Re: Cannot authenticate with DSA-pubkey in Etch

To: debian list <debian-user@lists.debian.org>
Subject: Re: Cannot authenticate with DSA-pubkey in Etch
From: Christopher Bianchi <ienabellamy@gmail.com>
Date: Sat, 09 Feb 2008 00:00:56 +0100
Message-id: <[🔎] 1202511657.2923.7.camel@sharpy.localdomain>
In-reply-to: <[🔎] 20080208195829.GA6480@titan.hooton>
References: <[🔎] 1202467396.3201.18.camel@sharpy.localdomain> <[🔎] 20080208195829.GA6480@titan.hooton>

Thanks Douglasm thanks everything :-)

I've ( for curiosity ) reinstall purging all, and with the same config
all is working.

Ok, we have 2 cases:

1) I was an idiot and i set wrong permission.
2) The installation with apt-get was didn't so well

Anyway, all it's ok :-)

p.s. and the PasswordAuthentication, UsePam, RsaAuthentication are OFF !

kisses everyone!

Il giorno ven, 08/02/2008 alle 14.58 -0500, Douglas A. Tutty ha scritto:
> On Fri, Feb 08, 2008 at 11:43:15AM +0100, Christopher Bianchi wrote:
> > i wish to connect my laptop to my server with a ssh pubkey and no
> > password. The procedure that i use to create the key pair and setting
> > permission on the directories (.ssh/) on laptop and server, are correct.
> 
> I've put some comments within your file.  Then I've included my
> sshd_config file.  I use this, then follow the instructions in the
> Debian-Reference under ssh without passwords.  It works.
> 
> I hope this helps.
> 
> Doug.
> ---
> 
> 
> > 
> > I think that it's a possible error in sshd_config. 
> > **** sshd_config *****************************************************
> > # What ports, IPs and protocols we listen for
> > Port 10022
> 
> Are both machies using the same port?
>  
> > # Authentication:
> > LoginGraceTime 1m
> > PermitRootLogin no
> > StrictModes yes
> 
> As long as its not root that is the trouble.
> 
> > 
> > # Max number of login attempts for a single connection
> > MaxAuthTries 3
> > 
> > RSAAuthentication no
> 
> Shouldn't this be yes?
> 
> > PubkeyAuthentication yes
>  
> > AllowGroups sshusers
> 
> Is the user trying to ssh in sshusers on both boxes?
> 
>  
> > X11Forwarding no
> > X11DisplayOffset 10
> > PrintMotd no
> > PrintLastLog yes
> > KeepAlive yes
> > #UseLogin no
> > 
> > #MaxStartups 10:30:60
> > 
> > Banner /etc/issue.net
> > 
> > Subsystem sftp /usr/lib/openssh/sftp-server
> > 
> > UsePAM no
> 
> I have UsePAM yes
> 
> > 
> > MaxStartups 2
> 
> [snip debug:  I've never needed it so I've never read one before]
> -----
> 
> 
> For comparison, here's my sshd_config:
> 
> 
> # Package generated configuration file
> # See the sshd(8) manpage for details
> 
> # What ports, IPs and protocols we listen for
> Port 22
> # Use these options to restrict which interfaces/protocols sshd will bind to
> #ListenAddress ::
> #ListenAddress 0.0.0.0
> ListenAddress 192.168.1.1
> Protocol 2
> # HostKeys for protocol version 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> #Privilege Separation is turned on for security
> UsePrivilegeSeparation yes
> 
> # Lifetime and size of ephemeral version 1 server key
> KeyRegenerationInterval 3600
> ServerKeyBits 768
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> 
> # Authentication:
> LoginGraceTime 120
> PermitRootLogin yes
> StrictModes yes
> 
> RSAAuthentication yes
> PubkeyAuthentication yes
> #AuthorizedKeysFile	%h/.ssh/authorized_keys
> 
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> 
> # To enable empty passwords, change to yes (NOT RECOMMENDED)
> PermitEmptyPasswords no
> 
> # Change to yes to enable challenge-response passwords (beware issues with
> # some PAM modules and threads)
> ChallengeResponseAuthentication no
> 
> # Change to no to disable tunnelled clear text passwords
> #PasswordAuthentication yes
> ####### added by dtutty after ~/.ssh/authorized_keys updated
> PasswordAuthentication no
> 
> # Kerberos options
> #KerberosAuthentication no
> #KerberosGetAFSToken no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
> 
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCredentials yes
> 
> X11Forwarding yes
> X11DisplayOffset 10
> PrintMotd no
> PrintLastLog yes
> TCPKeepAlive yes
> #UseLogin no
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> 
> # Allow client to pass locale environment variables
> AcceptEnv LANG LC_*
> 
> Subsystem sftp /usr/lib/openssh/sftp-server
> 
> ### added by dtutty (ref lskb on ssh, man sshd_config)
> AllowGroups ssh
> ClientAliveInterval 15
> 
> UsePAM yes
> 
>

Reply to:

References:
- Cannot authenticate with DSA-pubkey in Etch
  - From: Christopher Bianchi <ienabellamy@gmail.com>
- Re: Cannot authenticate with DSA-pubkey in Etch
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: wrapper script issue
Next by Date: Re: wrapper script issue
Previous by thread: Re: Cannot authenticate with DSA-pubkey in Etch
Next by thread: Re: alpine question
Index(es):
- Date
- Thread