Date: Tue, 30 Jan 2024 09:13:06 +1100 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: paulf@quillandmouse.com Cc: freebsd-questions@freebsd.org Subject: Re: Enabling SSHD Message-ID: <a1d9cede-4a11-4539-bb67-495de013735f@heuristicsystems.com.au> In-Reply-To: <20240129191505.4xfntt4zbqsfmjdp@yosemite.mars.lan> References: <20240129125745.fuh6nnc4dooto2oz@yosemite.mars.lan> <CPja5CJLsYzkPuo_qd5lnJuUj6lBBCW2uHo3NcbFubhGSKa2gNEu0ETvjZSAwI_-rQFuVvUJR2s10xbz40uL17k1lpLSCiz8azHd77S9LK8=@proton.me> <BHs6axVCDQRUWc9O5KLVIF5b9tVo_qUIXZfJ3ASj6U-6sfJKBhcSrOn_VWfYfrxOQyFSEZKLjQuHbBKJ57NuwR-jAl7kDRYp7ix7bDVgCfk=@proton.me> <20240129134722.fbwrvamdf2wx4vik@yosemite.mars.lan> <4f60fad9-c5b1-46ea-bfbf-7e654bd5d3d1@FreeBSD.org> <20240129155758.2nnyjihsyiyxztib@yosemite.mars.lan> <CAMPTd_Df3vkozA9EzjTbTrp5eaqUPEHZH=Zh79WRzScy6dKwdQ@mail.gmail.com> <20240129191505.4xfntt4zbqsfmjdp@yosemite.mars.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Paul, You don't need to populate ~/.ssh. It is required if you use ssh keys for outbound connections with keys or because that's the usual place for the authorized_keys file for inbound (to your machine). But you're not doing that. I use a lot of virtualbox VM's for development and use an ssh password to connect to them. This is what I do: 1. Change root's password so you have something in master.passwd to log into. 2. cat /etc/ssh/sshd_config |grep -v "^Port " PermitRootLogin yes AuthorizedKeysFile .ssh/authorized_keys ChallengeResponseAuthentication yes PasswordAuthentication yes UsePAM yes Subsystem sftp /usr/libexec/sftp-server UseDNS no RekeyLimit default none PermitTunnel no UseBlacklist no VersionAddendum Linux-Kali KerberosAuthentication no GSSAPIAuthentication no X11Forwarding no PrintMotd no PrintLastLog no 3. Adjust the client accordingly, I use putty from windoz. 4. Be happy. This is NOT what I have for machines accessible via the internet, where I only use long keys (rsa > 5K), no root, different port, encrypted keys and restrict KEX etc - stuff you'll learn as you progress. Its a lot of fun and "ssh -vv" is your friend. :) Cheers. PS I don't like having sftp but it does make copying convenient On 30/01/2024 6:15 am, Paul M Foster wrote: > On Mon, Jan 29, 2024 at 10:30:52AM -0800, Walter Parker wrote: > >> For a permission denied error, check to see if the files have the >> correct permission (home dir, -/.ssh, other files as used). Also check >> your client to make sure it has the proper permissions. > > On the server (the BSD machine) there are no ~/.ssh files for my user. Does > that matter? On the Linux box (the client), my local ssh files are all > okay. I routinely ssh into other (Linux) boxes on my network. > >> >> The other way to find errors is to start sshd (from the command line) >> with -d and/or -v flags and then try to connect using your ssh client. >> The sshd server will out logging as to what the errors are. It may tell >> you what is causing the permission denied error. > > Lots of gobbledegook, except maybe this: > > debug1: userauth-request for user paulf service ssh-connection method none [preauth] > > Then it does a couple of other things and closes the connection. > > Paul >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a1d9cede-4a11-4539-bb67-495de013735f>