Date: Sat, 05 Mar 2005 14:21:27 -0500 From: "greg@grokking.org" <greg@grokking.org> To: freebsd-questions@freebsd.org Subject: Re: help configuring ssh pub keys instead of passwords Message-ID: <422A06B7.9060007@grokking.org> In-Reply-To: <20050305181134.M99248@bmyster.com> References: <20050305181134.M99248@bmyster.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> so far i have done > > edit /etc/sshd_config > > Port 22 > Protocol 2 > PermitRootLogin no > MaxStartups 5:50:10 > X11Forwarding no > PrintLastLog yes > SyslogFacility auth > LogLevel VERBOSE > PasswordAuthentication no > PermitEmptyPasswords no > Banner /etc/issue > AllowGroups sshusers <-- this exsists > > # create some group that you can put OpenSSH users into > Next, we'll open and edit /etc/ssh/ssh_config > > [user@server /dir]#vi /etc/ssh/ssh_config > > ForwardAgent no > ForwardX11 no > PasswordAuthentication no > CheckHostIP yes > Port 22 > Protocol 2 > > then i su to unpriv user and ran ssh-keygen -d > > then i did > cat id_dsa.pub > authorized_keys2 make sure you have a line in /etc/ssh/sshd_config that points to this, like so: AuthorizedKeysFile .ssh/authorized_keys2 If it's commented out that's okay (default) just make sure it's the same filename you've used! (Incidentally, on my 5.3 box it's set as .ssh/authorized_keys) > > then copy the id_dsa.pub to a floppy so that i could transfer the dsa key to > the machine from which id be accessing the unix box. > No, you need to put the PRIVATE key (id_dsa by default) on the client machines in the .ssh directory under each users' home dir. The PUBLIC key stays on the server in authorized_keys as you've done above. Make sure this key and the directory it's in is accessible only by the user you want. Hope that helps, G
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?422A06B7.9060007>