From owner-freebsd-questions@FreeBSD.ORG Thu Jan 18 17:50:59 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B80FA16A412 for ; Thu, 18 Jan 2007 17:50:59 +0000 (UTC) (envelope-from baka.rob@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.freebsd.org (Postfix) with ESMTP id 224BA13C442 for ; Thu, 18 Jan 2007 17:50:58 +0000 (UTC) (envelope-from baka.rob@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so217890uge for ; Thu, 18 Jan 2007 09:50:58 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=FgTm50LbKhJ6ozEFVWFpgV6kNLOQXoNd8YWQAG/K5yansWlmXwZsV4aAhmHcm0Vp2anK9BaiBMjqSKUBty0x0uUknpuqSdq6bpAzEloLouIReLux1MUNFaGF7AklkhD3uXIKB7hmL2BeXy7dxB+F8iieVtAMnzVzqlokSzUVD24= Received: by 10.82.136.4 with SMTP id j4mr303405bud.1169142657612; Thu, 18 Jan 2007 09:50:57 -0800 (PST) Received: by 10.82.120.9 with HTTP; Thu, 18 Jan 2007 09:50:52 -0800 (PST) Message-ID: Date: Thu, 18 Jan 2007 11:50:52 -0600 From: "Parker Anderson" To: "Christian Baer" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: freebsd-questions@freebsd.org Subject: Re: ssh public key authentification X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2007 17:50:59 -0000 Hello Christian, On 1/18/07, Christian Baer wrote: > Hi peeps! > > This may not seem to be a real FreeBSD-issue, but I've gotten this to > run on several other machines, just not my Sun running FreeBSD. To > clarify this: I haven't really tried this on any other FreeBSD system > recently though. I'm probably just to thick to get it right, so go ahead > and insult me, if you see the flaw in my scheme. :-) > > The main idea behind my evil plan is to be able to log into my other > computers on the net (LAN) using PuTTY on a Windows-XP box without > having to type my password all the time. Don't worry about the security > aspect if my key could be stolen, I have taken other measures to avoid > that. > > The whole thing should be pretty trivial: I created a key using PuTTY, > copied the public key to ~/.ssh/authorized_keys (everthing in one line), > chose the private key in PuTTY and tried to log in. All I got in > response was: "Server refused out key." Have you verified the permissions of the authorized_keys file on the server? If you have permissions set too loose (e.g. unneeded read/write permission to groups/other users), sshd may be refusing to trust that file. > I went through all the default settings of the sshd (and yes, I did give > it a HUP, when I changed the key) and everything checked out as far as I > could tell. I had the feeling that PuTTY and the key created by it were > the cause, so I created a key with ssh-keygen(1). Same result. > > What did I miss? If the file permissions seem to be OK, you may want to check for sshd entries in /var/log to see if there is a more verbose error available. You may wish to give this a read (it mostly just covers those points): http://www.freebsddiary.org/ssh-authorized-keys.php Sincerely, -Parker