Date: Mon, 5 Nov 2001 09:51:30 -0800 From: "Noonan, Mr. Sean P." <noonans@nosc.mil> To: 'Anthony Atkielski' <anthony@atkielski.com> Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: RE: SecureCRT and SSH2 on FreeBSD Message-ID: <9D20F9E38A32D411AA3C00508B94CCD5066BEF72@REGULUS>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I use CRT v3.3 with SSH2 against 4.3-STABLE without problems. Here's my /etc/sshd/sshd_config and the method I use to convert the v2 key for use with ssh2. Any problems email me at my personal address, snoonan@snoonan.com. P.S. - I don't allow root to login directly, but that's not the crux of your problem...so it shouldn't matter... Good luck, Sean. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Anthony Atkielski Sent: Monday, November 05, 2001 9:14 AM To: freebsd-security@FreeBSD.ORG Subject: SecureCRT and SSH2 on FreeBSD Can anyone assist me with the exact configuration for getting SecureCRT (on Windows) to work with SSH2 against a FreeBSD server? I got SSH1 to work okay, and--mysteriously--SSH2 seems to work against my Web server (4.2 release) on the Net, but I can't connect to my own FreeBSD 4.3 server at home; all I get is a message saying Public-key authentication with the SSH2 server for user root failed. Please verify username and public/private key pair. Do I have to run anything to make SSH2 work, or is sshd sufficient? I have telnetd disabled. I have PermitRootLogin set to without-password. root can log in under SSH1, but nobody can log in under SSH2. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message [-- Attachment #2 --] How can I configure OpenSSH SSH2 server to recognize my SecureCRT Indentity.pub file? Answer: In order to use your public key you must transfer the xxxxxxxx.pub file created by the Key Generation wizard to the ~/.ssh directory on the SSH2 server. It is recommended that you follow the procedure below for using copy and paste to create a copy of the Identity.pub file in the ~/.ssh directory on the remote machine. If you decide instead to transfer the Identity.pub file to the ~/.ssh directory using an FTP client, be sure to transfer the file in ASCII mode. Also be sure to complete step 4-d below. To use copy and paste to configure the SSH2 server to recognize your Identity.pub file: 1. Log on to the remote SSH2 server using SSH2 and password authentication. 2. On the local machine, use Notepad.exe to open the Identity.pub file that was created with the Key Generation wizard. 3. With the Identity.pub file opened in the Notepad application, open the Edit menu and choose Select All. Once everything is selected, open the Edit menu again and select Copy. 4. On the remote machine, complete the following steps: a. Issue the following command: % cat > ~/.ssh/identity.pub b. Click on the SecureCRT paste button to paste the contents of the Clipboard (which should now contain the contents of your Identity.pub file). c. Issue a CTRL+D to close the Identity.pub file. d. Convert the key to one that OpenSSH will recognize using the following command: % ssh-keygen -X -f ~/.ssh/identity.pub >> authorized_keys2 [-- Attachment #3 --] # This is ssh server systemwide configuration file. # # $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.5 2001/01/18 22:36:53 green Exp $ Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key HostDsaKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 120 KeyRegenerationInterval 3600 PermitRootLogin no # ConnectionsPerPeriod has been deprecated completely # After 10 unauthenticated connections, refuse 30% of the new ones, and # refuse any more than 60 total. MaxStartups 10:30:60 # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no #KbdInteractiveAuthentication yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail yes #UseLogin no # Uncomment if you want to enable sftp #Subsystem sftp /usr/libexec/sftp-server
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9D20F9E38A32D411AA3C00508B94CCD5066BEF72>