Andrew M.A. Cater wrote:
On Wed, Jan 03, 2007 at 05:50:40PM -0300, Alejandro wrote:
People, I have generated the key pair RSA from my root linux's user and
then I copy my RSA public key to /root/.ssh/authorized_keys from the
linux ssh server. After that I edit the sshd_config file and put permit
rootlogin no and the correct path to the authorized_keys file. But when
I execute from the client "ssh [EMAIL PROTECTED]" it doesn't enter and the
password banner is showed. Here I put my debugs from ssh client and
server and my sshd_config file from the server....I REALLY THANKS YOUR
COMMENTS !!!
Example:
Try setting up a normal user first - check whether that works.
Example commands are indented in what follows. Comments are mostly
in []
As user pele change to your home directory on the first machine
(here called cerca) then
ssh-keygen -t rsa -b 2048
[Follow the prompts: don't use a passphrase. This should generate
a pair of keys id_rsa and id_rsa.pub
cd /home/pele/.ssh
touch authorized_keys
chmod 0600 authorized_keys
Follow the same procedure on the other machine (here called lejos).
On machine cerca:
cd /home/pele/.ssh
scp lejos:/home/pele/.ssh/id_dsa.pub ./id_dsa.pubLEJOS
[This copies the file you need from the other machine and names it so
you can tell where it comes from. At this point, you may need to use
passwords]
scp ./id_dsa.pub lejos:/home/pele/.ssh/id_dsa.pubCERCA
[Copying the public RSA key from the machine you are on to the distant
machine]
cat id_dsa.pubLEJOS >> authorized_keys
[Copy the public RSA key from the distant machine and
append it to the authorized_keys file on your local machine]
[Now copy the key into the appropriate place on the distant machine and
append it to the authorized_keys file there. ]
ssh lejos
cd /home/pele/.ssh
cat id_dsa.pubCERCA >> authorized_keys
[Check that an ssh connection works in both directions:
[On cerca]
ssh lejos
[On lejos]
ssh cerca
should both work immediately.
Now do the same with keys for root, if you want to. If you only want one
user to have effective root privilege - append the id_dsa.pub for root
on the machine to the end of his /.ssh/authorized_keys file
Hope this helps,
Andy
Andy, your example is very helpul to me...tomorow I'll follow your
steps. But let me ask these two last questions:
1) What are the lines I should setup in /etc/ssh/sshd_config from the
server side ???? Just *AuthorizedKeysFile %h/.ssh/authorized_keys* or
what else ???
2) Some people say if I use SSH version 2, I have to use an
*authorized_keys2* file instead of an *authorized_keys* file...is it OK
???
Thanks a lot and greetings,
alejandro.-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
