From owner-freebsd-questions@FreeBSD.ORG Thu Feb 2 07:54:23 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42AAC16A422 for ; Thu, 2 Feb 2006 07:54:23 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66E7243D49 for ; Thu, 2 Feb 2006 07:54:18 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.4/8.13.4) with ESMTP id k127s5aD097563; Thu, 2 Feb 2006 07:54:05 GMT (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <43E1BA97.1040500@infracaninophile.co.uk> Date: Thu, 02 Feb 2006 07:53:59 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5 (X11/20060113) MIME-Version: 1.0 To: david bryce References: <1138676399.30955.253148220@webmail.messagingengine.com> <20060131094135.GA2042@flame.pc> <1138836616.370.253326484@webmail.messagingengine.com> <20060201234837.GA57878@flame.pc> <1138840074.5777.253333547@webmail.messagingengine.com> <20060202003829.GA44801@flame.pc> <1138850846.21966.253343832@webmail.messagingengine.com> In-Reply-To: <1138850846.21966.253343832@webmail.messagingengine.com> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enig442D62F3B029AE4FDCE5BA6B" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (smtp.infracaninophile.co.uk [IPv6:::1]); Thu, 02 Feb 2006 07:54:06 +0000 (GMT) X-Virus-Scanned: ClamAV 0.88/1266/Wed Feb 1 22:21:42 2006 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissions)) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2006 07:54:23 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig442D62F3B029AE4FDCE5BA6B Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable david bryce wrote: > On Thu, 2 Feb 2006 02:38:29 +0200, "Giorgos Keramidas" > said: >> On 2006-02-02 11:27, david bryce wrote: >>> On Thu, 2 Feb 2006 01:48:37 +0200, "Giorgos Keramidas" >>>>> I have tried using SSH in the past, and got stuck setting up the >>>>> public key login (that's why we're using pserver). >>>>> >>>>> I spent a few hours yesterday trying to get SSH going again. I can >>>>> login with SSH from the windows machine using Putty, but only when >>>>> I use password authentication. In order to use cvs with ssh (using >>>>> the plink program in Putty), we must use public key authentication.= >>>> Unfortunately, I can't help with the Windows side. I'm only using U= NIX >>>> machines as clients, so Putty is something new to me :-( >>>> >>>> Perhaps someone else on freebsd-questions can help with Putty? >>> What about on the freebsd server side? Are there any logfiles I can >>> look at on the server? Thanks! >> /var/log/auth.log and /var/log/messages are the ones I'd look at. But= I >> didn't notice anything interesting in the auth.log snippet you posted.= >> >=20 > Thanks, Giorgos! /var/log/messages didn't have anything in it either. > You'd think there'd be a way to force sshd to write to the log why > it rejected a private key. Thank you! You do know that putty generates keys using the preferred SSH2-compatible= format of SSH Corp (http://www.ssh.com/) whereas the FreeBSD box you're trying to log into uses the slightly different format from the OpenSSH project (http://www.openssh.org/)? If you generate your keys within putty, then copy the public key onto your FreeBSD box you can convert the format like so: # ssh-keygen -i -f putty.pubkey > openssh.pubkey If you examine the two files, you'll see that the differences are that the OpenSSH one doesn't have the 'BEGIN' and 'END' lines, and all of the data is on one single long line. There's also a '-e' option for exporting OpenSSH keys to the SSH2-compati= ble format. Oh, and to get more logging info out of sshd, run it with 3 '-d' flags on= a separate port number: sshd -d -d -d -p 2222 That will cause ssh not to daemonize, so it will quit when you end your s= sh session. You don't want to run sshd with max debug turned on all the tim= e, as it will potentially leak sensitive information. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig442D62F3B029AE4FDCE5BA6B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4bqd8Mjk52CukIwRA8nVAJ9F8FADgttgd3HV7IarzcMxsagCUQCggwO3 7HXefcQA3UXyUl+2W44+D1M= =DJyE -----END PGP SIGNATURE----- --------------enig442D62F3B029AE4FDCE5BA6B--