Date: Thu, 2 Feb 2006 01:04:19 +0100 From: "Daniel A." <ldrada@gmail.com> To: david bryce <davidbryce@fastmail.fm> Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, freebsd-questions@freebsd.org Subject: Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions)) Message-ID: <5ceb5d550602011604p45bf08dfx21e972f44736f879@mail.gmail.com> In-Reply-To: <1138836616.370.253326484@webmail.messagingengine.com> References: <1138676399.30955.253148220@webmail.messagingengine.com> <20060131094135.GA2042@flame.pc> <1138836616.370.253326484@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Try one or more of the following things: - Use puttygen to import your private key, and then export as .ppk - Load your key.ppk into pageant, and let it manage your private key(s) - Log in using your private key from the server (ie. login to the server with your password, and then from the shell ssh username@localhost). Please inform me of your results. On 2/2/06, david bryce <davidbryce@fastmail.fm> wrote: > On Tue, 31 Jan 2006 11:41:35 +0200, "Giorgos Keramidas" > <keramida@ceid.upatras.gr> said: > > > Giorgos, > > > > > > Thanks very much for replying! I wasn't aware of this environment > > > variable (even though I spent quite a while on this problem). Using > > > CVSUMASK certainly works when working on the server machine! > > > > > > We are currently using a pserver installation, with developers using > > > windows machines. We need a way to achieve the same effect with a use= r on > > > a windows machine doing an import. Do you have any idea how this can = be > > > done? Thank you! > > > > I'm not sure. I know that the setting of CVSUMASK on the server machin= e > > works if you use SSH tunneling though. If it's not too much trouble, y= ou > > can set up SSH-based authentication instead of :pserver: and make sure > > the > > .bashrc or .cshrc of the developers on the server machine sets CVSUMASK > > correctly. > > > > SSH-tunneled CVS is what the FreeBSD project uses in the official CVS > > repository, so I guess this setup works as expected :) > > Giorgos, > > Thanks again for taking the time to reply. I have tried using SSH in > the past, and got stuck setting up the public key login (that's > why we're using pserver). > > I spent a few hours yesterday trying to get SSH going again. I can > login with SSH from the windows machine using Putty, but only when > I use password authentication. In order to use cvs with ssh (using > the plink program in Putty), we must use public key authentication. > > We are getting a 'Key Refused' error when trying to use public key > authentication. I have tried doing several things including editing > the /etc/ssh/sshd_config file: > > PubkeyAuthentication yes > AuthorizedKeysFile .ssh/authorized_keys > > We also had to make these changes in order to get password based > ssh to work: > > UsePAM no > PermitRootLogin yes > > We also tried putting the public key into various files: > .ssh/authorized_keys > .ssh/authorized_keys2 > .ssh2/authorized_keys > .ssh2/authorized_keys2 > > (and made sure they are not group/world writable. The keys are > SSH2 DSA 1024 bits) > > I tried looking in the /var/log/auth.log file, and what I'm seeing > is: > > Feb 2 10:19:26 mail1 sshd2[15343]: connection from "xxx.xx.xxx.x" > Feb 2 10:19:26 mail1 sshd2[15344]: WARNING: DNS lookup failed for > "xxx.xx.xxx.\ > x". > Feb 2 10:19:29 mail1 sshd2[15344]: Local disconnected: Connection > closed. > Feb 2 10:19:29 mail1 sshd2[15344]: connection lost: 'Connection > closed.' > > (I set "LogLevel DEBUG3" in sshd_config. I don't think the DNS > error is relevant, because password based ssh is working. But > I could wrong. What do you think?) > > Do you have any idea where I can look to find out why the key is > being refused? Are there any other logfiles other than auth.log > that could give a clue to what's going wrong? Thanks! > > Regards, > > DB > -- > david bryce > davidbryce@fastmail.fm > > -- > http://www.fastmail.fm - A fast, anti-spam email service. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5ceb5d550602011604p45bf08dfx21e972f44736f879>