rsa remote auth
I am trying to get my openbsd 4.0 box to allow remote ssh logins using an rsa key, i added the key into my ~/.ssh/authorized_keys file, and set permissions on ~/.ssh and ~/.ssh/authorized_keys to 0600 i added the rsa of its self, for testing, however i cant seem to get an ssh session to authenticate with out the password contents of authorized_keys(parts of the key omited): ssh-rsa .== Anyone know what im doing wrong? why it wont authenticate with the rsa key? If anymore info is needed please let me know -- -Lawrence -Student ID 1028219 -CCNA
Re: rsa remote auth
On Wed, 7 Feb 2007, Lawrence Horvath wrote: I am trying to get my openbsd 4.0 box to allow remote ssh logins using an rsa key, i added the key into my ~/.ssh/authorized_keys file, and set permissions on ~/.ssh and ~/.ssh/authorized_keys to 0600 That'll render .ssh almost useless make that 0700 for the dir. -Otto i added the rsa of its self, for testing, however i cant seem to get an ssh session to authenticate with out the password contents of authorized_keys(parts of the key omited): ssh-rsa .== Anyone know what im doing wrong? why it wont authenticate with the rsa key? If anymore info is needed please let me know -- -Lawrence -Student ID 1028219 -CCNA
Re: rsa remote auth
On 2/7/07, Lawrence Horvath [EMAIL PROTECTED] wrote: I am trying to get my openbsd 4.0 box to allow remote ssh logins using an rsa key, i added the key into my ~/.ssh/authorized_keys file, and set permissions on ~/.ssh and ~/.ssh/authorized_keys to 0600 Verify that the user itself is the owner of these files, not root or anyone else. i added the rsa of its self, for testing, however i cant seem to get an ssh session to authenticate with out the password Are there any line breaks in the copied key? 'cat -e ~/.ssh/authorized_keys' might reveal these kind of oopses. Did you place the exact contents of id_{rsa,dsa}.pub and not id_{rsa,dsa}? ssh-rsa .== There's no reason to obfuscate this. Your public key is not sensitive. DS
Re: rsa remote auth
On 2007/02/07 06:49, Lawrence Horvath wrote: and made sure of the file permissions ~/.ssh is 0700 ~/.ssh/authorized_keys is 0600 run sshd -d -p some_port (unless you want to disturb your main daemon on port 22) and watch the screen output while you connect.
Re: rsa remote auth
On 2/7/07, Darren Spruell [EMAIL PROTECTED] wrote: On 2/7/07, Lawrence Horvath [EMAIL PROTECTED] wrote: I am trying to get my openbsd 4.0 box to allow remote ssh logins using an rsa key, i added the key into my ~/.ssh/authorized_keys file, and set permissions on ~/.ssh and ~/.ssh/authorized_keys to 0600 Verify that the user itself is the owner of these files, not root or anyone else. Verified ownership of the file is the user, both owner and group i added the rsa of its self, for testing, however i cant seem to get an ssh session to authenticate with out the password Are there any line breaks in the copied key? 'cat -e ~/.ssh/authorized_keys' might reveal these kind of oopses. used the cat -e command, no line breaks Did you place the exact contents of id_{rsa,dsa}.pub and not id_{rsa,dsa}? I did $cd ~/.ssh $cp id_rsa.pub authorized_keys so yes it would be the exact contents ssh-rsa .== There's no reason to obfuscate this. Your public key is not sensitive. DS and made sure of the file permissions ~/.ssh is 0700 ~/.ssh/authorized_keys is 0600 -- -Lawrence -Student ID 1028219 -CCNA
Re: rsa remote auth
On Wed, Feb 07, 2007 at 06:49:59AM -0800, Lawrence Horvath wrote: [...] and made sure of the file permissions ~/.ssh is 0700 ~/.ssh/authorized_keys is 0600 Also make sure your home dir is not group or world writable. If that's not it then take a look at the server-side debug output as Stuart suggested upthread. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: rsa remote auth
Ahh ok there we go, It was a permissions issue on ~/ i had read and write set for group, changed it to 0700, its now working On 2/7/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/02/07 06:49, Lawrence Horvath wrote: and made sure of the file permissions ~/.ssh is 0700 ~/.ssh/authorized_keys is 0600 run sshd -d -p some_port (unless you want to disturb your main daemon on port 22) and watch the screen output while you connect. -- -Lawrence -Student ID 1028219 -CCNA