Date: Sat, 05 Mar 2005 14:21:27 -0500 From: "greg@grokking.org" <greg@grokking.org> To: freebsd-questions@freebsd.org Subject: Re: help configuring ssh pub keys instead of passwords Message-ID: <422A06B7.9060007@grokking.org> In-Reply-To: <20050305181134.M99248@bmyster.com> References: <20050305181134.M99248@bmyster.com>
index | next in thread | previous in thread | raw e-mail
> so far i have done > > edit /etc/sshd_config > > Port 22 > Protocol 2 > PermitRootLogin no > MaxStartups 5:50:10 > X11Forwarding no > PrintLastLog yes > SyslogFacility auth > LogLevel VERBOSE > PasswordAuthentication no > PermitEmptyPasswords no > Banner /etc/issue > AllowGroups sshusers <-- this exsists > > # create some group that you can put OpenSSH users into > Next, we'll open and edit /etc/ssh/ssh_config > > [user@server /dir]#vi /etc/ssh/ssh_config > > ForwardAgent no > ForwardX11 no > PasswordAuthentication no > CheckHostIP yes > Port 22 > Protocol 2 > > then i su to unpriv user and ran ssh-keygen -d > > then i did > cat id_dsa.pub > authorized_keys2 make sure you have a line in /etc/ssh/sshd_config that points to this, like so: AuthorizedKeysFile .ssh/authorized_keys2 If it's commented out that's okay (default) just make sure it's the same filename you've used! (Incidentally, on my 5.3 box it's set as .ssh/authorized_keys) > > then copy the id_dsa.pub to a floppy so that i could transfer the dsa key to > the machine from which id be accessing the unix box. > No, you need to put the PRIVATE key (id_dsa by default) on the client machines in the .ssh directory under each users' home dir. The PUBLIC key stays on the server in authorized_keys as you've done above. Make sure this key and the directory it's in is accessible only by the user you want. Hope that helps, Ghelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?422A06B7.9060007>