PM
To: Volodymyr Kostyrko
Cc: Erich Dollansky; questi...@freebsd.org; Mannase Nyathi
Subject: Re: SSH on FreeBSD
El dÃa Tuesday, January 15, 2013 a las 02:40:32PM +0200, Volodymyr Kostyrko
escribió:
> > In FreeBSD it is in rc.conf
> >
> > $ man rc.conf | col -b | fgrep -i ssh
&g
15.01.2013 14:48, Frank Staals:
Volodymyr Kostyrko writes:
In FreeBSD there are two ways of enabling sshd: default, fast and easy through
rc.conf and a bit tricky and secure via inetd.conf. Everyone can select their
own poison. I personally prefer the latter one.
You seem to imply that enab
On 15/01/2013 12:51, Matthias Apitz wrote:
Why it is more secure via inetd.conf?
You can centralise access control via TCP Wrappers -
http://www.freebsd.org/doc/handbook/tcpwrappers.html .
--
Bruce Cran
___
freebsd-questions@freebsd.org mailing lis
El día Tuesday, January 15, 2013 a las 02:40:32PM +0200, Volodymyr Kostyrko
escribió:
> > In FreeBSD it is in rc.conf
> >
> > $ man rc.conf | col -b | fgrep -i ssh
>
> In FreeBSD there are two ways of enabling sshd: default, fast and easy
> through rc.conf and a bit tricky and secure via inetd.
Volodymyr Kostyrko writes:
>
> In FreeBSD there are two ways of enabling sshd: default, fast and easy through
> rc.conf and a bit tricky and secure via inetd.conf. Everyone can select their
> own poison. I personally prefer the latter one.
You seem to imply that enabling sshd through inetd is
15.01.2013 12:50, Matthias Apitz:
El día Tuesday, January 15, 2013 a las 05:45:36PM +0700, Erich Dollansky
escribió:
Hi,
On Tue, 15 Jan 2013 10:10:16 +
Mannase Nyathi wrote:
CipherWave Fibre Broadband with FREE installation from only
R8840/month
Good day,
I have just configured FreeB
On Tue, 15 Jan 2013 10:52:04 +
Matthew Seaman articulated:
> On 15/01/2013 10:10, Mannase Nyathi wrote:
> > I have just configured FreeBSD on my server. I would like to find
> > out how can I be able to login to it via ssh?
>
> Start by editing /etc/rc.conf and add the line:
>
> sshd_enable=
El día Tuesday, January 15, 2013 a las 05:45:36PM +0700, Erich Dollansky
escribió:
> Hi,
>
> On Tue, 15 Jan 2013 10:10:16 +
> Mannase Nyathi wrote:
>
> > CipherWave Fibre Broadband with FREE installation from only
> > R8840/month
> >
> > Good day,
> >
> > I have just configured FreeBSD o
On 15/01/2013 10:52, Matthew Seaman wrote:
That's all. sshd will restart automatically after any reboots. You
should be able to log into any ordinary user account remotely using the
account username and password.
Note "ordinary user account" - sshd on FreeBSD disallows root logins by
default
On 15/01/2013 10:10, Mannase Nyathi wrote:
> I have just configured FreeBSD on my server. I would like to find out
> how can I be able to login to it via ssh?
Start by editing /etc/rc.conf and add the line:
sshd_enable="YES"
(anywhere in the file -- order doesn't matter)
Then as root:
/etc/
Hi,
>> I have just configured FreeBSD on my server. I would like to find out
>> how can I be able to login to it via ssh?
>>
>> Looking forward to hear from you soon.
>>
>> Thank you
>>
>
> you must enable ssh in /etc/inetd.conf and then read
Or better, in /etc/rc.conf
sshd_enable="YES"
Olivier
Hi,
On Tue, 15 Jan 2013 10:10:16 +
Mannase Nyathi wrote:
> CipherWave Fibre Broadband with FREE installation from only
> R8840/month
>
> Good day,
>
> I have just configured FreeBSD on my server. I would like to find out
> how can I be able to login to it via ssh?
>
> Looking forward to h
On Tue, Jan 1, 2013 at 10:41 PM, Lowell Gilbert wrote:
>Don't top-post, please.
Sorry for top-posting.. i'll try to keep an eye on it from now on :)
well, cause i got my answer, let's have a conclusion:
According to:
On Tue, Jan 1, 2013 at 10:41 PM, Lowell Gilbert wrote:
>There are a number of k
On Tue, 1 Jan 2013 18:59:05 +0330, takCoder wrote:
> thank you for the details mentioned :)
>
> but now, a questions occurred to me about this ssh key.
> as i don't know enough about its process, would you please tell me whether
> this key is a shared key for all ssh clients who send a request? or
Don't top-post, please.
takCoder writes:
> but now, a questions occurred to me about this ssh key.
> as i don't know enough about its process, would you please tell me whether
> this key is a shared key for all ssh clients who send a request? or it
> differs as the client changes?
There are a n
thank you for the details mentioned :)
but now, a questions occurred to me about this ssh key.
as i don't know enough about its process, would you please tell me whether
this key is a shared key for all ssh clients who send a request? or it
differs as the client changes?
(this question may sound
On Tue, 1 Jan 2013 14:11:21 +0330, takCoder wrote:
> everything is fine until i restart my nanoBSD server. the problem is that
> each time i restart my server, the source system is complaining about that
> i need to edit my known_hosts file cause my nanoBSD hash-code is not
> matched..
>
> how ca
>-- Forwarded message --
>From: Aldis Berjoza
>Date: Tue, Jan 1, 2013 at 2:17 PM
>Subject: Re: ssh server hashcode change on nanoBSD
>
>I've never used NanoBSD, but, check if ssh daemon can write to /etc/ssh/
otherwise it >won't be able to save ssh
Здравствуйте, Drew.
Вы писали 6 января 2012 г., 23:44:28:
DT> On 1/6/2012 12:07 PM, Al Plant wrote:
>> per...@pluto.rain.com wrote:
>>> Al Plant wrote:
>>>
I accessed the sshd from the new install screen as an option when
I loaded it on the test box. I had to set up the lan manually to
> -Original Message-
> From: owner-freebsd-questi...@freebsd.org
> [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Damien Fleuriot
> Sent: Tuesday, September 13, 2011 5:36 AM
> To: freebsd-questions@freebsd.org
> Subject: Re: ssh with bridged ap
>
> On 9/13/
Allow connections to forwarded ports in sshd config
-Original Message-
From: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of George Vagner
Sent: Tuesday, September 13, 2011 8:14 AM
To: freebsd-questions@freebsd.org
Subject: RE: ssh with
er 13, 2011 5:36 AM
To: freebsd-questions@freebsd.org
Subject: Re: ssh with bridged ap
On 9/13/11 3:54 AM, george vagner wrote:
> I have set up wireless AP with a static IP and bridged it to my internal
> wired network on RE0.
>
> I can successfully connect with WPA to the wireless network
On 9/13/11 3:54 AM, george vagner wrote:
> I have set up wireless AP with a static IP and bridged it to my internal
> wired network on RE0.
>
> I can successfully connect with WPA to the wireless network and browse other
> computers on the wired net fine,
> I can log into the freebsd machine using
Frank Shute wrote:
> On Tue, Jul 12, 2011 at 03:18:07AM -0700, per...@pluto.rain.com wrote:
> >
> > DISPLAY is not getting set in a remote shell started by "ssh -X".
...
> Have you tried putting:
>
> DISPLAY=:0.0
>
> in ~/.ssh/environment on the machine that's not setting DISPLAY
> properly?
Wou
Mark Felder wrote:
> On Tue, 12 Jul 2011 00:06:33 -0500, Michael Sierchio
> wrote:
>
> > xauth not in your path?
>
> ssh -Y skips all auth stuff so you don't need xauth; he said that
> didn't work either :-(
Well, apparently, even -Y needs xauth (which was not installed on
the 8.1 system) on th
On Tue, Jul 12, 2011 at 03:18:07AM -0700, per...@pluto.rain.com wrote:
>
> DISPLAY is not getting set in a remote shell started by "ssh -X".
>
> $ echo $DISPLAY
> :0.0
> $ ssh -X [server] 'echo DISPLAY=%$DISPLAY%'
> DISPLAY=%%
>
> How would I go about debugging this?
>
> DISPLAY _is_ set
Eitan Adler wrote:
> > It still fails with the 6.1 system as the ssh client,
> > and works with the 6.1 system as the ssh server
>
> Is X11Forwarding yes set in the server config of the failing
> direction?
Both seem to be defaulted.
On 6.1:
$ egrep -C 2 X11Forwarding /etc/ssh/sshd_config
>
> It still fails with the 6.1 system as the ssh client,
> and works with the 6.1 system as the ssh server
Is X11Forwarding yes set in the server config of the failing direction?
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd
On Tue, 12 Jul 2011 00:06:33 -0500, Michael Sierchio
wrote:
xauth not in your path?
ssh -Y skips all auth stuff so you don't need xauth; he said that didn't
work either :-(
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org
xauth not in your path?
On Tue, Jul 12, 2011 at 4:46 AM, wrote:
> Mark Felder wrote:
>
>> This sounds silly, but what happens if you try ssh -Y
>
> Exactly the same thing as with -X, in either direction.
>
> It still fails with the 6.1 system as the ssh client,
> and works with the 6.1 system a
Mark Felder wrote:
> This sounds silly, but what happens if you try ssh -Y
Exactly the same thing as with -X, in either direction.
It still fails with the 6.1 system as the ssh client,
and works with the 6.1 system as the ssh server
___
freebsd-questi
This sounds silly, but what happens if you try ssh -Y
Regards,
Mark
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.or
On Thu, Mar 31, 2011 at 09:00:02AM -0700, Chris Telting wrote:
> I would like to have something like virtual terminals that continue
> running no matter if ssh is connected to them or not. Something like
> the screen utility. But I don't want to use screen, I'm looking for
> something more aut
* Chris Telting [2011-03-31 09:00:02-0700]:
> Something like the screen utility. But I don't want to use screen,
> I'm looking for something more automated.
tmux can do this, and unlike GNU screen, can be easily scripted. Check
it out, we started using it at $work early year and we had about 2 do
On Thu, 2011-03-31 at 09:00 -0700, Chris Telting wrote:
> I would like to have something like virtual terminals that continue
> running no matter if ssh is connected to them or not. Something like
> the screen utility. But I don't want to use screen,
tmux?
> I'm looking for
> something m
On Fri, Dec 3, 2010 at 4:43 PM, Josh Suid wrote:
> First, where on the ssh client command line (see above) can I specify a more
> liberal timeout value ? Since my interactive session has three or more layers
> of host between it, the whole thing falls apart if even one link slows down a
> bit...
On Fri, Dec 3, 2010 at 6:43 PM, Josh Suid wrote:
> # ssh u...@host ssh u...@host2
> Pseudo-terminal will not be allocated because stdin is not a terminal.
> Permission denied (publickey,keyboard-interactive).
>
> Is there a way to build this tunnel with a single command ? (an ssh
> command,
> run
On 29/11/2010 19:08, Alexander Best wrote:
>>> [bluethu...@lbsd2:~]#ssh sum1
>>> > > Enter passphrase for key '/home/bluethundr/.ssh/id_rsa':
>>> > > [bluethu...@lbsd2:~]#exec ssh-agent bash
> ^^ this looks wrong. i think you want eval `ssh-agent` so the envars get set.
>otherwise ssh-add won'
On Mon Nov 29 10, Brandon Gooch wrote:
> On Mon, Nov 29, 2010 at 8:40 AM, bluethundr wrote:
> > Hey list
> >
> > On my CentOS machines I usually keep track of my rsa key with
> > ssh-agent, ssh-add and keychain
> >
> > I would like to know
> >
> > a) how to install keychain under FreeBSD
> > and
On Mon, Nov 29, 2010 at 8:40 AM, bluethundr wrote:
> Hey list
>
> On my CentOS machines I usually keep track of my rsa key with
> ssh-agent, ssh-add and keychain
>
> I would like to know
>
> a) how to install keychain under FreeBSD
> and
> b) how to fix this error:
>
> [bluethu...@lbsd2:~]#ssh s
Chris Brennan writes:
> > Check perms on /home/user/.ssh/authorized_keys
> > chmod 640 or 600, not 644
>
> That's the permissions of my authorized_keys, I believe that's 0600, some
> systems require a much more restrictive 0400 octal.
>
> -rwxr--r-- 1 chris chris 622B Jun 28 21:36 a
On Fri, Nov 12, 2010 at 5:58 PM, xSAPPYx wrote:
> On Thu, Nov 11, 2010 at 10:06, Jerrin wrote:
> > Hi,
> >
> > On a mac system i generated the key using ssh-keygen -t dsa and copied
> > .ssh/id_dsa.pub to /home/user/.ssh/authorized_keys on a Freebsd server,
> but
> > it prompts for the password
On Thu, Nov 11, 2010 at 10:06, Jerrin wrote:
> Hi,
>
> On a mac system i generated the key using ssh-keygen -t dsa and copied
> .ssh/id_dsa.pub to /home/user/.ssh/authorized_keys on a Freebsd server, but
> it prompts for the password
Check perms on /home/user/.ssh/authorized_keys
chmod 640 or 60
On Thu, Oct 28, 2010 at 10:18:41PM -0400, Mikel King wrote:
> Peter,
>
> Have you verified permissions of 700 on .ssh and 640 on authorized_keys and
> authorized_keys2? If you do not have an authorized_keys2 simply copy the
> former to that name and give it a go.
>
> Cheers,
> Mikel King
Mikel
On Thu, Oct 28, 2010 at 02:17:14PM -0700, Chuck Swiger wrote:
> Hi--
>
> On Oct 28, 2010, at 12:39 PM, Peter Harrison wrote:
> > debug1: trying public key file /home/peter/.ssh/authorized_keys
> > debug1: fd 4 clearing O_NONBLOCK
> > debug3: secure_filename: checking '/usr/home/peter/.ssh'
> > deb
On Thu, Oct 28, 2010 at 10:13:12PM +0100, krad wrote:
> On 28 October 2010 20:39, Peter Harrison wrote:
>
> > Can anyone help me debug an ssh key-based authentication problem?
> >
> > I have an 8.1-R server running sshd, with one user account. On the server,
> > I've used ssh-keygen to generate i
Peter,
Have you verified permissions of 700 on .ssh and 640 on authorized_keys and
authorized_keys2? If you do not have an authorized_keys2 simply copy the former
to that name and give it a go.
Cheers,
Mikel King
_
From: Peter Harrison [mailto:peter.piggy...@virgin.net]
To: questi...@
Hi--
On Oct 28, 2010, at 12:39 PM, Peter Harrison wrote:
> debug1: trying public key file /home/peter/.ssh/authorized_keys
> debug1: fd 4 clearing O_NONBLOCK
> debug3: secure_filename: checking '/usr/home/peter/.ssh'
> debug3: secure_filename: checking '/usr/home/peter'
> debug3: secure_filename:
On Thu, Oct 28, 2010 at 12:39 PM, Peter Harrison
wrote:
> Can anyone help me debug an ssh key-based authentication problem?
>
> I have an 8.1-R server running sshd, with one user account. On the server,
> I've used ssh-keygen to generate id_rsa and id_rsa.pub.
>
> On my laptop I then pulled the
On 28 October 2010 22:13, krad wrote:
>
>
> On 28 October 2010 20:39, Peter Harrison wrote:
>
>> Can anyone help me debug an ssh key-based authentication problem?
>>
>> I have an 8.1-R server running sshd, with one user account. On the server,
>> I've used ssh-keygen to generate id_rsa and id_rs
You have to do the other way
generate at laptop, put in authorized_key at server the public key and
then you will be able to ssh to server from laptop using key
authorization
On Thu, 28 Oct 2010 20:39:53 +0100
Peter Harrison wrote:
> Can anyone help me debug an ssh key-based authentication
On 28 October 2010 20:39, Peter Harrison wrote:
> Can anyone help me debug an ssh key-based authentication problem?
>
> I have an 8.1-R server running sshd, with one user account. On the server,
> I've used ssh-keygen to generate id_rsa and id_rsa.pub.
>
> On my laptop I then pulled the id_rsa.p
On 10/28/10 3:39 PM, Peter Harrison wrote:
Can anyone help me debug an ssh key-based authentication problem?
I have an 8.1-R server running sshd, with one user account. On the server, I've
used ssh-keygen to generate id_rsa and id_rsa.pub.
On my laptop I then pulled the id_rsa.pub file over
On 10/08/10 05.13, Matt Emmerton wrote:
I'm in the middle of dealing with a SSH brute force attack that is
relentless. I'm working on getting sshguard+ipfw in place to deal with
it,
but in the meantime, my box is getting pegged because sshd is accepting
some
connections which are getting stu
On 10/08/10 05.13, Matt Emmerton wrote:
I'm in the middle of dealing with a SSH brute force attack that is
relentless. I'm working on getting sshguard+ipfw in place to deal with it,
but in the meantime, my box is getting pegged because sshd is accepting some
connections which are getting stuck
On 8/9/2010 8:13 PM, Matt Emmerton wrote:
Hi all,
I'm in the middle of dealing with a SSH brute force attack that is
relentless. I'm working on getting sshguard+ipfw in place to deal
with it, but in the meantime, my box is getting pegged because sshd
is accepting some connections which are get
On 10/08/2010 15:25, Dave wrote:
On 8/9/2010 8:13 PM, Matt Emmerton wrote:
Hi all,
I'm in the middle of dealing with a SSH brute force attack that is
relentless. I'm working on getting sshguard+ipfw in place to deal
with it, but in the meantime, my box is getting pegged because sshd
is accep
In freebsd-questions Digest, Vol 323, Issue 3, Message: 35
On Mon, 9 Aug 2010 23:36:57 -0400 "Matt Emmerton" wrote:
> > > I know there's not much I can do about the brute force attacks, but will
> > > upgrading openssh avoid these stuck connections?
> >
> > 1. switch over to using solely RSA
On 8/9/2010 8:13 PM, Matt Emmerton wrote:
> Hi all,
>
> I'm in the middle of dealing with a SSH brute force attack that is
> relentless. I'm working on getting sshguard+ipfw in place to deal
> with it, but in the meantime, my box is getting pegged because sshd
> is accepting some connections whic
Hi, Matt--
On Aug 9, 2010, at 8:13 PM, Matt Emmerton wrote:
> I'm in the middle of dealing with a SSH brute force attack that is
> relentless. I'm working on getting sshguard+ipfw in place to deal with it,
> but in the meantime, my box is getting pegged because sshd is accepting some
> connect
One thing I don't see mentioned a lot is port knocking. It's not perfect
but it does have it's uses.
Since it sounds like you have a lot of users that need to connect you
might be able to adapt it to your situation. I haven't tried this
specific port knocking sequence but you could setup a kno
Hi Matt,
>
> I know there's not much I can do about the brute force attacks, but will
> upgrading openssh avoid these stuck connections?
1. switch over to using solely RSA keys
2. switch to a non-standard port
3. what version of openssh are you currently using?
Best
James_
> I know there's not much I can do about the brute force attacks, but will
> upgrading openssh avoid these stuck connections?
1. switch over to using solely RSA keys
In the works; I have too many users to convert :(
2. switch to a non-standard port
This is not attractive, even though it wou
> I know there's not much I can do about the brute force attacks, but will
> upgrading openssh avoid these stuck connections?
1. switch over to using solely RSA keys
In the works; I have too many users to convert :(
2. switch to a non-standard port
This is not attractive, even though it wo
On Fri, May 07, 2010 at 12:18:25AM -0500, Tim Daneliuk wrote:
> On 5/7/2010 12:13 AM, Gary Kline wrote:
>
>
> >>
> >> What's in your /etc/hosts.allow file?
> >
> >
> >
> > # Start by allowing everything (this prevents the rest of the file
> > # from working, so remove it when you need protecti
On 5/7/2010 12:13 AM, Gary Kline wrote:
>>
>> What's in your /etc/hosts.allow file?
>
>
>
> # Start by allowing everything (this prevents the rest of the file
> # from working, so remove it when you need protection).
> # The rules here work on a "First match wins" basis.
> ALL : ALL : allow
>
On Thu, May 06, 2010 at 04:41:21PM -0500, Tim Daneliuk wrote:
> On 5/6/2010 4:35 PM, Gary Kline wrote:
> > On Thu, May 06, 2010 at 12:32:18PM -0500, Tim Daneliuk wrote:
> >> On 5/6/2010 12:21 PM, Gary Kline wrote:
> >>>
> >>> can anybody help me with ne of my last problems: getting ssh Into
> >>> m
On Thu, May 06, 2010 at 06:20:47PM -0500, Tim Daneliuk wrote:
> > On 5/6/2010 4:41 PM, Tim Daneliuk wrote:
>
>
> >>> pl 14:20 [5036] ssh zen
> >>> ssh: connect to host zen port 22: Connection refused
> >>> pl 14:20 [5037] ssh - zen
> >>> OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb
On Thu, May 06, 2010 at 04:48:30PM -0500, Tim Daneliuk wrote:
> On 5/6/2010 4:41 PM, Tim Daneliuk wrote:
> > On 5/6/2010 4:35 PM, Gary Kline wrote:
> >> On Thu, May 06, 2010 at 12:32:18PM -0500, Tim Daneliuk wrote:
> >>> On 5/6/2010 12:21 PM, Gary Kline wrote:
>
> can anybody help me with
> On 5/6/2010 4:41 PM, Tim Daneliuk wrote:
>>> pl 14:20 [5036] ssh zen
>>> ssh: connect to host zen port 22: Connection refused
>>> pl 14:20 [5037] ssh - zen
>>> OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>> debug2:
On Thu, May 06, 2010 at 04:41:21PM -0500, Tim Daneliuk wrote:
> On 5/6/2010 4:35 PM, Gary Kline wrote:
> > On Thu, May 06, 2010 at 12:32:18PM -0500, Tim Daneliuk wrote:
> >> On 5/6/2010 12:21 PM, Gary Kline wrote:
> >>>
> >>> can anybody help me with ne of my last problems: getting ssh Into
> >>> m
On 5/6/2010 4:41 PM, Tim Daneliuk wrote:
> On 5/6/2010 4:35 PM, Gary Kline wrote:
>> On Thu, May 06, 2010 at 12:32:18PM -0500, Tim Daneliuk wrote:
>>> On 5/6/2010 12:21 PM, Gary Kline wrote:
can anybody help me with ne of my last problems: getting ssh Into
my new comuter? i am able
On 5/6/2010 4:35 PM, Gary Kline wrote:
> On Thu, May 06, 2010 at 12:32:18PM -0500, Tim Daneliuk wrote:
>> On 5/6/2010 12:21 PM, Gary Kline wrote:
>>>
>>> can anybody help me with ne of my last problems: getting ssh Into
>>> my new comuter? i am able to ssh outside. need to scp my config
>>> files
On Thu, May 06, 2010 at 12:32:18PM -0500, Tim Daneliuk wrote:
> On 5/6/2010 12:21 PM, Gary Kline wrote:
> >
> > can anybody help me with ne of my last problems: getting ssh Into
> > my new comuter? i am able to ssh outside. need to scp my config
> > files over.
> >
> > sshd is running on "zen"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/05/2010 18:32:18, Tim Daneliuk wrote:
> 3) If you're running a firewall, make sure that the sshd ports
>(22/tcp and 22/udp) are open for those machines/addresses
>you want to connect into your FreeBSD box.
Despite what it may say in /etc
On 5/6/2010 12:21 PM, Gary Kline wrote:
>
> can anybody help me with ne of my last problems: getting ssh Into
> my new comuter? i am able to ssh outside. need to scp my config
> files over.
>
> sshd is running on "zen"
>
>
This generally involves two or three steps:
1) Make sure /etc/rc.con
On Mon, 05 Apr 2010 12:38:01 -0500, Peggy Wilkins wrote:
> On Mon, Apr 5, 2010 at 4:17 AM, Vincent Hoffman
> wrote:
>>
>> However a note later in the default sshd_config file regarding the
>> UsePAM setting says
>> 'Depending on your PAM configuration,
>> PAM authentication via ChallengeResponse
On Mon, Apr 5, 2010 at 4:17 AM, Vincent Hoffman wrote:
> I missed the rest of this thread so sorry its its been said already. As
> far as I knew the directive
> PermitRootLogin without-password
> in /etc/ssh/sshd_config
> should accomplish what was requested.
>
> However a note later in the defau
You should also consider posting your patch and related content to,
'freebsd-hack...@freebsd.org'.
-Modulok-
On 4/5/10, Marcin Wisnicki wrote:
> On Mon, 05 Apr 2010 10:01:08 +0100, Matthew Seaman wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On 04/04/2010 22:04:35, Marcin W
On Mon, 05 Apr 2010 10:01:08 +0100, Matthew Seaman wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 04/04/2010 22:04:35, Marcin Wisnicki wrote:
>> Is it possible to configure sshd such that both conditions are met:
>>
>> 1. Root will be able to login only by using keys 2. Normal u
On 05/04/2010 10:17, Vincent Hoffman wrote:
> On 05/04/2010 10:01, Matthew Seaman wrote:
>
>> On 04/04/2010 22:04:35, Marcin Wisnicki wrote:
>>
>>> Is it possible to configure sshd such that both conditions are met:
>>>
>>
>>> 1. Root will be able to login only by using keys
>>>
On 05/04/2010 10:01, Matthew Seaman wrote:
> On 04/04/2010 22:04:35, Marcin Wisnicki wrote:
> > Is it possible to configure sshd such that both conditions are met:
>
> > 1. Root will be able to login only by using keys
> > 2. Normal users will still be able to use pam/keyboard-interactive
>
> Only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2010 22:04:35, Marcin Wisnicki wrote:
> Is it possible to configure sshd such that both conditions are met:
>
> 1. Root will be able to login only by using keys
> 2. Normal users will still be able to use pam/keyboard-interactive
Only by run
On 05/04/10 01:35, Marcin Wisnicki wrote:
PasswordAuthentication is already disabled (by default).
I need to disable ChallengeResponseAuthentication however:
/etc/ssh/sshd_config line 131: Directive 'ChallengeResponseAuthentication'
is not allowed within a Match block
Same thing for "Use
On Sun, 04 Apr 2010 23:49:59 +0200, Julian Fagir wrote:
> Hi,
>
>> Is it possible to configure sshd such that both conditions are met:
>>
>> 1. Root will be able to login only by using keys 2. Normal users will
>> still be able to use pam/keyboard-interactive
>
> perhaps the sshd-option "Permit
On Mon, 05 Apr 2010 01:25:09 +0200, Erik Norgaard wrote:
> On 04/04/10 23:04, Marcin Wisnicki wrote:
>> Is it possible to configure sshd such that both conditions are met:
>>
>> 1. Root will be able to login only by using keys 2. Normal users will
>> still be able to use pam/keyboard-interactive
>
On 04/04/2010 22:04, Marcin Wisnicki wrote:
Is it possible to configure sshd such that both conditions are met:
1. Root will be able to login only by using keys
Yes
2. Normal users will still be able to use pam/keyboard-interactive
Yes
see PermitRootLogin section in man sshd_config..
On 04/04/10 23:04, Marcin Wisnicki wrote:
Is it possible to configure sshd such that both conditions are met:
1. Root will be able to login only by using keys
2. Normal users will still be able to use pam/keyboard-interactive
Yes, you can create a Match block with the criteria User, something
On 4 April 2010 22:49, Julian Fagir wrote:
> Hi,
>
> > Is it possible to configure sshd such that both conditions are met:
> >
> > 1. Root will be able to login only by using keys
> > 2. Normal users will still be able to use pam/keyboard-interactive
>
> perhaps the sshd-option "PermitRootLogin"
Hi,
> Is it possible to configure sshd such that both conditions are met:
>
> 1. Root will be able to login only by using keys
> 2. Normal users will still be able to use pam/keyboard-interactive
perhaps the sshd-option "PermitRootLogin" does match your requirements.
To be found in sshd_config (
Hi again,
> I have this weird error since yesterday, one a system that used to be
> working nicely, suddenly:
>
> ssh cores dump when run as non priviledged user, works fine for root
> sshd aborts on signal 11
> [... see my previous mails?]
This seems to be a problem linked to openssl from the p
Hi again,
> I have this weird error since yesterday, one a system that used to be
> working nicely, suddenly:
>
> ssh cores dump when run as non priviledged user, works fine for root
> sshd aborts on signal 11
>
> I tried to reinstall world, but it is the same.
>
> There is openssl installed fr
On Wed, Jan 20, 2010 at 10:49:09PM -0500, Aryeh M. Friedman wrote:
> I need to set up a machine so that I can type "ssh [host]" as root from
> some other host and I get a prompt with super user privs... I already
> have set this up for u...@host for root and ssh host for normal users...
> but r
On Wed, Jan 20, 2010 at 11:09:14PM -0500, Steve Bertrand typed:
> Aryeh M. Friedman wrote:
> > I need to set up a machine so that I can type "ssh [host]" as root from
> > some other host and I get a prompt with super user privs... I already
> > have set this up for u...@host for root and ssh host f
Aryeh M. Friedman wrote:
> I need to set up a machine so that I can type "ssh [host]" as root from
> some other host and I get a prompt with super user privs... I already
> have set this up for u...@host for root and ssh host for normal users...
> but root still asks for a password after I set the
Hi,
Aryeh M. Friedman wrote:
> I need to set up a machine so that I can type "ssh [host]" as root from
> some other host and I get a prompt with super user privs... I already
> have set this up for u...@host for root and ssh host for normal users...
> but root still asks for a password after I
I need to set up a machine so that I can type "ssh [host]" as root from
some other host and I get a prompt with super user privs... I already
have set this up for u...@host for root and ssh host for normal users...
but root still asks for a password after I set the authorized_keys file
in ~root
2009/11/11 Matthias Apitz
> El día Wednesday, November 11, 2009 a las 03:09:44PM +, Vincent Hoffman
> escribió:
>
> > Hi all,
> > I've a bit of an annoying problem that hopefully someone
> > here has delt with before. I have a large(ish) number of ssh keys as i
> > like to keep t
El día Wednesday, November 11, 2009 a las 03:09:44PM +, Vincent Hoffman
escribió:
> Hi all,
> I've a bit of an annoying problem that hopefully someone
> here has delt with before. I have a large(ish) number of ssh keys as i
> like to keep things nicely seperated, I also use longi
Chris Rees wrote:
Although I think it's not a big deal, as long as your id_?sa has
permissions 600 like mine, or even 400.
Chris
The man page for ssh(1) provides a lot of detail about the sensitivity
of the various files related to ssh. To quote it regarding a few of them:
~/.ssh/
1 - 100 of 747 matches
Mail list logo