From owner-freebsd-questions@FreeBSD.ORG Wed Feb 1 23:30:47 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84F8216A422 for ; Wed, 1 Feb 2006 23:30:47 +0000 (GMT) (envelope-from davidbryce@fastmail.fm) Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FF8A43D8F for ; Wed, 1 Feb 2006 23:30:27 +0000 (GMT) (envelope-from davidbryce@fastmail.fm) Received: from frontend1.internal (mysql-sessions.internal [10.202.2.149]) by frontend1.messagingengine.com (Postfix) with ESMTP id B9A0AD336F8; Wed, 1 Feb 2006 18:30:25 -0500 (EST) Received: from web2.messagingengine.com ([10.202.2.211]) by frontend1.internal (MEProxy); Wed, 01 Feb 2006 18:30:25 -0500 Received: by web2.messagingengine.com (Postfix, from userid 99) id CFAA2E9FF; Wed, 1 Feb 2006 18:30:16 -0500 (EST) Message-Id: <1138836616.370.253326484@webmail.messagingengine.com> X-Sasl-Enc: kxCFduh+jszcIOGtwY3trvAmhIJexSC49uiQCACASwBG 1138836616 From: "david bryce" To: freebsd-questions@freebsd.org Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="ISO-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 5022 (F2.73; T1.15; A1.64; B3.05; Q3.03) References: <1138676399.30955.253148220@webmail.messagingengine.com> <20060131094135.GA2042@flame.pc> In-Reply-To: <20060131094135.GA2042@flame.pc> Date: Thu, 02 Feb 2006 10:30:16 +1100 Cc: Giorgos Keramidas Subject: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions)) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2006 23:30:47 -0000 On Tue, 31 Jan 2006 11:41:35 +0200, "Giorgos Keramidas" said: > > Giorgos, > > > > Thanks very much for replying! I wasn't aware of this environment > > variable (even though I spent quite a while on this problem). Using > > CVSUMASK certainly works when working on the server machine! > > > > We are currently using a pserver installation, with developers using > > windows machines. We need a way to achieve the same effect with a user on > > a windows machine doing an import. Do you have any idea how this can be > > done? Thank you! > > I'm not sure. I know that the setting of CVSUMASK on the server machine > works if you use SSH tunneling though. If it's not too much trouble, you > can set up SSH-based authentication instead of :pserver: and make sure > the > .bashrc or .cshrc of the developers on the server machine sets CVSUMASK > correctly. > > SSH-tunneled CVS is what the FreeBSD project uses in the official CVS > repository, so I guess this setup works as expected :) Giorgos, Thanks again for taking the time to reply. I have tried using SSH in the past, and got stuck setting up the public key login (that's why we're using pserver). I spent a few hours yesterday trying to get SSH going again. I can login with SSH from the windows machine using Putty, but only when I use password authentication. In order to use cvs with ssh (using the plink program in Putty), we must use public key authentication. We are getting a 'Key Refused' error when trying to use public key authentication. I have tried doing several things including editing the /etc/ssh/sshd_config file: PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys We also had to make these changes in order to get password based ssh to work: UsePAM no PermitRootLogin yes We also tried putting the public key into various files: .ssh/authorized_keys .ssh/authorized_keys2 .ssh2/authorized_keys .ssh2/authorized_keys2 (and made sure they are not group/world writable. The keys are SSH2 DSA 1024 bits) I tried looking in the /var/log/auth.log file, and what I'm seeing is: Feb 2 10:19:26 mail1 sshd2[15343]: connection from "xxx.xx.xxx.x" Feb 2 10:19:26 mail1 sshd2[15344]: WARNING: DNS lookup failed for "xxx.xx.xxx.\ x". Feb 2 10:19:29 mail1 sshd2[15344]: Local disconnected: Connection closed. Feb 2 10:19:29 mail1 sshd2[15344]: connection lost: 'Connection closed.' (I set "LogLevel DEBUG3" in sshd_config. I don't think the DNS error is relevant, because password based ssh is working. But I could wrong. What do you think?) Do you have any idea where I can look to find out why the key is being refused? Are there any other logfiles other than auth.log that could give a clue to what's going wrong? Thanks! Regards, DB -- david bryce davidbryce@fastmail.fm -- http://www.fastmail.fm - A fast, anti-spam email service.