Thanks for the respond Andrew, On Fri, 22 Jun 2007 13:50:17 -0700, Andrew Sackville-West wrote:
>> I'm trying to setup Debian to accept my remote ssh >> login. No problem with that, but I'm facing a >> configuration problem: >> >> It doesn't seem to be able to handle/accept the public/private key >> checking, i.e.,what sourceforge.net is doing [1], but insists on checking >> login password [2], which is not a recommended practice. >> >> This is a vanilla sshd configuration. I.e., everything from Debian default. >> What changes should I make to enable the public/private key Authentication? > > from /etc/ssh/sshd_config: > > RSAAuthentication yes > PubkeyAuthentication yes > > [....] > > # To enable empty passwords, change to yes (NOT RECOMMENDED) > PermitEmptyPasswords no > > # Change to no to disable s/key passwords > ChallengeResponseAuthentication no > > # Change to yes to enable tunnelled clear text passwords > PasswordAuthentication no I didn't have the PubkeyAuthentication, the man page says it is yes by default. But I added all the same. Here is my current config, without disabling the PasswordAuthentication yet: ------------------------------------------------- % grep -E1 '^RSAAuthentication|PubkeyAuthentication|PermitEmptyPasswords|ChallengeResponseAuthentication|^PasswordAuthentication' /etc/ssh/sshd_config # RSAAuthentication yes PubkeyAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no ------------------------------------------------- Here is how I tested: (would testing locally be ok?) ------------------------------------------------- # make changes to /etc/ssh/sshd_config, adding PubkeyAuthentication /etc/init.d/ssh restart ssh-copy-id -i ~/.ssh/id_rsa.pub [EMAIL PROTECTED] $ ssh -v localhost OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3p2 Debian-9 debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9 [...] debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/tong/.ssh/known_hosts:19 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/tong/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering public key: /home/tong/.ssh/id_dsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive Password: ------------------------------------------------- Anything else is wrong? hmm, why "Remote protocol version 1.99", instead of 2? Ah, never mind, sourceforge.net says the same thing too. BTW, it is still using v3.9p1. -- Tong (remove underscore(s) to reply) http://xpt.sf.net/techdocs/ http://xpt.sf.net/tools/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
