Sign in to follow this  
Tradone

SSH Help!!

Recommended Posts

So I'm trying to set up SSH so that the server doesn't prompt for a password on my freeBSD box. I want to use it to update my secondary DNS server, also other files that I need to transfer almost daily. I did exactly as these websites told me to do. http://www.jdmz.net/ssh/#note2 http://chinese-watercolor.com/LRP/printsrv/keygen.html Of course using my own configurations... However, STILL the server asks for the password. This is my /etc/ssh/sshd_config file
#       $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.40 2004/04/20 09:37:29 des

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20040419

#Port 22
#Protocol 2
#ListenAddress xxx.xxx.xxx.xxx
#ListenAddress ::

# HostKey for protocol version 1
# HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
# HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication (via challenge-response)
# and session processing.
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server



Gee, idk what I'm doing wrong here. but this is what I did: So I generated a public key from MYCOMPUTER, and my user name was root. I uploaded my rsync.pub into the REMOTECOMPUTER, inside /root/.ssh/authorized_keys and inside /usr/home/tradone/.ssh/authorized_keys I set permissions of the .ssh folder and rsync.pub to 777 just in case I have permission problems. then I restarted sshd by doing /etc/rc.d/sshd forcerestart 145# ssh -l tradone xxx.xxx.xxx.xxx Password: asks for password.... 145# rsync -avz -e "ssh -i /root/.ssh/rsync" somefile.cpp tradone@xxx.xxx.xxx.xxx:/usr/home/tradone/httpdocs Password: also asks for password... This is some things I did on the REMOTECOMPUTER
149# pwd
/root
149# ls -l
total 20
-rw-r--r--  2 root  wheel   801 May  8  2005 .cshrc
-rw-------  1 root  wheel  2448 Apr 29 23:12 .history
-rw-r--r--  1 root  wheel   143 May  8  2005 .k5login
-rw-r--r--  1 root  wheel   293 May  8  2005 .login
-rw-------  1 root  wheel  1834 Jul 29  2005 .lsof_www
-rw-r--r--  2 root  wheel   251 May  8  2005 .profile
-rw-------  1 root  wheel  1024 Aug  1  2005 .rnd
drwx------  2 root  wheel   512 Apr 30 13:52 .ssh
-rw-------  1 root  wheel    19 Feb 28 17:52 dead.letter
149# cd .ssh
149# ls -l
total 4
-rwxrwxrwx  1 root  wheel  1120 Apr 30 13:59 authorized_keys
-rw-r--r--  1 root  wheel   605 Aug 24  2005 known_hosts
149#
149# cd /usr/home/tradone/
149# ls -l
total 121612
-rw-r--r--  1 tradone  mysql       767 Jul 31  2005 .cshrc
-rw-r--r--  1 tradone  mysql       248 Jul 31  2005 .login
-rw-r--r--  1 tradone  mysql       158 Jul 31  2005 .login_conf
-rw-------  1 tradone  mysql       373 Jul 31  2005 .mail_aliases
-rw-r--r--  1 tradone  mysql       331 Jul 31  2005 .mailrc
-rw-r--r--  1 tradone  mysql       797 Jul 31  2005 .profile
-rw-------  1 tradone  mysql       276 Jul 31  2005 .rhosts
-rw-r--r--  1 tradone  mysql       975 Jul 31  2005 .shrc
drwxrwxrwx  2 tradone  mysql       512 Apr 30 13:20 .ssh
-rw-r--r--  1 tradone  mysql  86060826 Jan  2 17:34 Adobe Illustrator 10.zip
-rw-r--r--  1 tradone  mysql  35448023 Jan  2 16:29 aab web_presentation.ai
-rw-r--r--  1 root            mysql     67629 Apr 19 09:14 access_log
drwxrwxrwx  9 tradone  mysql      1024 Apr 30 12:03 httpdocs
drwxr-xr-x  2 tradone  mysql       512 Jul 31  2005 logs
-rw-r--r--  1 tradone  mysql      1120 Apr 30 13:58 rsync_yulswe.pub
-rw-r--r--  1 root            mysql   2775040 Aug  1  2005 squirrelmail-1.4.5.tar
149# cd .ssh
149# ls -l
total 10
-rwxrwxrwx  1 tradone  mysql  1120 Apr 30 13:19 authorized_keys
-rwxrwxrwx  1 root            mysql  1120 Apr 30 13:19 authorized_keys2
-rwxrwxrwx  1 tradone  mysql  1120 Apr 30 13:19 rsync_yulswe.pub
-rwxrwxrwx  1 tradone  mysql  1197 Apr 30 12:47 tmp
-rwxrwxrwx  1 tradone  mysql   582 Apr 30 12:37 validate-rsync
149#



WHAT IS HAPPENINGS???!!!

Share this post


Link to post
Share on other sites
Here's mine, if it's any help:


# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
Protocol 2
ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
# HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 2m
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/lib/misc/sftp-server


Share this post


Link to post
Share on other sites
hm.. i'm just gonna try a copy and paste on it.
hopefully it works [lol]

edit: you know what hopefully it doesn't crash my computer and never boot again! [lol][lol]

Share this post


Link to post
Share on other sites
wow!!
I'm getting different error messages now :) THANKS!!
That's a good thing!!

145# ssh -l tradone xxx.xxx.xxx.xxx WARNING: DSA key found for host xxx.xxx.xxx.xxx
in /root/.ssh/known_hosts:1
DSA key fingerprint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established
but keys of different type are already known for this host.
RSA key fingerprint is ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
Permission denied (publickey).
145#



Well now I can work my way up from here.
after having lunch that is..

Share this post


Link to post
Share on other sites
so I went to the knownhosts file and deleted everything in it

"known_hosts" 1 lines, 1 characters
145# ssh -l tradone xxx.xxx.xxx.xxx
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is 85:fd:10:4c:0f:ed:1b:32:35:43:8e:82:7d:e1:0b:0e.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
Permission denied (publickey).
145# ssh -l tradone xxx.xxx.xxx.xxx
Permission denied (publickey).
145#


so I think of the possiblity that the public keys are not identical and find out that I can't even transfer files anymore via scp

145# scp rsync_yulswe.pub tradone@xxx.xxx.xxx.xxx:/usr/home/tradone
Permission denied (publickey).
lost connection
145#


and from a couple of matches on google, seems like Permission denied (publickey). can be a result from just about anything.

So I go to the REMOTEMACHINE

149# ssh localhost
The authenticity of host 'localhost.shenu.com (127.0.0.1)' can't be established.
RSA key fingerprint is 85:fd:10:4c:0f:ed:1b:32:35:43:8e:82:7d:e1:0b:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost.xxxxxx.com' (RSA) to the list of known hosts.
Permission denied (publickey).
149#


Share this post


Link to post
Share on other sites
was:
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

now is:
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes

was:password was prompted
now is:password is not prompted but instead a Permission denied (publickey,keyboard-interactive). or Permission denied (publickey). errors.

Any sort of input would be appreciated. Thanks :)

Share this post


Link to post
Share on other sites
I'm not sure exactly what you're doing here, but I'll explain how I normally go about getting passwordless ssh:

$ ssh-keygen -t rsa

Follow the instructions on that, and you'll end up with ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. That's your private and public keys respectively. All you do is concatenate your public key onto ~/.ssh/authorized_keys on the server. So if you copied id_rsa.pub on your client to ~/.public_key on the server, then you'd just do something like

$ cat ~/.public_key >> ~/.ssh/authorized_keys

Then you'd just be able to do $ ssh servername and it shouldn't prompt you for a password.

Share this post


Link to post
Share on other sites
Quote:
Original post by baldurk
I'm not sure exactly what you're doing here, but I'll explain how I normally go about getting passwordless ssh:

$ ssh-keygen -t rsa

Follow the instructions on that, and you'll end up with ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. That's your private and public keys respectively. All you do is concatenate your public key onto ~/.ssh/authorized_keys on the server. So if you copied id_rsa.pub on your client to ~/.public_key on the server, then you'd just do something like

$ cat ~/.public_key >> ~/.ssh/authorized_keys

Then you'd just be able to do $ ssh servername and it shouldn't prompt you for a password.


I followed through exactly.
and still prompts for password.
what is the command that you use when you login using ssh?
I used
145# ssh -l tradone xxx.xxx.xxx.xxx
maybe I need to specify the private key?

Share this post


Link to post
Share on other sites
ahi ya yahi
I think I'm just going to reinstall SSH, there may have been something tangled up from my initial configuration that I must have forgotten about.

If anybody can provide me any decent SSH links.. Thanks a whole bunch.

Share this post


Link to post
Share on other sites
Note that modern ssh generally comes with two protocol versions, 1 and 2; and they use different keys. IIRC rsa is for version one, and would then require the Protocol line to read Protocol 1,2 to try 1 and fallback to two.

Share this post


Link to post
Share on other sites
Quote:
Original post by Telastyn
Note that modern ssh generally comes with two protocol versions, 1 and 2; and they use different keys. IIRC rsa is for version one, and would then require the Protocol line to read Protocol 1,2 to try 1 and fallback to two.


not that this will add much to the OP, but the order of the versions on the Protocol line does not matter.

from 'man sshd_config':

Protocol
Specifies the protocol versions sshd supports. The
possible values are '1' and '2'. Multiple versions must
be comma-separated. The default is '2,1'. Note that the
order of the protocol list does not indicate preference,
because the client selects among multiple protocol versions
offered by the server. Specifying '2,1' is identical to '1,2'.


/Nico

Share this post


Link to post
Share on other sites
Quote:
Original post by NicoDeLuciferi
Quote:
Original post by Telastyn
Note that modern ssh generally comes with two protocol versions, 1 and 2; and they use different keys. IIRC rsa is for version one, and would then require the Protocol line to read Protocol 1,2 to try 1 and fallback to two.


not that this will add much to the OP, but the order of the versions on the Protocol line does not matter.

/Nico


Hrm, learn something every day.

Share this post


Link to post
Share on other sites
As far as I can see you make the key as root and then copy it to both root and tradone's ~/.ssh/authorized_keys.

I dont think you can do that. The user tradone must generate hes own key using ssh-keygen.

My .ssh folder has mode 700 btw.

Also, try to connect like this: $ ssh tradone@<hostname>

Share this post


Link to post
Share on other sites
Sign in to follow this