Re: [CentOS] sshd options - centos 5.3
I want to thank everyone for contributing to solving the implementation problem I was having. It seems in the end it was an operator problem. To summarize the results: - regarding sshd port change - uncomment port, and change the port number entry in /etc/ssh/sshd_config. Restart the sshd service. Update /etc/sysconfig/iptables to reflect the port number change from 22 to the port number specified in / etc/ssh/sshd_config, then restart iptables service. - PasswordAuthentication no - this requires an additional option to be change, ChallengeResponseAuthentication no. Having made both of these changes, causes the login to abort is a valid ssh key is not specified. Again many thanks to everyone. _ From: Karl Kobata [mailto:karl.kob...@syncira.com] Sent: Tuesday, September 22, 2009 11:02 AM To: 'centos@centos.org' Subject: sshd options - centos 5.3 I have installed cento 5.3. I enabled the ssh deamon. I have found that 2 options that I normally use does respond as I expect. Has anyone else had similar problems with the following options in sshd_config: - Port - if I set the port to anything other than 22 (default), using ssh -p n...@servername, does not work. Yet if I leave keep the default, then ssh n...@servername allows me to login. - PasswordAuthentication no - if I set this option to no (default is yes), and my ssh key is either missing or in error, I will be prompted for user system login password. If this is set to no, it should not allow me to login if I have not ssh key specified or in error. Has anyone else run into this problem. Is there a workaround? What are my options? Please help. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sshd options - centos 5.3
I have installed cento 5.3. I enabled the ssh deamon. I have found that 2 options that I normally use does respond as I expect. Has anyone else had similar problems with the following options in sshd_config: - Port - if I set the port to anything other than 22 (default), using ssh -p n...@servername, does not work. Yet if I leave keep the default, then ssh n...@servername allows me to login. - PasswordAuthentication no - if I set this option to no (default is yes), and my ssh key is either missing or in error, I will be prompted for user system login password. If this is set to no, it should not allow me to login if I have not ssh key specified or in error. Has anyone else run into this problem. Is there a workaround? What are my options? Please help. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd options - centos 5.3
Hi, On Tue, 2009-09-22 at 11:01 -0700, Karl Kobata wrote: I have installed cento 5.3. I enabled the ssh deamon. I have found that 2 options that I normally use does respond as I expect. Has anyone else had similar problems with the following options in sshd_config: - Port – if I set the port to anything other than 22 (default), using ssh –p n...@servername, does not work. Yet if I leave keep the default, then ssh n...@servername allows me to login. Did you check your iptables rules ? port is closed by default. I use a sshd with port 443, so it should work. - PasswordAuthentication no – if I set this option to “no” (default is “yes”), and my ssh key is either missing or in error, I will be prompted for user system login password. If this is set to “no”, it should not allow me to login if I have not ssh key specified or in error. Has anyone else run into this problem. Erhm.. I remember it does ask for a password but just doesn't let you in. But I can me mistaken :) Regards, Michel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd options - centos 5.3
On Tue, Sep 22, 2009 at 1:01 PM, Karl Kobata karl.kob...@syncira.com wrote: - Port – if I set the port to anything other than 22 (default), using ssh –p n...@servername, does not work. Yet if I leave keep the default, then ssh n...@servername allows me to login. You need to change the port in iptables as well. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd options - centos 5.3
Hi Michel, Hi, On Tue, 2009-09-22 at 11:01 -0700, Karl Kobata wrote: I have installed cento 5.3. I enabled the ssh deamon. I have found that 2 options that I normally use does respond as I expect. Has anyone else had similar problems with the following options in sshd_config: - Port - if I set the port to anything other than 22 (default), using ssh -p name at servername http://lists.centos.org/mailman/listinfo/centos , does not work. Yet if I leave keep the default, then ssh name at servername http://lists.centos.org/mailman/listinfo/centos allows me to login. Did you check your iptables rules ? port is closed by default. I use a sshd with port 443, so it should work. Was this the only change you made to change the port? Did you also makes changes in iptables? - PasswordAuthentication no - if I set this option to no (default is yes), and my ssh key is either missing or in error, I will be prompted for user system login password. If this is set to no, it should not allow me to login if I have not ssh key specified or in error. Has anyone else run into this problem. Erhm.. I remember it does ask for a password but just doesn't let you in. But I can me mistaken :) It does ask you for a password, and if you entered your user system password, It will log you in. I am surprised that this failure exists. Regards, Michel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd options - centos 5.3
Hi Larry, On Tue, Sep 22, 2009 at 1:01 PM, Karl Kobata Karl.Kobata at syncira.com http://lists.centos.org/mailman/listinfo/centos wrote: - Port - if I set the port to anything other than 22 (default), using ssh -p name at servername http://lists.centos.org/mailman/listinfo/centos , does not work. Yet if I leave keep the default, then ssh name at servername http://lists.centos.org/mailman/listinfo/centos allows me to login. You need to change the port in iptables as well. How do I modify the iptables? thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd options - centos 5.3
Hi, On Tue, 2009-09-22 at 11:01 -0700, Karl Kobata wrote: I have installed cento 5.3. I enabled the ssh deamon. I have found that 2 options that I normally use does respond as I expect. Has anyone else had similar problems with the following options in sshd_config: - Port – if I set the port to anything other than 22 (default), using ssh –p name at servername, does not work. Yet if I leave keep the default, then ssh name at servername allows me to login. Did you check your iptables rules ? port is closed by default. I use a sshd with port 443, so it should work. Was this the only change you made to change the port? Yes the only change to change the port in the SSHD. Did you also makes changes in iptables? Of course : iptables -I RH-Firewall-1-INPUT -j ACCEPT -p tcp --dport and after that to make it persistent : service iptables save for more options : man iptables (which you should read before playing with firewalls). - PasswordAuthentication no – if I set this option to “no” (default is “yes”), and my ssh key is either missing or in error, I will be prompted for user system login password. If this is set to “no”, it should not allow me to login if I have not ssh key specified or in error. Has anyone else run into this problem. Erhm.. I remember it does ask for a password but just doesn't let you in. But I can me mistaken :) It does ask you for a password, and if you entered your user system password, It will log you in. I am surprised that this failure exists. I think its not a failure ;) Regards, Michel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd options - centos 5.3
On 09/22/2009 08:48 PM, Karl Kobata wrote: Hi Larry, On Tue, Sep 22, 2009 at 1:01 PM, Karl KobataKarl.Kobata at syncira.com http://lists.centos.org/mailman/listinfo/centos wrote: / - Port -- if I set the port to anything other than 22 (default), using/ / ssh --pname at servername http://lists.centos.org/mailman/listinfo/centos, does not work. Yet if I leave keep the default,/ / then sshname at servername http://lists.centos.org/mailman/listinfo/centos allows me to login./ You need to change the port in iptables as well. How do I modify the iptables? thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi Karl, when iptables is running and sshd is enabled you can change it manually in the cfg file /etc/sysconfig/iptables or with the TUI/GUI Tool like system-config-firewall. Don't forget to restart iptables! regards Gregor Gruener ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd options - centos 5.3
Hi, On Tue, Sep 22, 2009 at 14:01, Karl Kobata karl.kob...@syncira.com wrote: - PasswordAuthentication no – if I set this option to “no” (default is “yes”), and my ssh key is either missing or in error, I will be prompted for user system login password. If this is set to “no”, it should not allow me to login if I have not ssh key specified or in error. Has anyone else run into this problem. This is related to PAM authentication, which is what is used in (most) Linux systems. To prevent sshd from authenticating with passwords I believe you have to set ChallengeResponseAuthentication no instead, at least that is what I gather from reading the comments in /etc/ssh/sshd_config. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos