Date: Thu, 25 Jan 2007 00:32:15 +0000 From: Gabriel Rossetti <rossettigab@charter.net> To: Matt Ruzicka <matt@frii.com> Cc: freebsd-questions@freebsd.org Subject: Re: **questions** ssh w/ rsa certs not working Message-ID: <45B7FA8F.3030009@charter.net> In-Reply-To: <Pine.BSF.4.64.0701241500490.31475@elara.frii.com> References: <45B7DFB5.2040108@charter.net> <Pine.BSF.4.64.0701241500490.31475@elara.frii.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Ruzicka wrote: > On Wed, 24 Jan 2007, Gabriel Rossetti wrote: > >> The user needing to log in is root (I know this is not good and >> turned off by default), so I re-enabled root login with ssh but like >> I said above, I get a password >> prompt when I do : ssh -l root machine2 whoami > > > Not sure if there is more going on as well, but you might want to set > PermitRootLogin without-password in your sshd_config on the server you > are trying to access. This /should/ give you a bit more security in > that someone won't be able to brute force your root password if I > understand it, but will allow you to login using the sshd keys (if > they are set up properly). Might also check file and directory perms > on .ssh and the different key and authorized_keys2 files involved if > you haven't already, seems perms often bite me.. > I have rwx for user and nothing for group and others. Thanks for the safety tip, I'll do that. I added the -v param to ssh and I found this : debug1: Remote: Your host 'machine2' is not permitted to use this key for login. after playing around with it I found two problems : 1) FreeBSD uses ~/.ssh/authorized_keys and not ~/.ssh/authorized_keys2 like linux 2) I had put : from="machine1" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....] to limit from where I can login, in my ~/.ssh/authorized_keys and it doesn't seem to like that (from="machine1" ) any ideas why it doesn't like the 2nd point? Thanks, Gabriel > Matt Ruzicka - Senior Systems Administrator > FRII > 970-212-0728 matt@frii.net > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45B7FA8F.3030009>