RE: ssh public key authentication (through putty)

From owner-freebsd-questions Tue Feb 19 2:47:38 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.ucles.org.uk (mail3.ucles.org.uk [192.149.119.13]) by hub.freebsd.org (Postfix) with ESMTP id 3157037B402 for ; Tue, 19 Feb 2002 02:47:25 -0800 (PST) Received: from mail3.ucles.org.uk (unverified) by mail3.ucles.org.uk (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Tue, 19 Feb 2002 10:45:00 +0000 Received: by forest.nrl.navy.mil with Internet Mail Service (5.5.2653.19) id ; Tue, 19 Feb 2002 10:45:00 -0000 Message-ID: <0B0368CED76DD4118E1200D0B73E9B5D02AFD06C@MAIL1> From: Mike Dewhirst To: "'questions@FreeBSD.ORG'" Subject: RE: ssh public key authentication (through putty) Date: Tue, 19 Feb 2002 10:44:56 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1B932.78C4C7B0" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1B932.78C4C7B0 Content-Type: text/plain; charset="iso-8859-1" I'm not sure what the problem was. I've downloaded the latest ver of putty (0.52) and deleted the config file from ~/.ssh - works a treat now. Thanks everyone for suggestions and help. Mike > -----Original Message----- > From: Jason Taylor [mailto:jason@kanda.com] > Sent: 18 February 2002 19:40 > To: Mike Dewhirst > Cc: 'questions@FreeBSD.ORG' > Subject: Re: ssh public key authentication (through putty) > > On Mon, 18 Feb 2002, Mike Dewhirst wrote: > > > it was 611, changed it to 600, no result. > > > > Some specific questions: > > > > 1. what should the name of the keys file be if I'm using > OpenSSH 2.3.0? > > > 2. do I need anything else in the "config" file in my .ssh > dir, on top of > > "RSAAuthentication yes" and "PasswordAuthentication yes"? > > I've never needed to put a config file in my ~/.ssh directory, the > FreeBSD/OpenSSH defaults have always been fine. > > > 3. I am specifying a user under putty's > Connection-->Auto-login username > > option, is this the right thing to do? > > Yes, putty needs to tell the remote system who you are logging in as. > > > 4. Does it matter that the client is behind a firewall? > > If you can connect through putty using SSH with passwords then the > firewall will not cause any problems. > > > I've been battling with this for about a month now, any > help will be greatly > > appreciated. > > These are the steps I just took to get Open SSH (OpenSSH_2.9 FreeBSD > localisations 20011202, SSH protocols 1.5/2.0, OpenSSL 0x0090601f) > Working with putty. I downloaded the latest release of putty from the > putty website. (0.52 - http://www.chiark.greenend.org.uk/~sgtatham/putty/) 1. Create a key using puttygen A) Set to SSH2 DSA (1024 bit) B) Hit Generate C) Enter a passphrasse D) Select & Copy all text from "Public key for pasting into OpenSSH authorized_keys2 file" E) Paste into ~/.ssh/authorized_keys2 (being carefull to check line wrapping) F) Save private / public keys onto the local windows PC. 2. Configure Putty Session->Hostname = remote host Session->Protocol = SSH Connection->Auto-login username = YOUR REMOTE USERNAME Connection->SSH->Preferred SSH Protocol Version = 2 Connection->SSH->Auth->Private key file for authentication = YOUR PRIVATE KEY Then hit open. This works fine from here. Jason. =********************************************************** If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination or copying of this communication and its attachments is strictly prohibited. If you have received this communication and its attachments in error, please return the original message and attachments to the sender using the reply facility on e-mail. Internet communications are not secure and therefore the UCLES Group does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of the UCLES Group unless otherwise specifically stated. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses although this does not guarantee that this email is virus free. **********************************************************= ------_=_NextPart_001_01C1B932.78C4C7B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: ssh public key authentication (through putty)

I'm not sure what the problem was. I've downloaded the la= test ver of putty (0.52) and deleted the config file from ~/.ssh - works a = treat now.

Thanks everyone for suggestions and help.

Mike

> -----Original Message-----
> From: Jason Taylor [mailto:jason@kanda.com]
> Sent: 18 February 2002 19:40
> To: Mike Dewhirst
> Cc: 'questions@FreeBSD.ORG'
> Subject: Re: ssh public key authentication (through= putty)
>
> On Mon, 18 Feb 2002, Mike Dewhirst wrote:
>
> > it was 611, changed it to 600, no result.
> >
> > Some specific questions:
> >
> > 1. what should the name of the keys file be if= I'm using
> OpenSSH 2.3.0?
>
> > 2. do I need anything else in the "config= " file in my .ssh
> dir, on top of
> > "RSAAuthentication yes" and "Pa= sswordAuthentication yes"?
>
> I've never needed to put a config file in my ~/.ssh= directory, the
> FreeBSD/OpenSSH defaults have always been fine.
>
> > 3. I am specifying a user under putty's
> Connection-->Auto-login username
> > option, is this the right thing to do?
>
> Yes, putty needs to tell the remote system who you = are logging in as.
>
> > 4. Does it matter that the client is behind a = firewall?
>
> If you can connect through putty using SSH with pas= swords then the
> firewall will not cause any problems.
>
> > I've been battling with this for about a month= now, any
> help will be greatly
> > appreciated.
>
> These are the steps I just took to get Open SSH (Op= enSSH_2.9 FreeBSD
> localisations 20011202, SSH protocols 1.5/2.0, Open= SSL 0x0090601f)
> Working with putty. I downloaded the latest r= elease of putty from the
> putty website. (0.52 -
http://www.chiark.greenend.org.uk/~sgtatham/putty/= )

1. Create a key using puttygen
A) Set to SSH2 DSA (1024 bit)
B) Hit Generate
C) Enter a passphrasse
D) Select & Copy all text from "Public ke= y for pasting into OpenSSH authorized_keys2 file"
E) Paste into ~/.ssh/authorized_keys2 (being caref= ull to check line wrapping)
F) Save private / public keys onto the local windo= ws PC.

2. Configure Putty

Session->Hostname =3D remote host
Session->Protocol =3D SSH
Connection->Auto-login username =3D YOUR REMOT= E USERNAME
Connection->SSH->Preferred SSH Protocol Ver= sion =3D 2
Connection->SSH->Auth->Private key file = for authentication =3D YOUR PRIVATE KEY

Then hit open. This works fine from here.

Jason.





=3D**********************************************************



If you are not the intended recipient, employee or agent responsible for de=
livering the message to the intended recipient, you are hereby notified tha=
t any dissemination or copying of this communication and its attachments is=
 strictly prohibited.



If you have received this communication and its attachments in error, pleas=
e return the original message and attachments to the sender using the reply=
 facility on e-mail.



Internet communications are not secure and therefore the UCLES Group does n=
ot accept legal responsibility for the contents of this message.  Any views=
 or opinions presented are solely those of the author and do not necessaril=
y represent those of the UCLES Group unless otherwise specifically stated.<=
BR>


This footnote also confirms that this email message has been swept by

MIMEsweeper for the presence of computer viruses although this does not gua=
rantee that this email is virus free.



**********************************************************=3D

------_=_NextPart_001_01C1B932.78C4C7B0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message