# SSH Help!!

This topic is 4301 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

So I'm trying to set up SSH so that the server doesn't prompt for a password on my freeBSD box. I want to use it to update my secondary DNS server, also other files that I need to transfer almost daily. I did exactly as these websites told me to do. http://www.jdmz.net/ssh/#note2 http://chinese-watercolor.com/LRP/printsrv/keygen.html Of course using my own configurations... However, STILL the server asks for the password. This is my /etc/ssh/sshd_config file
#       $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp$
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. #VersionAddendum FreeBSD-20040419 #Port 22 #Protocol 2 #ListenAddress xxx.xxx.xxx.xxx #ListenAddress :: # HostKey for protocol version 1 # HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 # HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin no #StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. #PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication (via challenge-response) # and session processing. #UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server Gee, idk what I'm doing wrong here. but this is what I did: So I generated a public key from MYCOMPUTER, and my user name was root. I uploaded my rsync.pub into the REMOTECOMPUTER, inside /root/.ssh/authorized_keys and inside /usr/home/tradone/.ssh/authorized_keys I set permissions of the .ssh folder and rsync.pub to 777 just in case I have permission problems. then I restarted sshd by doing /etc/rc.d/sshd forcerestart 145# ssh -l tradone xxx.xxx.xxx.xxx Password: asks for password.... 145# rsync -avz -e "ssh -i /root/.ssh/rsync" somefile.cpp tradone@xxx.xxx.xxx.xxx:/usr/home/tradone/httpdocs Password: also asks for password... This is some things I did on the REMOTECOMPUTER 149# pwd /root 149# ls -l total 20 -rw-r--r-- 2 root wheel 801 May 8 2005 .cshrc -rw------- 1 root wheel 2448 Apr 29 23:12 .history -rw-r--r-- 1 root wheel 143 May 8 2005 .k5login -rw-r--r-- 1 root wheel 293 May 8 2005 .login -rw------- 1 root wheel 1834 Jul 29 2005 .lsof_www -rw-r--r-- 2 root wheel 251 May 8 2005 .profile -rw------- 1 root wheel 1024 Aug 1 2005 .rnd drwx------ 2 root wheel 512 Apr 30 13:52 .ssh -rw------- 1 root wheel 19 Feb 28 17:52 dead.letter 149# cd .ssh 149# ls -l total 4 -rwxrwxrwx 1 root wheel 1120 Apr 30 13:59 authorized_keys -rw-r--r-- 1 root wheel 605 Aug 24 2005 known_hosts 149# 149# cd /usr/home/tradone/ 149# ls -l total 121612 -rw-r--r-- 1 tradone mysql 767 Jul 31 2005 .cshrc -rw-r--r-- 1 tradone mysql 248 Jul 31 2005 .login -rw-r--r-- 1 tradone mysql 158 Jul 31 2005 .login_conf -rw------- 1 tradone mysql 373 Jul 31 2005 .mail_aliases -rw-r--r-- 1 tradone mysql 331 Jul 31 2005 .mailrc -rw-r--r-- 1 tradone mysql 797 Jul 31 2005 .profile -rw------- 1 tradone mysql 276 Jul 31 2005 .rhosts -rw-r--r-- 1 tradone mysql 975 Jul 31 2005 .shrc drwxrwxrwx 2 tradone mysql 512 Apr 30 13:20 .ssh -rw-r--r-- 1 tradone mysql 86060826 Jan 2 17:34 Adobe Illustrator 10.zip -rw-r--r-- 1 tradone mysql 35448023 Jan 2 16:29 aab web_presentation.ai -rw-r--r-- 1 root mysql 67629 Apr 19 09:14 access_log drwxrwxrwx 9 tradone mysql 1024 Apr 30 12:03 httpdocs drwxr-xr-x 2 tradone mysql 512 Jul 31 2005 logs -rw-r--r-- 1 tradone mysql 1120 Apr 30 13:58 rsync_yulswe.pub -rw-r--r-- 1 root mysql 2775040 Aug 1 2005 squirrelmail-1.4.5.tar 149# cd .ssh 149# ls -l total 10 -rwxrwxrwx 1 tradone mysql 1120 Apr 30 13:19 authorized_keys -rwxrwxrwx 1 root mysql 1120 Apr 30 13:19 authorized_keys2 -rwxrwxrwx 1 tradone mysql 1120 Apr 30 13:19 rsync_yulswe.pub -rwxrwxrwx 1 tradone mysql 1197 Apr 30 12:47 tmp -rwxrwxrwx 1 tradone mysql 582 Apr 30 12:37 validate-rsync 149# WHAT IS HAPPENINGS???!!! #### Share this post ##### Link to post ##### Share on other sites Advertisement Here's mine, if it's any help: #$OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 22 Protocol 2 ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 # HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 1h ServerKeyBits 1024 # Logging #obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 2m PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication IgnoreUserKnownHosts yes # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable s/key passwords ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no UsePAM yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/lib/misc/sftp-server #### Share this post ##### Link to post ##### Share on other sites hm.. i'm just gonna try a copy and paste on it. hopefully it works [lol] edit: you know what hopefully it doesn't crash my computer and never boot again! [lol][lol] #### Share this post ##### Link to post ##### Share on other sites wow!! I'm getting different error messages now :) THANKS!! That's a good thing!! 145# ssh -l tradone xxx.xxx.xxx.xxx WARNING: DSA key found for host xxx.xxx.xxx.xxx in /root/.ssh/known_hosts:1 DSA key fingerprint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~. The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established but keys of different type are already known for this host. RSA key fingerprint is ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts. Permission denied (publickey). 145# Well now I can work my way up from here. after having lunch that is.. #### Share this post ##### Link to post ##### Share on other sites so I went to the knownhosts file and deleted everything in it "known_hosts" 1 lines, 1 characters 145# ssh -l tradone xxx.xxx.xxx.xxx The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established. RSA key fingerprint is 85:fd:10:4c:0f:ed:1b:32:35:43:8e:82:7d:e1:0b:0e. Are you sure you want to continue connecting (yes/no)? y Please type 'yes' or 'no': yes Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts. Permission denied (publickey). 145# ssh -l tradone xxx.xxx.xxx.xxx Permission denied (publickey). 145# so I think of the possiblity that the public keys are not identical and find out that I can't even transfer files anymore via scp 145# scp rsync_yulswe.pub tradone@xxx.xxx.xxx.xxx:/usr/home/tradone Permission denied (publickey). lost connection 145# and from a couple of matches on google, seems like Permission denied (publickey). can be a result from just about anything. So I go to the REMOTEMACHINE 149# ssh localhost The authenticity of host 'localhost.shenu.com (127.0.0.1)' can't be established. RSA key fingerprint is 85:fd:10:4c:0f:ed:1b:32:35:43:8e:82:7d:e1:0b:0e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost.xxxxxx.com' (RSA) to the list of known hosts. Permission denied (publickey). 149# #### Share this post ##### Link to post ##### Share on other sites was: # Change to no to disable s/key passwords ChallengeResponseAuthentication no now is: # Change to no to disable s/key passwords ChallengeResponseAuthentication yes was:password was prompted now is:password is not prompted but instead a Permission denied (publickey,keyboard-interactive). or Permission denied (publickey). errors. Any sort of input would be appreciated. Thanks :) #### Share this post ##### Link to post ##### Share on other sites I'm not sure exactly what you're doing here, but I'll explain how I normally go about getting passwordless ssh:$ ssh-keygen -t rsa

Follow the instructions on that, and you'll end up with ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. That's your private and public keys respectively. All you do is concatenate your public key onto ~/.ssh/authorized_keys on the server. So if you copied id_rsa.pub on your client to ~/.public_key on the server, then you'd just do something like

$cat ~/.public_key >> ~/.ssh/authorized_keys Then you'd just be able to do$ ssh servername and it shouldn't prompt you for a password.

Quote: