Advertisement

SSH Help!!

Started by April 30, 2006 01:23 PM
11 comments, last by pulpfist 18 years, 5 months ago
So I'm trying to set up SSH so that the server doesn't prompt for a password on my freeBSD box. I want to use it to update my secondary DNS server, also other files that I need to transfer almost daily. I did exactly as these websites told me to do. http://www.jdmz.net/ssh/#note2 http://chinese-watercolor.com/LRP/printsrv/keygen.html Of course using my own configurations... However, STILL the server asks for the password. This is my /etc/ssh/sshd_config file

#       $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20040419

#Port 22
#Protocol 2
#ListenAddress xxx.xxx.xxx.xxx
#ListenAddress ::

# HostKey for protocol version 1
# HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
# HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication (via challenge-response)
# and session processing.
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server



Gee, idk what I'm doing wrong here. but this is what I did: So I generated a public key from MYCOMPUTER, and my user name was root. I uploaded my rsync.pub into the REMOTECOMPUTER, inside /root/.ssh/authorized_keys and inside /usr/home/tradone/.ssh/authorized_keys I set permissions of the .ssh folder and rsync.pub to 777 just in case I have permission problems. then I restarted sshd by doing /etc/rc.d/sshd forcerestart 145# ssh -l tradone xxx.xxx.xxx.xxx Password: asks for password.... 145# rsync -avz -e "ssh -i /root/.ssh/rsync" somefile.cpp tradone@xxx.xxx.xxx.xxx:/usr/home/tradone/httpdocs Password: also asks for password... This is some things I did on the REMOTECOMPUTER

149# pwd
/root
149# ls -l
total 20
-rw-r--r--  2 root  wheel   801 May  8  2005 .cshrc
-rw-------  1 root  wheel  2448 Apr 29 23:12 .history
-rw-r--r--  1 root  wheel   143 May  8  2005 .k5login
-rw-r--r--  1 root  wheel   293 May  8  2005 .login
-rw-------  1 root  wheel  1834 Jul 29  2005 .lsof_www
-rw-r--r--  2 root  wheel   251 May  8  2005 .profile
-rw-------  1 root  wheel  1024 Aug  1  2005 .rnd
drwx------  2 root  wheel   512 Apr 30 13:52 .ssh
-rw-------  1 root  wheel    19 Feb 28 17:52 dead.letter
149# cd .ssh
149# ls -l
total 4
-rwxrwxrwx  1 root  wheel  1120 Apr 30 13:59 authorized_keys
-rw-r--r--  1 root  wheel   605 Aug 24  2005 known_hosts
149#
149# cd /usr/home/tradone/
149# ls -l
total 121612
-rw-r--r--  1 tradone  mysql       767 Jul 31  2005 .cshrc
-rw-r--r--  1 tradone  mysql       248 Jul 31  2005 .login
-rw-r--r--  1 tradone  mysql       158 Jul 31  2005 .login_conf
-rw-------  1 tradone  mysql       373 Jul 31  2005 .mail_aliases
-rw-r--r--  1 tradone  mysql       331 Jul 31  2005 .mailrc
-rw-r--r--  1 tradone  mysql       797 Jul 31  2005 .profile
-rw-------  1 tradone  mysql       276 Jul 31  2005 .rhosts
-rw-r--r--  1 tradone  mysql       975 Jul 31  2005 .shrc
drwxrwxrwx  2 tradone  mysql       512 Apr 30 13:20 .ssh
-rw-r--r--  1 tradone  mysql  86060826 Jan  2 17:34 Adobe Illustrator 10.zip
-rw-r--r--  1 tradone  mysql  35448023 Jan  2 16:29 aab web_presentation.ai
-rw-r--r--  1 root            mysql     67629 Apr 19 09:14 access_log
drwxrwxrwx  9 tradone  mysql      1024 Apr 30 12:03 httpdocs
drwxr-xr-x  2 tradone  mysql       512 Jul 31  2005 logs
-rw-r--r--  1 tradone  mysql      1120 Apr 30 13:58 rsync_yulswe.pub
-rw-r--r--  1 root            mysql   2775040 Aug  1  2005 squirrelmail-1.4.5.tar
149# cd .ssh
149# ls -l
total 10
-rwxrwxrwx  1 tradone  mysql  1120 Apr 30 13:19 authorized_keys
-rwxrwxrwx  1 root            mysql  1120 Apr 30 13:19 authorized_keys2
-rwxrwxrwx  1 tradone  mysql  1120 Apr 30 13:19 rsync_yulswe.pub
-rwxrwxrwx  1 tradone  mysql  1197 Apr 30 12:47 tmp
-rwxrwxrwx  1 tradone  mysql   582 Apr 30 12:37 validate-rsync
149#



WHAT IS HAPPENINGS???!!!
Here's mine, if it's any help:

#	$OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $# This is the sshd server system-wide configuration file.  See# sshd_config(5) for more information.# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin# The strategy used for options in the default sshd_config shipped with# OpenSSH is to specify options with their default value where# possible, but leave them commented.  Uncommented options change a# default value.Port 22Protocol 2ListenAddress 0.0.0.0#ListenAddress ::# HostKey for protocol version 1# HostKey /etc/ssh/ssh_host_key# HostKeys for protocol version 2HostKey /etc/ssh/ssh_host_rsa_key#HostKey /etc/ssh/ssh_host_dsa_key# Lifetime and size of ephemeral version 1 server keyKeyRegenerationInterval 1hServerKeyBits 1024# Logging#obsoletes QuietMode and FascistLoggingSyslogFacility AUTHLogLevel INFO# Authentication:LoginGraceTime 2mPermitRootLogin noStrictModes yesRSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keys# For this to work you will also need host keys in /etc/ssh/ssh_known_hostsRhostsRSAAuthentication no# similar for protocol version 2HostbasedAuthentication no# Change to yes if you don't trust ~/.ssh/known_hosts for# RhostsRSAAuthentication and HostbasedAuthenticationIgnoreUserKnownHosts yes# Don't read the user's ~/.rhosts and ~/.shosts filesIgnoreRhosts yes# To disable tunneled clear text passwords, change to no here!PasswordAuthentication noPermitEmptyPasswords no# Change to no to disable s/key passwordsChallengeResponseAuthentication no# Kerberos options#KerberosAuthentication no#KerberosOrLocalPasswd yes#KerberosTicketCleanup yes#KerberosGetAFSToken no# GSSAPI options#GSSAPIAuthentication no#GSSAPICleanupCredentials yes# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=noUsePAM yes#AllowTcpForwarding yes#GatewayPorts no#X11Forwarding no#X11DisplayOffset 10#X11UseLocalhost yes#PrintMotd yes#PrintLastLog yes#TCPKeepAlive yes#UseLogin no#UsePrivilegeSeparation yes#PermitUserEnvironment no#Compression yes#ClientAliveInterval 0#ClientAliveCountMax 3#UseDNS yes#PidFile /var/run/sshd.pid#MaxStartups 10# no default banner path#Banner /some/path# override default of no subsystemsSubsystem	sftp	/usr/lib/misc/sftp-server
Ra
Advertisement
hm.. i'm just gonna try a copy and paste on it.
hopefully it works [lol]

edit: you know what hopefully it doesn't crash my computer and never boot again! [lol][lol]
wow!!
I'm getting different error messages now :) THANKS!!
That's a good thing!!
145# ssh -l tradone xxx.xxx.xxx.xxx                                                                              WARNING: DSA key found for host xxx.xxx.xxx.xxxin /root/.ssh/known_hosts:1DSA key fingerprint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be establishedbut keys of different type are already known for this host.RSA key fingerprint is ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.Permission denied (publickey).145#

Well now I can work my way up from here.
after having lunch that is..
so I went to the knownhosts file and deleted everything in it
"known_hosts" 1 lines, 1 characters145# ssh -l tradone xxx.xxx.xxx.xxxThe authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.RSA key fingerprint is 85:fd:10:4c:0f:ed:1b:32:35:43:8e:82:7d:e1:0b:0e.Are you sure you want to continue connecting (yes/no)? yPlease type 'yes' or 'no': yesWarning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.Permission denied (publickey).145# ssh -l tradone xxx.xxx.xxx.xxxPermission denied (publickey).145#

so I think of the possiblity that the public keys are not identical and find out that I can't even transfer files anymore via scp
145# scp rsync_yulswe.pub tradone@xxx.xxx.xxx.xxx:/usr/home/tradonePermission denied (publickey).lost connection145#

and from a couple of matches on google, seems like Permission denied (publickey). can be a result from just about anything.

So I go to the REMOTEMACHINE
149# ssh localhostThe authenticity of host 'localhost.shenu.com (127.0.0.1)' can't be established.RSA key fingerprint is 85:fd:10:4c:0f:ed:1b:32:35:43:8e:82:7d:e1:0b:0e.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'localhost.xxxxxx.com' (RSA) to the list of known hosts.Permission denied (publickey).149#

was:
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

now is:
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes

was:password was prompted
now is:password is not prompted but instead a Permission denied (publickey,keyboard-interactive). or Permission denied (publickey). errors.

Any sort of input would be appreciated. Thanks :)
Advertisement
I'm not sure exactly what you're doing here, but I'll explain how I normally go about getting passwordless ssh:

$ ssh-keygen -t rsa

Follow the instructions on that, and you'll end up with ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. That's your private and public keys respectively. All you do is concatenate your public key onto ~/.ssh/authorized_keys on the server. So if you copied id_rsa.pub on your client to ~/.public_key on the server, then you'd just do something like

$ cat ~/.public_key >> ~/.ssh/authorized_keys

Then you'd just be able to do $ ssh servername and it shouldn't prompt you for a password.
Quote: Original post by baldurk
I'm not sure exactly what you're doing here, but I'll explain how I normally go about getting passwordless ssh:

$ ssh-keygen -t rsa

Follow the instructions on that, and you'll end up with ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. That's your private and public keys respectively. All you do is concatenate your public key onto ~/.ssh/authorized_keys on the server. So if you copied id_rsa.pub on your client to ~/.public_key on the server, then you'd just do something like

$ cat ~/.public_key >> ~/.ssh/authorized_keys

Then you'd just be able to do $ ssh servername and it shouldn't prompt you for a password.


I followed through exactly.
and still prompts for password.
what is the command that you use when you login using ssh?
I used
145# ssh -l tradone xxx.xxx.xxx.xxx
maybe I need to specify the private key?
ahi ya yahi
I think I'm just going to reinstall SSH, there may have been something tangled up from my initial configuration that I must have forgotten about.

If anybody can provide me any decent SSH links.. Thanks a whole bunch.
Note that modern ssh generally comes with two protocol versions, 1 and 2; and they use different keys. IIRC rsa is for version one, and would then require the Protocol line to read Protocol 1,2 to try 1 and fallback to two.

This topic is closed to new replies.

Advertisement