On Sat, Jun 23, 2007 at 02:39:44PM +0000, - Tong - wrote: > Thanks for the respond Andrew, > > On Fri, 22 Jun 2007 13:50:17 -0700, Andrew Sackville-West wrote: > > >> I'm trying to setup Debian to accept my remote ssh > >> login. No problem with that, but I'm facing a > >> configuration problem: > >> > >> It doesn't seem to be able to handle/accept the public/private key > >> checking, i.e.,what sourceforge.net is doing [1], but insists on checking > >> login password [2], which is not a recommended practice. > >> > >> This is a vanilla sshd configuration. I.e., everything from Debian default. > >> What changes should I make to enable the public/private key Authentication? > > > > from /etc/ssh/sshd_config: > > > > RSAAuthentication yes > > PubkeyAuthentication yes > > > > [....] > > > > # To enable empty passwords, change to yes (NOT RECOMMENDED) > > PermitEmptyPasswords no > > > > # Change to no to disable s/key passwords > > ChallengeResponseAuthentication no > > > > # Change to yes to enable tunnelled clear text passwords > > PasswordAuthentication no > > I didn't have the PubkeyAuthentication, the man page says it is yes by > default. But I added all the same. Here is my current config, without > disabling the PasswordAuthentication yet: > > ------------------------------------------------- > % grep -E1 > '^RSAAuthentication|PubkeyAuthentication|PermitEmptyPasswords|ChallengeResponseAuthentication|^PasswordAuthentication' > /etc/ssh/sshd_config # > RSAAuthentication yes > PubkeyAuthentication yes > > # To disable tunneled clear text passwords, change to no here! > PasswordAuthentication yes > PermitEmptyPasswords no > > # Uncomment to disable s/key passwords > #ChallengeResponseAuthentication no > ------------------------------------------------- > > Here is how I tested: > (would testing locally be ok?) I've done it successfully to other accounts on the localhost, but I don't know about your own accoutn, maybe that causes a problem? > > ------------------------------------------------- > # make changes to /etc/ssh/sshd_config, adding PubkeyAuthentication > /etc/init.d/ssh restart > > ssh-copy-id -i ~/.ssh/id_rsa.pub tong@localhost did you get some output from this command? > > $ ssh -v localhost our results are the same to here: ... > debug1: Next authentication method: publickey > debug1: Offering public key: /home/tong/.ssh/id_rsa and then mine just works: ... debug1: Next authentication method: publickey debug1: Trying private key: /home/andrew/.ssh/identity debug1: Offering public key: /home/andrew/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 > > Anything else is wrong? without seeing some output from ssh-copy-id above or some confirmation that the command acutally did something, I'd guess that was the problem... or perhaps something else in sshd_config or in a local ssh config (something in ~/.ssh/ somewhere) > hmm, why "Remote protocol version 1.99", instead of 2? Ah, never mind, > sourceforge.net says the same thing too. BTW, it is still using v3.9p1. I don't think the versions are the issue. pubkey authentication has worked for a long time... A
Attachment:
signature.asc
Description: Digital signature