Eric, see below.
Eric Sisler wrote:
<and Gustav snipped a lot>
> If you're using strictly ssh2, I *think* you'll need to use DSA
> authentication rather than RSA authentication, although the procedure is
> pretty much the same:
Correct.
> 1) On the client, run ssh-keygen (use the -d switch to generate a DSA
> key). This creates the following files in ~/.ssh
> identity (ssh1 private key)
> identity.pub (ssh1 public key)
> id_dsa (ssh2 private key)
> id_dsa.pub (ssh2 public key)
Did that on my 'client' PC. Used the -d switch. Had the files
~/.ssh/id_dsa and ~/.ssh/id_dsa.pub created for me. Looked into them.
Seemed all right.
> 2) The identity.pub and/or id_dsa.pub files need to be appended to the
> server's (the server you want to ssh *to* that is) ~/.ssh/authorized_keys
> and ~/.ssh/authorized_keys2 respectively. Create these files if necessary
> and *make sure* the permissions are 0600. ssh is pretty picky about
> ownership/permissions for files in ~/.ssh, but it never hurts to make sure.
Since I didn't have any ~/.ssh/authorized_keys2 file at all on the
'server' PC, I just copied the ~/.ssh/id_dsa.pub from the 'client' to
~/.ssh/authorized_keys2 on the 'server' and made sure the permissions on
~/.ssh/authorized_keys2 was 0600.
At this point I did *not* restart the sshd on the 'server'. (I don't
think that such user activity should require root to restart the ssh
daemon, right?)
Tried to ssh from the 'client' to the 'server'. Was asked for the
passphrase. Gave it. Was *also* asked for the login password on the
'server'. Gave it and was logged in.
Logged out again.
Tried to ssh from the 'client' to the 'server' a second time. Was asked
for the passphrase. Gave an *invalid* passphrase. Was again asked for
the login password on the 'server'. Gave it and was logged in.
I.e. the DSA key was *not* used but my ordinary login password was used
for authentification.
How come???
> You also asked about accepting RSA/DSA authentication only.
>
> I think setting "PasswordAuthentication" to no in /etc/ssh/sshd_config will
> prevent regular password authentication.
With the above setup, I set PasswordAuthentication to no in the 'server'
PC and restarted sshd.
Tried to ssh from the 'client' to the 'server'. Was asked for the
passphrase. Gave it. Was *also* asked for the login password on the
'server'. Gave it but login was refused.
I.e. the DSA key was *not* used but my ordinary login password was used
for authentification.
How come? What am I missing?
Regards
Gustav
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
