Re: openssh - i'm confused
[EMAIL PROTECTED] writes: I tried changing permissions to 775 and 777 but still get denied errors. Someone mentioned that you should test from the FreeBSD box. Did you do that? What are the results? What does the log say? What do you get, if you start sshd in debug mode on another port? box. I have commented out every line in inetd (they were by default anyway). Is that the same as disabling? No, this way inetd is still running. Set inetd_enable=NO in /etc/rc.conf. Frank To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: openssh - i'm confused
[EMAIL PROTECTED] writes: I checked /var/log/messages and don't see any problem there. Is there another log located somewhere else I should know about? Possibly /var/log/auth.log. I didn't check if access problems will be logged there, so there may be nothing to find. Done, thanks. BTW, what differance does it make to set it to NO in rc.conf and just commenting out all the lines in the file? With NO the program doesn't even start. Why would you want to have a (possibly exploitable) daemon running that doesn't do anything than eating memory and cpu cycles? Frank To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: openssh - i'm confused
Chip Wiegand [EMAIL PROTECTED] writes: I am setting up a web server to be co-located at my isp's office. I am setting up openssh for my connectivity to it. I have run ssh-keygen on it and now have the files identity, identity.pub and authorized_keys in the .ssh directory in my home directory. I have copied the file identity.pub to my w2k box and renamed it to identity.ppk (because that's what the WinSCP program wants). Is this okay to do? Can I now disable telnet and any other inetd services that may be running? Any other suggestions? If you're logging in *from* the Windows box, you want the private key on there, and the public one in authorized_keys on the machine you are connecting *to*. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: openssh - i'm confused
Chip Wiegand wrote: I am setting up a web server to be co-located at my isp's office. I am setting up openssh for my connectivity to it. I have run ssh-keygen on it and now have the files identity, identity.pub and authorized_keys in the .ssh directory in my home directory. I have copied the file identity.pub to my w2k box and renamed it to identity.ppk (because that's what the WinSCP program wants). Is this okay to do? Can I now disable telnet and any other inetd services that may be running? Any other suggestions? Have you ever used ssh before? I've used the system installed ssh/sshd for years and there's very little that needs set up to make it work. You're definately more secure using keygen to make public/private keys, but that's not even necessary. I've used it without generating keys with no problems. Make sure /etc/rc.conf has sshd_enable=YES so the daemon starts, and hook it to your local network and test. It's really not much harder to use than telnet, just much more secure. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
openssh - i'm confused
I am setting up a web server to be co-located at my isp's office. I am setting up openssh for my connectivity to it. I have run ssh-keygen on it and now have the files identity, identity.pub and authorized_keys in the .ssh directory in my home directory. I have copied the file identity.pub to my w2k box and renamed it to identity.ppk (because that's what the WinSCP program wants). Is this okay to do? Can I now disable telnet and any other inetd services that may be running? Any other suggestions? -- Chip Wiegand www.wiegand.org PS I have cc'ed another email address because my company email is currently down, and will be for another day or two, please make sure all replies go to that cc'ed address. Sent via the WebMail system at webmail.pioneernet.net To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: openssh - i'm confused
Chip Wiegand [EMAIL PROTECTED] writes: I am setting up a web server to be co-located at my isp's office. I am setting up openssh for my connectivity to it. I have run ssh-keygen on it and now have the files identity, identity.pub and authorized_keys in the .ssh directory in my home directory. On the server there is only need for the authorized_keys file. It has to contain your public key (from identity.pub). In WinSCP you need your *private* key (from identity). Don't keep your private key on the server! Of course you may work without keys too - password authentication with ssh is still much better than telnet :) okay to do? Can I now disable telnet and any other inetd services that may be running? Any other suggestions? Test if ssh works. If yes, you may disable inetd. Frank To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: openssh - i'm confused
[EMAIL PROTECTED] wrote: Bill Moran [EMAIL PROTECTED] wrote: Chip Wiegand wrote: I am setting up a web server to be co-located at my isp's office. I am setting up openssh for my connectivity to it. I have run ssh-keygen on it and now have the files identity, identity.pub and authorized_keys in the .ssh directory in my home directory. I have copied the file identity.pub to my w2k box and renamed it to identity.ppk (because that's what the WinSCP program wants). Is this okay to do? Can I now disable telnet and any other inetd services that may be running? Any other suggestions? Have you ever used ssh before? I've used the system installed ssh/sshd for years and there's very little that needs set up to make it work. You're definately more secure using keygen to make public/private keys, but that's not even necessary. I've used it without generating keys with no problems. Make sure /etc/rc.conf has sshd_enable=YES so the daemon starts, and hook it to your local network and test. It's really not much harder to use than telnet, just much more secure. Thanks Bill, I have the connection working, rc.conf is set up correctly, inetd has everything commented out, so the box should be reasonably secure. Now to figure out why I can't copy/delete files on it from within the WinSCP program. No matter how I set the permissions on the /usr/local/www/data directory and/or files in it, I can't do anything with them. So it's off to the WinSCP lists I guess. You may want to try logging into itself (via ssh) from the FreeBSD box and scping files that way, it should narrow down whether it's an sshd or WinSCP problem. Good luck. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message