Thanks Douglasm thanks everything :-) I've ( for curiosity ) reinstall purging all, and with the same config all is working.
Ok, we have 2 cases: 1) I was an idiot and i set wrong permission. 2) The installation with apt-get was didn't so well Anyway, all it's ok :-) p.s. and the PasswordAuthentication, UsePam, RsaAuthentication are OFF ! kisses everyone! Il giorno ven, 08/02/2008 alle 14.58 -0500, Douglas A. Tutty ha scritto: > On Fri, Feb 08, 2008 at 11:43:15AM +0100, Christopher Bianchi wrote: > > i wish to connect my laptop to my server with a ssh pubkey and no > > password. The procedure that i use to create the key pair and setting > > permission on the directories (.ssh/) on laptop and server, are correct. > > I've put some comments within your file. Then I've included my > sshd_config file. I use this, then follow the instructions in the > Debian-Reference under ssh without passwords. It works. > > I hope this helps. > > Doug. > --- > > > > > > I think that it's a possible error in sshd_config. > > **** sshd_config ***************************************************** > > # What ports, IPs and protocols we listen for > > Port 10022 > > Are both machies using the same port? > > > # Authentication: > > LoginGraceTime 1m > > PermitRootLogin no > > StrictModes yes > > As long as its not root that is the trouble. > > > > > # Max number of login attempts for a single connection > > MaxAuthTries 3 > > > > RSAAuthentication no > > Shouldn't this be yes? > > > PubkeyAuthentication yes > > > AllowGroups sshusers > > Is the user trying to ssh in sshusers on both boxes? > > > > X11Forwarding no > > X11DisplayOffset 10 > > PrintMotd no > > PrintLastLog yes > > KeepAlive yes > > #UseLogin no > > > > #MaxStartups 10:30:60 > > > > Banner /etc/issue.net > > > > Subsystem sftp /usr/lib/openssh/sftp-server > > > > UsePAM no > > I have UsePAM yes > > > > > MaxStartups 2 > > [snip debug: I've never needed it so I've never read one before] > ----- > > > For comparison, here's my sshd_config: > > > # Package generated configuration file > # See the sshd(8) manpage for details > > # What ports, IPs and protocols we listen for > Port 22 > # Use these options to restrict which interfaces/protocols sshd will bind to > #ListenAddress :: > #ListenAddress 0.0.0.0 > ListenAddress 192.168.1.1 > Protocol 2 > # HostKeys for protocol version 2 > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > #Privilege Separation is turned on for security > UsePrivilegeSeparation yes > > # Lifetime and size of ephemeral version 1 server key > KeyRegenerationInterval 3600 > ServerKeyBits 768 > > # Logging > SyslogFacility AUTH > LogLevel INFO > > # Authentication: > LoginGraceTime 120 > PermitRootLogin yes > StrictModes yes > > RSAAuthentication yes > PubkeyAuthentication yes > #AuthorizedKeysFile %h/.ssh/authorized_keys > > # Don't read the user's ~/.rhosts and ~/.shosts files > IgnoreRhosts yes > # For this to work you will also need host keys in /etc/ssh_known_hosts > RhostsRSAAuthentication no > # similar for protocol version 2 > HostbasedAuthentication no > # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication > #IgnoreUserKnownHosts yes > > # To enable empty passwords, change to yes (NOT RECOMMENDED) > PermitEmptyPasswords no > > # Change to yes to enable challenge-response passwords (beware issues with > # some PAM modules and threads) > ChallengeResponseAuthentication no > > # Change to no to disable tunnelled clear text passwords > #PasswordAuthentication yes > ####### added by dtutty after ~/.ssh/authorized_keys updated > PasswordAuthentication no > > # Kerberos options > #KerberosAuthentication no > #KerberosGetAFSToken no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > > # GSSAPI options > #GSSAPIAuthentication no > #GSSAPICleanupCredentials yes > > X11Forwarding yes > X11DisplayOffset 10 > PrintMotd no > PrintLastLog yes > TCPKeepAlive yes > #UseLogin no > > #MaxStartups 10:30:60 > #Banner /etc/issue.net > > # Allow client to pass locale environment variables > AcceptEnv LANG LC_* > > Subsystem sftp /usr/lib/openssh/sftp-server > > ### added by dtutty (ref lskb on ssh, man sshd_config) > AllowGroups ssh > ClientAliveInterval 15 > > UsePAM yes > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
