Date: Mon, 5 Nov 2001 09:51:30 -0800 From: "Noonan, Mr. Sean P." <noonans@nosc.mil> To: 'Anthony Atkielski' <anthony@atkielski.com> Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: RE: SecureCRT and SSH2 on FreeBSD Message-ID: <9D20F9E38A32D411AA3C00508B94CCD5066BEF72@REGULUS>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C16622.800188F0 Content-Type: text/plain; charset="iso-8859-1" I use CRT v3.3 with SSH2 against 4.3-STABLE without problems. Here's my /etc/sshd/sshd_config and the method I use to convert the v2 key for use with ssh2. Any problems email me at my personal address, snoonan@snoonan.com. P.S. - I don't allow root to login directly, but that's not the crux of your problem...so it shouldn't matter... Good luck, Sean. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Anthony Atkielski Sent: Monday, November 05, 2001 9:14 AM To: freebsd-security@FreeBSD.ORG Subject: SecureCRT and SSH2 on FreeBSD Can anyone assist me with the exact configuration for getting SecureCRT (on Windows) to work with SSH2 against a FreeBSD server? I got SSH1 to work okay, and--mysteriously--SSH2 seems to work against my Web server (4.2 release) on the Net, but I can't connect to my own FreeBSD 4.3 server at home; all I get is a message saying Public-key authentication with the SSH2 server for user root failed. Please verify username and public/private key pair. Do I have to run anything to make SSH2 work, or is sshd sufficient? I have telnetd disabled. I have PermitRootLogin set to without-password. root can log in under SSH1, but nobody can log in under SSH2. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message ------_=_NextPart_000_01C16622.800188F0 Content-Type: text/plain; name="key_conversion.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="key_conversion.txt" How can I configure OpenSSH SSH2 server to recognize my SecureCRT = Indentity.pub file? Answer:=20 In order to use your public key you must transfer the xxxxxxxx.pub file = created by the Key Generation wizard to the ~/.ssh directory on the = SSH2 server. It is recommended that you follow the procedure below for = using copy and paste to create a copy of the Identity.pub file in the = ~/.ssh directory on the remote machine. If you decide instead to = transfer the Identity.pub file to the ~/.ssh directory using an FTP = client, be sure to transfer the file in ASCII mode. Also be sure to = complete step 4-d below. To use copy and paste to configure the SSH2 server to recognize your = Identity.pub file: 1. Log on to the remote SSH2 server using SSH2 and password = authentication.=20 2. On the local machine, use Notepad.exe to open the Identity.pub file = that was created with the Key Generation wizard.=20 3. With the Identity.pub file opened in the Notepad application, open = the Edit menu and choose Select All. Once everything is selected, open = the Edit menu again and select Copy.=20 4. On the remote machine, complete the following steps:=20 a. Issue the following command: % cat > ~/.ssh/identity.pub=20 b. Click on the SecureCRT paste button to paste the contents of the = Clipboard (which should now contain the contents of your Identity.pub = file).=20 c. Issue a CTRL+D to close the Identity.pub file.=20 d. Convert the key to one that OpenSSH will recognize using the = following command: % ssh-keygen -X -f ~/.ssh/identity.pub >> authorized_keys2=20 ------_=_NextPart_000_01C16622.800188F0 Content-Type: text/plain; name="sshd_config.txt" Content-Disposition: attachment; filename="sshd_config.txt" # This is ssh server systemwide configuration file. # # $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.5 2001/01/18 22:36:53 green Exp $ Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key HostDsaKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 120 KeyRegenerationInterval 3600 PermitRootLogin no # ConnectionsPerPeriod has been deprecated completely # After 10 unauthenticated connections, refuse 30% of the new ones, and # refuse any more than 60 total. MaxStartups 10:30:60 # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no #KbdInteractiveAuthentication yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail yes #UseLogin no # Uncomment if you want to enable sftp #Subsystem sftp /usr/libexec/sftp-server ------_=_NextPart_000_01C16622.800188F0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9D20F9E38A32D411AA3C00508B94CCD5066BEF72>