Hello,
I'm trying to setup ssh on a machine behind my firewall so it
will allow me to login from another machine behind the firewall
without entering a password.
Here's what I've done so far (amongst other things that didnt' work ;)
1. Ran "ssh-keygen -t rsa" on the client machine (also tried " -t RSA1").
I used an empty passphrase.
2. Copied /home/lanuser/.ssh/id_rsa.pub to the remote machine as
/home/lanuser/.ssh/authorized-keys (also tried with identity.pub for RSA1)
3. From the cient machine I ran "ssh -v -v remotehost"
4. Below is what I got, along with a prompt for a password :(
/*** Further below this is the remote computer's sshd_config
It has RH7.2 installed with openssh-3.1p1-2 ***/
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remotehost' is known and matches the RSA host key.
debug1: Found key in /home/lanuser/.ssh/known_hosts:1
debug1: bits set: 505/1024
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/lanuser/.ssh/identity
debug1: try pubkey: /home/lanuser/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: try privkey: /home/lanuser/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: next auth method to try is keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: next auth method to try is password
lanuser@remotehost's password:
--> Here is the sshd_config file from the remotehost <--
# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 600
PermitRootLogin no
#StrictModes yes
#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication yes
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts no
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication yes
# similar for protocol version 2
#HostbasedAuthentication yes
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#MaxStartups 10
# no default banner path
Banner /etc/issue.ssh
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
<----------------------------->
If anyone could lend me some advice or lead me in the right direction I
would greatly appreciate it.
Thanks much,
Patrick Kirchner.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
