Re: ssh configuration problem

From: Ed J. Aivazian (stealth_at_arminco.com)
Date: 07/24/03

  • Next message: Sumit Malhotra: "RE: redhat7.3 login ?" 
    Date: Thu, 24 Jul 2003 13:14:01 +0500
To: secureshell@securityfocus.com

    Hello mehul,
     Run sshd with debug option, show the output.
     Follow the instructions. (from man sshd)

           -d debug_level_spec
                  Debug mode. The server sends verbose debug output to stderr. This option is only
                  intended for debugging for the server. The debugging level is either a number, or a
                  comma-separated list of assignments "ModulePattern=debug_level". This should be the
                  first argument on the command line.
     
     
    Wednesday, July 23, 2003, 2:29:00 PM, you wrote:

    mc> i am having linux box with RedHat 7.2 OS. i downloaded
    mc> openssh-3.6p1
    mc> source, compiled it and installed it. then i changed the
    mc> sshd_config file
    mc> after this when i tried to restart the sshd service it fails
    mc> when
    mc> starting sshd service.

    mc> waiting for reply.

    mc> mehul.

    mc> the contents of the sshd_config files are as follows :-

    mc> # $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

    mc> # This is the sshd server system-wide configuration file. See
    mc> # sshd_config(5) for more information.

    mc> # This sshd was compiled with
    mc> PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

    mc> # The strategy used for options in the default sshd_config shipped
    mc> with
    mc> # OpenSSH is to specify options with their default value where
    mc> # possible, but leave them commented. Uncommented options change
    mc> a
    mc> # default value.

    mc> Port 22
    mc> #Protocol 2,1
    mc> Protocol 2
    mc> #ListenAddress 0.0.0.0
    mc> #ListenAddress ::

    mc> # HostKey for protocol version 1
    mc> #HostKey /usr/local/etc/ssh_host_key
    mc> # HostKeys for protocol version 2
    mc> HostKey /usr/local/etc/ssh_host_rsa_key
    mc> HostKey /usr/local/etc/ssh_host_dsa_key

    mc> # Lifetime and size of ephemeral version 1 server key
    mc> KeyRegenerationInterval 3600
    mc> ServerKeyBits 768

    mc> # Logging
    mc> #obsoletes QuietMode and FascistLogging
    mc> SyslogFacility AUTH
    mc> LogLevel INFO

    mc> # Authentication:

    mc> LoginGraceTime 120
    mc> PermitRootLogin no
    mc> StrictModes yes

    mc> RSAAuthentication yes
    mc> PubkeyAuthentication yes
    mc> AuthorizedKeysFile .ssh/authorized_keys

    mc> # rhosts authentication should not be used
    mc> RhostsAuthentication no
    mc> # Don't read the user's ~/.rhosts and ~/.shosts files
    mc> #IgnoreRhosts yes
    mc> # For this to work you will also need host keys in
    mc> /usr/local/etc/ssh_known_hosts
    mc> #RhostsRSAAuthentication no
    mc> # similar for protocol version 2
    mc> #HostbasedAuthentication no
    mc> # Change to yes if you don't trust ~/.ssh/known_hosts for
    mc> # RhostsRSAAuthentication and HostbasedAuthentication
    mc> #IgnoreUserKnownHosts no

    mc> # To disable tunneled clear text passwords, change to no here!
    mc> PasswordAuthentication no
    mc> #PermitEmptyPasswords no

    mc> # Change to no to disable s/key passwords
    mc> ChallengeResponseAuthentication yes

    mc> # Kerberos options
    mc> #KerberosAuthentication no
    mc> #KerberosOrLocalPasswd yes
    mc> #KerberosTicketCleanup yes

    mc> #AFSTokenPassing no

    mc> # Kerberos TGT Passing only works with the AFS kaserver
    mc> #KerberosTgtPassing no

    mc> # Set this to 'yes' to enable PAM keyboard-interactive
    mc> authentication
    mc> # Warning: enabling this may bypass the setting of
    mc> 'PasswordAuthentication'
    mc> #PAMAuthenticationViaKbdInt no

    mc> #X11Forwarding no
    mc> #X11DisplayOffset 10
    mc> #X11UseLocalhost yes
    mc> #PrintMotd yes
    mc> #PrintLastLog yes
    mc> #KeepAlive yes
    mc> #UseLogin no
    mc> #UsePrivilegeSeparation yes
    mc> #PermitUserEnvironment no
    mc> Compression yes

    mc> #MaxStartups 10
    mc> # no default banner path
    mc> #Banner /some/path
    mc> #VerifyReverseMapping no

    mc> # override default of no subsystems
    mc> Subsystem sftp /usr/local/libexec/sftp-server

    mc> ___________________________________________________
    mc> Download the hottest & happening ringtones here!
    mc> OR SMS: Top tone to 7333
    mc> Click here now:
    mc> http://sms.rediff.com/cgi-bin/ringtone/ringhome.pl 

    -- 
Best regards,
 Ed                            mailto:stealth@arminco.com
  • Next message: Sumit Malhotra: "RE: redhat7.3 login ?"

    Relevant Pages

    • OpenSSH 3.6.1p2 Inoperability Issue
      ... I am running a Linux Debian server at home, ... sshd will not accept connections. ... passwords, even if it is correct, is just says access denied. ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (SSH)
    • OpenBSD2.9 ssh to OpenBSD3.0 sshd - Secure connection to <ipaddress> refused.
      ... from any other machines (ssh client on OpenBSD 2.9, ... I have the default install of sshd on my OpenBSD 2.9 machine working fine. ... HostKey /etc/ssh_host_key ... # Kerberos TGT Passing does only work with the AFS kaserver ...
      (comp.security.ssh)
    • sshd
      ... I have a question concerning sshd. ... I'm unable to connect from outside to my Debian box. ... # To enable empty passwords, ... # Kerberos options ...
      (Debian-User)
    • SSHD password authentication issue in 4.9-RELEASE and 5.1-RELEASE
      ... Wonder if you guys could help me out...have a security problem with sshd ... PasswordAuthentication no ... # HostKey for protocol version 1 ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (FreeBSD-Security)
    • sshd login problems on mandrake
      ... Everything is fine, iptables working fine, sshd running, client running. ... # HostKey for protocol version 1 ... # To disable tunneled clear text passwords, ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (comp.security.ssh)