[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Configuring ssh

I'm not sure whether it'd help, but that's what you should do after a
clean install:

Disable Rhost and password authentication, only enable RSA
authentication.

Append your public key of your client into
/home/username/.ssh/authorized_keys.

Login with a ssh client with RSA support, like mindterm.

Hope this help.

Alan.

> Hi all,
> 
> I am having some trouble configuring an ssh server on my machine.
> 
> Here is the problem. 
> My machine sits behind a firewall and ssh is the sole service exposed.
> I setup ssh and it appears to work normally, except that it keeps asking me 
> for my "normal" password. The pass-phrase is never requested.
> 
> I turned debugging on with the ssh client (running on the same machine) and 
> here is what I got:
> 
> thorgal /etc/pam.d [60] -> ssh -v thorgal
> SSH Version OpenSSH-1.2.3, protocol version 1.5.
> Compiled with SSL.
> debug: Reading configuration data /etc/ssh/ssh_config
> debug: Applying options for *
> debug: ssh_connect: getuid 500 geteuid 0 anon 0
> debug: Connecting to thorgal [127.0.0.1] port 22.
> debug: Allocated local port 834.
> debug: Connection established.
> debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3
> debug: Waiting for server public key.
> debug: Received server public key (768 bits) and host key (1024 bits).
> debug: Forcing accepting of host key for loopback/localhost.
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> debug: Trying RSA authentication via agent with 'ldm@thorgal'
> debug: Server refused our key.
> debug: RSA authentication using agent refused.
> debug: Trying RSA authentication with key 'ldm@thorgal'
> debug: Server refused our key.
> debug: Doing password authentication.
> ....
> 
> 
> So the server refused the RSA-based authenticatioNov  5 21:06:06 thorgal 
> sshd[22859]: debug: sshd version OpenSSH-1.2.3
> Nov  5 21:06:07 thorgal sshd[22859]: debug: Bind to port 22 on 0.0.0.0.
> Nov  5 21:06:07 thorgal sshd[22859]: Server listening on 0.0.0.0 port 22.
> Nov  5 21:06:07 thorgal sshd[22859]: Generating 768 bit RSA key.
> Nov  5 21:06:08 thorgal sshd[22859]: RSA key generation complete.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Server will not fork when running 
> in debugging mode.
> Nov  5 21:06:13 thorgal sshd[22859]: Connection from 127.0.0.1 port 834
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Client protocol version 1.5; 
> client software version OpenSSH-1.2.3
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Sent 768 bit public key and 1024 
> bit host key.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Encryption type: 3des
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Received session key; encryption 
> turned on.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Installing crc compensation 
> attack detector.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: checking for shadow entry
> Nov  5 21:06:13 thorgal sshd[22859]: debug: shadow entry found, verifying
> Nov  5 21:06:13 thorgal sshd[22859]: debug: completed shadow checks
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Starting up PAM with username 
> "ldm"
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Attempting authentication for ldm.
> Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
> 834
> Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
> 834
> 
> n. So I ran sshd with -d
> and Here is what I got:
> 
> Nov  5 21:06:06 thorgal sshd[22859]: debug: sshd version OpenSSH-1.2.3
> Nov  5 21:06:07 thorgal sshd[22859]: debug: Bind to port 22 on 0.0.0.0.
> Nov  5 21:06:07 thorgal sshd[22859]: Server listening on 0.0.0.0 port 22.
> Nov  5 21:06:07 thorgal sshd[22859]: Generating 768 bit RSA key.
> Nov  5 21:06:08 thorgal sshd[22859]: RSA key generation complete.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Server will not fork when running 
> in debugging mode.
> Nov  5 21:06:13 thorgal sshd[22859]: Connection from 127.0.0.1 port 834
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Client protocol version 1.5; 
> client software version OpenSSH-1.2.3
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Sent 768 bit public key and 1024 
> bit host key.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Encryption type: 3des
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Received session key; encryption 
> turned on.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Installing crc compensation 
> attack detector.
> Nov  5 21:06:13 thorgal sshd[22859]: debug: checking for shadow entry
> Nov  5 21:06:13 thorgal sshd[22859]: debug: shadow entry found, verifying
> Nov  5 21:06:13 thorgal sshd[22859]: debug: completed shadow checks
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Starting up PAM with username 
> "ldm"
> Nov  5 21:06:13 thorgal sshd[22859]: debug: Attempting authentication for ldm.
> Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
> 834
> Nov  5 21:06:13 thorgal sshd[22859]: Failed rsa for ldm from 127.0.0.1 port 
> 834
> 
> 
> The last two lines are intriguing. I even attempted to wipe out my .ssh and 
> regenerate keys but it didn't help.
> 
> Any ideas ?
> 
> Thanks for any help/pointer.
> 
> 
> -- 
>   Laurent
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>
Reply to: