Re: Restricting ssh access to selected hosts
From: MafProd (fake@no.where)
Date: 01/08/03
- Next message: Rimshot: "Re: Kazaa & iptables"
- Previous message: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- In reply to: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- Next in thread: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- Reply: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: MafProd <fake@no.where> Date: Wed, 08 Jan 2003 00:36:42 +0100
Key identification does work with protocol 2. Make sure you have the latest
OpenSSH and generate a key with keygen -b 2048 -t dsa (SSH2 uses a DSA key
instead of RSA). Then copy the public key to the target box with: scp
~/.ssh/id_dsa.pub user@server: Next log on to the target box and use
cat id_dsa.pub >> ~/.ssh/authorized_keys2 Now you should be able to login
with ssh -2 user@server and it should ask you for the passphrase to
/home/user/.ssh/id_dsa
Succes MafProd.
Michael Siebke wrote:
> In article <86isx0r9gp.fsf@potato.vegetable.org.uk>, Tim Haynes wrote:
>>
>> Michael: ssh-keygen(1) is your fwend(TM). Generate some nice pub/private
>> keypairs putting both parts on the clients and appending only the public
>> bit(s) to ~/.ssh/authorized_keys on the server. The login prompt should
>> change from `User@host's password:' to use the sentence `Passphrase for
>> key' instead.
>>
>> You can make the ssh server key-only, by disabling PasswordAuthentication
>> in /etc/ssh/sshd_config.
>
> Thank your for your answer.
>
> Unfortunately, it won't work, yet. As far as I understood the man page,
> this kind of authorization works only with protocol type 1. I generated
> the key pair with the following command:
>
> ssh-keygen -b 2048 -f morpheus-rsa1.key -t rsa1
>
> Note: for some reasons I use the user account "userA" on the client and
> want to login as "userB" on the server.
>
> As you wrote I've copied both key files to the ~/.ssh directory of the
> calling user:
>
> userA@client $ cp morpheus-rsa1.key /home/userA/.ssh/identity
> userA@client $ cp morpheus-rsa1.key.pub /home/userA/.ssh/identity.pub
>
> The public key was copied to the .ssh directory of the user used for ssh
> login on the server:
>
> userB@server $ cp morpheus-rsa1.key.pub /home/userB/.ssh/authorized_keys
>
> Then I tried to login using the command (as 'userA' on the client):
>
> userA@client $ ssh server -l userB
>
> The server stilled asked for a password. After disabling password
> authentication, I won't allow a login anymore.
>
> May be the following information copied from my sshd_config would help
> to find the problem:
>
> # Part(s) of the /etc/ssh/sshd_config file:
>
> Protocol 1,2
> StrictModes yes
>
> AuthorizedKeysFile .ssh/authorized_keys
>
> AllowUsers userB
> PermitRootLogin no
> VerifyReverseMapping no
>
> PasswordAuthentication no
> PermitEmptyPasswords no
>
> PubkeyAuthentication yes
>
> ChallengeResponseAuthentication no
> PAMAuthenticationViaKbdInt no
> GssapiAuthentication no
> GssapiKeyExchange no
>
> RhostsAuthentication no
> IgnoreRhosts yes
> IgnoreUserKnownHosts yes
> RhostsRSAAuthentication yes
>
> # End of file
>
> Do you see anything which may cause the error?
>
> Ciao, Meph
- Next message: Rimshot: "Re: Kazaa & iptables"
- Previous message: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- In reply to: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- Next in thread: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- Reply: Michael Siebke: "Re: Restricting ssh access to selected hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
