From owner-freebsd-questions@FreeBSD.ORG Wed Jan 24 23:33:51 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D916116A402 for ; Wed, 24 Jan 2007 23:33:51 +0000 (UTC) (envelope-from rossettigab@charter.net) Received: from smtp-02.datacomm.ch (smtp-02.datacomm.ch [212.40.2.27]) by mx1.freebsd.org (Postfix) with ESMTP id 9D1E013C46A for ; Wed, 24 Jan 2007 23:33:51 +0000 (UTC) (envelope-from rossettigab@charter.net) Received: from [192.168.1.4] (bas-flu-adsl-dynip-201-183.vtx.ch [83.228.201.183]) by smtp-02.datacomm.ch (VTX Datacomm AG) with ESMTP id 4DE1F2A4080; Thu, 25 Jan 2007 00:33:44 +0100 (CET) Message-ID: <45B7FA8F.3030009@charter.net> Date: Thu, 25 Jan 2007 00:32:15 +0000 From: Gabriel Rossetti User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: Matt Ruzicka References: <45B7DFB5.2040108@charter.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: **questions** ssh w/ rsa certs not working X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2007 23:33:51 -0000 Matt Ruzicka wrote: > On Wed, 24 Jan 2007, Gabriel Rossetti wrote: > >> The user needing to log in is root (I know this is not good and >> turned off by default), so I re-enabled root login with ssh but like >> I said above, I get a password >> prompt when I do : ssh -l root machine2 whoami > > > Not sure if there is more going on as well, but you might want to set > PermitRootLogin without-password in your sshd_config on the server you > are trying to access. This /should/ give you a bit more security in > that someone won't be able to brute force your root password if I > understand it, but will allow you to login using the sshd keys (if > they are set up properly). Might also check file and directory perms > on .ssh and the different key and authorized_keys2 files involved if > you haven't already, seems perms often bite me.. > I have rwx for user and nothing for group and others. Thanks for the safety tip, I'll do that. I added the -v param to ssh and I found this : debug1: Remote: Your host 'machine2' is not permitted to use this key for login. after playing around with it I found two problems : 1) FreeBSD uses ~/.ssh/authorized_keys and not ~/.ssh/authorized_keys2 like linux 2) I had put : from="machine1" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....] to limit from where I can login, in my ~/.ssh/authorized_keys and it doesn't seem to like that (from="machine1" ) any ideas why it doesn't like the 2nd point? Thanks, Gabriel > Matt Ruzicka - Senior Systems Administrator > FRII > 970-212-0728 matt@frii.net > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >