From owner-freebsd-hackers@FreeBSD.ORG Mon Dec 22 09:22:11 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF0F11065673 for ; Mon, 22 Dec 2008 09:22:10 +0000 (UTC) (envelope-from corne.kotze@za.striata.com) Received: from mail.striata.com (mail.striata.com [196.35.74.195]) by mx1.freebsd.org (Postfix) with ESMTP id F30EE8FC08 for ; Mon, 22 Dec 2008 09:22:09 +0000 (UTC) (envelope-from corne.kotze@za.striata.com) Received: from exchdeux.striata.lan (Not Verified[10.2.37.17]) by mail.striata.com with MailMarshal (v6, 1, 6, 1172) id ; Mon, 22 Dec 2008 11:24:38 +0200 Received: from [10.2.37.62] ([10.2.37.62]) by exchdeux.striata.lan with Microsoft SMTPSVC(5.0.2195.6713); Mon, 22 Dec 2008 11:22:08 +0200 From: Corne Kotze To: rea-fbsd@codelabs.ru In-Reply-To: References: <1229934159.8928.20.camel@jackal> Organization: Striata Date: Mon, 22 Dec 2008 11:22:07 +0200 Message-Id: <1229937727.8928.24.camel@jackal> Mime-Version: 1.0 X-Mailer: Evolution 2.24.2 X-OriginalArrivalTime: 22 Dec 2008 09:22:08.0123 (UTC) FILETIME=[C30CE4B0:01C96416] Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org Subject: Re: SSH Problem X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: cornek@striata.com List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2008 09:22:11 -0000 Hi Eygene, Thank for the reply. Sorry for the ignorance, but I should have added this as well. I am running apart from other things, a secure ftp server on this box as well that chroot the users to their home directories. I got the setup information from the following link: http://www.bsdguides.org/guides/freebsd/security/sftp_chroot_users.php Setting the "rc.conf" file to: sshd_enable="YES" sshd2_enable="NO" Then my sftp setup does not work properly, unless I am missing something that I can set in the "/etc/ssh/sshd_config" file. Thanks again. CK On Mon, 2008-12-22 at 11:58 +0300, Eygene Ryabinkin wrote: > Corne, good day. > > Mon, Dec 22, 2008 at 10:22:39AM +0200, Corne Kotze wrote: > > The issue I have, hope somebody can help me, is with ssh security keys, > > no matter if I use RSA or DSA keys with or without passwords, I still > > have to login with a password to my FreeBSD server. > > It is between a Linux server(Client server) and my FreeBSD server. > > > > My setups are as follows: > > >From client server: > > Linux nagios-server 2.6.23-hardened-r4 #1 SMP > > OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007 > > > > > > To FreeBSD server: > > FreeBSD secure-server 6.1-RELEASE-p17 FreeBSD 6.1-RELEASE-p17 #0: Fri > > May 25 19:54:30 IST 2007 > > root@secure-server:/usr/obj/usr/src/sys/SECURESRV-SMP i386 > > OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 > > > > In my "/etc/rc.conf": > > sshd_enable="NO" > > sshd2_enable="YES" > > There is no 'sshd2_enable' knob, there is only 'sshd_enable' one. > The protocols (and other stuff) are configured in /etc/ssh/sshd_config. > > > I have tried the public key in various directories, in the users home > > directory, ie. > > .ssh/authorized_keys > > .ssh/authorized_keys2 > > > > .ssh2/authorized_keys > > .ssh2/authorized_keys2 > > This is also governed by host's sshd_config: by-default, .ssh/authorized_keys > are used: > ----- > AuthorizedKeysFile .ssh/authorized_keys > ----- > > > Permissions are set to 700 for the .ssh(2) directories and 600 for the > > authorized_keys(2) files. > > That's fine. > > > User and group access are also correct, and connection from the client > > machine is also with the correct user. > > > If I change to the following in my "/etc/rc.conf" file: > > sshd_enable="YES" > > sshd2_enable="NO" > > > > Restart sshd, the keys work fine, no issues, I connect 100% without > > having to type any passwords. > > Yes, it is expected. Forget about sshd2_enable -- 'man sshd_config' is > your friend. And if you're trying to enable only SSHv2, then the > default configuration of OpenSSH should be fine to you -- it allows only > v2 since ages. For your 6.1 only v2 should allowed by-default, but you > can explicitely state it in /etc/ssh/sshd_config, just to be sure. Corne Kotze Systems Administrator Striata messaging innovation E: corne.kotze@za.striata.com T: +27 11 530 9600 F: +27 11 447 9122 This email and all contents are subject to the following disclaimer: http://www.striata.com/_disclaimer/