen (use the -d switch to generate a DSA
> > key). This creates the following files in ~/.ssh
> > identity (ssh1 private key)
> > identity.pub (ssh1 public key)
> > id_dsa (ssh2 private key)
> > id_dsa.pub (ssh2 public key)
>Did that on my 'client' PC. Used the -d switch. Had the files
>~/.ssh/id_dsa and ~/.ssh/id_dsa.pub created for me. Looked into them.
>Seemed all right.
> > 2) The identity.pub and/or id_dsa.pub files need to be appended to the
> > server's (the server you want to ssh *to* that is) ~/.ssh/authorized_keys
> > and ~/.ssh/authorized_keys2 respectively. Create these files if necessary
> > and *make sure* the permissions are 0600. ssh is pretty picky about
> > ownership/permissions for files in ~/.ssh, but it never hurts to make sure.
>Since I didn't have any ~/.ssh/authorized_keys2 file at all on the
>'server' PC, I just copied the ~/.ssh/id_dsa.pub from the 'client' to
>~/.ssh/authorized_keys2 on the 'server' and made sure the permissions on
>~/.ssh/authorized_keys2 was 0600.
That works.
>At this point I did *not* restart the sshd on the 'server'. (I don't
>think that such user activity should require root to restart the ssh
>daemon, right?)
AFAIK, it shouldn't require a restart of sshd.
>Tried to ssh from the 'client' to the 'server'. Was asked for the
>passphrase. Gave it. Was *also* asked for the login password on the
>'server'. Gave it and was logged in.
>
>Logged out again.
>
>Tried to ssh from the 'client' to the 'server' a second time. Was asked
>for the passphrase. Gave an *invalid* passphrase. Was again asked for
>the login password on the 'server'. Gave it and was logged in.
>
>I.e. the DSA key was *not* used but my ordinary login password was used
>for authentification.
Ok, that's weird. I'm using ssh1 with RSA authentication keys and no
passphrases and it works just fine. I don't have to put in the regular
password. Try ssh with the '-v' swich and examine the output. In the
meantime, I'll create a bogus user w/DSA key & passphrase and see what
happens to me.
>> You also asked about accepting RSA/DSA authentication only.
> > I think setting "PasswordAuthentication" to no in /etc/ssh/sshd_config will
> > prevent regular password authentication.
>With the above setup, I set PasswordAuthentication to no in the 'server'
>PC and restarted sshd.
>
>Tried to ssh from the 'client' to the 'server'. Was asked for the
>passphrase. Gave it. Was *also* asked for the login password on the
>'server'. Gave it but login was refused.
>I.e. the DSA key was *not* used but my ordinary login password was used
>for authentification.
At least refusing the regular password worked as expected - your login was
rejected. We just need to figure out how come it's not accepting your DSA
key & passphrase.
-Eric
Eric Sisler
Library Computer Technician
Westminster Public Library
Westminster, CO, USA
[EMAIL PROTECTED]
Linux - don't fear the Penguin.
Want to know what we use Linux for?
Visit http://gromit.westminster.lib.co.us/linux
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list