From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 20 21:25:38 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C296616A41F
	for <freebsd-questions@freebsd.org>;
	Fri, 20 Jan 2006 21:25:38 +0000 (GMT) (envelope-from dmw@unete.cl)
Received: from qmail3.ifxnetworks.com (qmail3.ifxnetworks.com [200.110.128.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 09C1B43D62
	for <freebsd-questions@freebsd.org>;
	Fri, 20 Jan 2006 21:25:33 +0000 (GMT) (envelope-from dmw@unete.cl)
Received: (qmail 6638 invoked from network); 20 Jan 2006 21:25:32 -0000
X-Spam-DCC: Misty: qmail3.ifxnetworks.com 1170; Body=1 Fuz1=1 Fuz2=1
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on 
	qmail3.ifxnetworks.com
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.5 tests=none autolearn=disabled 
	version=3.1.0
Received: from unknown (HELO dmw.hopto.org) (dmw@unete.cl@[200.73.82.116])
	(envelope-sender <dmw@unete.cl>)
	by qmail3.ifxnetworks.com (qmail-ldap-1.03) with SMTP
	for <freebsd-questions@freebsd.org>; 20 Jan 2006 21:25:20 -0000
Date: Fri, 20 Jan 2006 18:27:41 -0300
From: Daniel Molina Wegener <dmw@unete.cl>
To: Beech Rintoul <akbeech@gmail.com>
Message-ID: <20060120212741.GA988@dmw.hopto.org>
References: <200601191741.58953.akbeech@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Description: message
Content-Disposition: inline
In-Reply-To: <200601191741.58953.akbeech@gmail.com>
Organization: DMW
Cc: freebsd-questions@freebsd.org
Subject: Re: sshd question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Daniel Molina Wegener <dmw@unete.cl>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2006 21:25:38 -0000

   On Thu, Jan 19, 2006 at 05:41:41PM -0900,
   Beech Rintoul wrote:

> I'm trying to set up ssh to use keys to authenticate on       
> a remote server. I've always used passwords in the past.      
> I generated a key pair and exported my public key to          
> ~/.ssh/authorized_keys on the remote machine. I changed       
> sshd_config to "PasswordAuthentication no". when I login the  
> remote machine still asks for a password. What do I change to 
> just use the key to log in?                                   

  Well, that's right, but you must set also the next options:

ChallengeResponseAuthentication         no
PermitEmptyPasswords                    no
PasswordAuthentication                  no
IgnoreRhosts                            yes
IgnoreUserKnownHosts                    yes
HostbasedAuthentication                 no
RhostsRSAAuthentication                 no
PubkeyAuthentication                    yes
PermitRootLogin                         no
StrictModes                             yes

  This could be more secure. Never allow remote users to gain
root access. Instead, put a user in the wheel group to allow
this user to run su(1), also, you can setup a user with uid =
0, on another group to maintain the root user a little bit more
safe.

  Also, the logging options are should be these settings.

SyslogFacility          AUTH
LogLevel                VERBOSE

> Thanks,

  Best regards...

Atte.
-- 
 . 0 . | Daniel Molina Wegener
 . . 0 | dmw at unete dot cl
 0 0 0 | FreeBSD Power User