Thore wrote: > on my Server I want to configure an RSA SSH Authentication.
Good. Everyone should. > I know how to generate and set the private and public key, Good. > but there are still some problems. > Mostly I login as root, > so i had to use the .ssh directory in the /root folder and put my > generated public key in the authorized_keys folder. > But it didn't works. The typical reason this does not work is because the file permission is incorrect. What is the output of (example from my system): # ls -ld / /root /root/.ssh /root/.ssh/authorized_keys | cat drwxr-xr-x 25 root root 4096 Dec 3 12:51 / drwxr-xr-x 20 root root 4096 Dec 2 15:33 /root drwx------ 2 root root 4096 Oct 29 2011 /root/.ssh -rw-r----- 1 root root 1440 Oct 29 2011 /root/.ssh/authorized_keys If any of those are group or world writable then sshd will refuse the file. Also look in /var/log/auth.log and /var/log/syslog too. > I sedet the auto login username in putty it didn't worked. > Are there settings wrong? > I found one part in the sshd conf > > RSAAuthentication yes > PubkeyAuthentication yes > #AuthorizedKeysFile %h/.ssh/authorized_keys > > it was exactly like this, > is this right? Yes. Those are okay. > I mean isn't the directory not "availiable" for the program because > of the # at the begin of the line? The default is included as documentation. If, and only if, you were going to change it from the default then you could uncomment the line and change the value. > Another question is: How must I configure it that I only can login > with the user password my passphrase for the key and the keys? > so tripple protection against brute force. I recommend not to do this. Make sure you have a good non-guessable password and then don't use it unless you need it. If you don't use it then it can't be sniffed. If it is secure then it can't be guessed. In which case it isn't safer to disable it. And having it available for that emergency when you need it is very useful. Bob
signature.asc
Description: Digital signature
