Date: Thu, 7 Dec 2006 12:44:34 -0500 From: "Erik Richards" <erikr@magnetsusa.com> To: <freebsd-questions@freebsd.org> Subject: RSA/DSA authentication Message-ID: <2150E71679C07E419BDA4250480BCF2202508A58@adonis.magnetsusa.com>
next in thread | raw e-mail | index | archive | help
Greetings, I'm not sure if this is the right place for this or the security mailing = list, but I am extremely confused by RSA/DSA authentication and using it with = OpenSSH. =20 My current setup is that I have a freebsd box at home acting as a = firewall/gateway/webserver. I'd like to access it from work using Putty on Windows 2000. Right now = I have password authentication with a good strong username/password, Denyhosts and I = feel safe. I just wanted to try a little extra security (for kicks) so I started reading and = implementing RSA. Well now after reading what there was in the handbook, freebsddairy, and = a really nice article about it on IBM I have no idea how to get this to work and = am just a little frustrated. I believe I'm getting messed up on the public and = private key and where they should go on the computer i'm trying to connect to or = connect from? I used ssh-keygen and putty to generate a key (RSA w/passphrase) and = both times I've gotten=20 neither to work from what I've been able to tell. One time I was close and got something saying that my key's permissions = had to be changed because they were to open so I fixed that warning and then it said that = my key was accepted and I entered my passphrase. But then just to play around I removed my = key (wanted to see if it wouldn't let me connect). It did and asked for my password not = passphrase. What I was hoping for was that the server would see that i didn't have a key and = deny my access but saddly it didn't. Now I'm editing some of my /etc/ssh/sshd_config file like uncommenting: (correct? I shouldn't be editing /etc/ssh/ssh_config?) RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile /root/.ssh/authorized_keys=20 (I did rename the key I was using this and made sure it was all on one = line) PasswordAuthentication no but I still don't have anything working. I've restarted sshd by doing: /etc/rc.d/sshd restart each time as well. Am I wrong to assume the server should deny me access if I don't have the key or is using RSA/DSA authentication = just to assure myself that I'm actually connecting to my server and not some other = person's trying to get my passwords? Thank you for reading this mess, as you can tell I'm pretty bewildered. Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2150E71679C07E419BDA4250480BCF2202508A58>