Re: Cannot authenticate with DSA-pubkey in Etch
On Fri, Feb 08, 2008 at 11:43:15AM +0100, Christopher Bianchi wrote:
> i wish to connect my laptop to my server with a ssh pubkey and no
> password. The procedure that i use to create the key pair and setting
> permission on the directories (.ssh/) on laptop and server, are correct.
I've put some comments within your file. Then I've included my
sshd_config file. I use this, then follow the instructions in the
Debian-Reference under ssh without passwords. It works.
I hope this helps.
Doug.
---
>
> I think that it's a possible error in sshd_config.
> **** sshd_config *****************************************************
> # What ports, IPs and protocols we listen for
> Port 10022
Are both machies using the same port?
> # Authentication:
> LoginGraceTime 1m
> PermitRootLogin no
> StrictModes yes
As long as its not root that is the trouble.
>
> # Max number of login attempts for a single connection
> MaxAuthTries 3
>
> RSAAuthentication no
Shouldn't this be yes?
> PubkeyAuthentication yes
> AllowGroups sshusers
Is the user trying to ssh in sshusers on both boxes?
> X11Forwarding no
> X11DisplayOffset 10
> PrintMotd no
> PrintLastLog yes
> KeepAlive yes
> #UseLogin no
>
> #MaxStartups 10:30:60
>
> Banner /etc/issue.net
>
> Subsystem sftp /usr/lib/openssh/sftp-server
>
> UsePAM no
I have UsePAM yes
>
> MaxStartups 2
[snip debug: I've never needed it so I've never read one before]
-----
For comparison, here's my sshd_config:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
ListenAddress 192.168.1.1
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
####### added by dtutty after ~/.ssh/authorized_keys updated
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
### added by dtutty (ref lskb on ssh, man sshd_config)
AllowGroups ssh
ClientAliveInterval 15
UsePAM yes
Reply to: