On Fri, Feb 08, 2008 at 11:43:15AM +0100, Christopher Bianchi wrote: > i wish to connect my laptop to my server with a ssh pubkey and no > password. The procedure that i use to create the key pair and setting > permission on the directories (.ssh/) on laptop and server, are correct.
I've put some comments within your file. Then I've included my sshd_config file. I use this, then follow the instructions in the Debian-Reference under ssh without passwords. It works. I hope this helps. Doug. --- > > I think that it's a possible error in sshd_config. > **** sshd_config ***************************************************** > # What ports, IPs and protocols we listen for > Port 10022 Are both machies using the same port? > # Authentication: > LoginGraceTime 1m > PermitRootLogin no > StrictModes yes As long as its not root that is the trouble. > > # Max number of login attempts for a single connection > MaxAuthTries 3 > > RSAAuthentication no Shouldn't this be yes? > PubkeyAuthentication yes > AllowGroups sshusers Is the user trying to ssh in sshusers on both boxes? > X11Forwarding no > X11DisplayOffset 10 > PrintMotd no > PrintLastLog yes > KeepAlive yes > #UseLogin no > > #MaxStartups 10:30:60 > > Banner /etc/issue.net > > Subsystem sftp /usr/lib/openssh/sftp-server > > UsePAM no I have UsePAM yes > > MaxStartups 2 [snip debug: I've never needed it so I've never read one before] ----- For comparison, here's my sshd_config: # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 ListenAddress 192.168.1.1 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes ####### added by dtutty after ~/.ssh/authorized_keys updated PasswordAuthentication no # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server ### added by dtutty (ref lskb on ssh, man sshd_config) AllowGroups ssh ClientAliveInterval 15 UsePAM yes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
