sshd_config et /etc/ssh/shost.equiv et a l'aide!!!

To: debian-user-french@lists.debian.org
Subject: sshd_config et /etc/ssh/shost.equiv et a l'aide!!!
From: Fabrice Yerly <fabrice.yerly@epfl.ch>
Date: Thu, 21 Nov 2002 09:03:20 +0100
Message-id: <[🔎] 20021121090201.196221F4B3@murphy.debian.org>

Bonjour a tous,

Je m'occupe d'un cluster de 10 PC's que j'ai initialement installe sous 
Potato.

Je le transfere "petit-a-petit" sous Woody. En particulier j'ai mis a jour 
ssh et sshd a la version actuelle woody, soit ssh 3.4p1-1.

La communication entre les noeux du cluster se fait uniquement en utilisant 
ssh, donc il faut qu'elle se fasse sans demande du mot de passe.

Ainsi, vu que les clefs ont change durant l'upgrade:

je me connecte "manuellement" sur chaque PC, ce qui me met a jour mon fichier 
~/.ssh/known_hosts que je copie ensuite dans:
/etc/ssh_known_hosts

le fichier /etc/ssh/shosts.equiv reste identique (les noms des noeux n'ont 
pas change)

Modifie le fichier /etc/ssh/sshd_config pour accepter les RSAauthentification 
et RhostRSAautentification.

(le fichier sshd_config figure ci-dessous)

Apres redemarrage du demon ssh, j'essaye une connexion (en principe sans 
passwd) ... rien n'y fait. Ai tente pas mal de combinaisons, sans succes. 
Est-ce que qqun a une idee?

Merci d'avance! 

Fabrice

PS: certains administrateurs de clusters proposent de copier les clefs pour 
qu'elles soient identiques sur tous les noeux d'un cluster. Est-ce que cela 
pose des problemes de securite?

----sshd_config----------------------------------------
# Package generated configuration file
# See the sshd(8) manpage for defails

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# ...but breaks Pam auth via kbdint, so we have to turn it off
# Use PAM authentication via keyboard-interactive so PAM modules can
# properly interface with the user (off due to PrivSep)
PAMAuthenticationViaKbdInt no
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no 
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts no 
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication yes 
# similar for protocol version 2
HostbasedAuthentication yes 
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Uncomment to disable s/key passwords 
#ChallengeResponseAuthentication no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes 
X11DisplayOffset 10
PrintMotd no
#PrintLastLog no
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem       sftp    /usr/lib/sftp-server
-----------------------------------------------------------------

Reply to:

Prev by Date: Re: debian 3.0 ?
Next by Date: Gel système sous X
Previous by thread: Re: X error
Next by thread: Gel système sous X
Index(es):
- Date
- Thread