Greetings, I'm not sure if this is the right place for this or the security mailing list, but I am extremely confused by RSA/DSA authentication and using it with OpenSSH. My current setup is that I have a freebsd box at home acting as a firewall/gateway/webserver. I'd like to access it from work using Putty on Windows 2000. Right now I have password authentication with a good strong username/password, Denyhosts and I feel safe. I just wanted to try a little extra security (for kicks) so I started reading and implementing RSA. Well now after reading what there was in the handbook, freebsddairy, and a really nice article about it on IBM I have no idea how to get this to work and am just a little frustrated. I believe I'm getting messed up on the public and private key and where they should go on the computer i'm trying to connect to or connect from? I used ssh-keygen and putty to generate a key (RSA w/passphrase) and both times I've gotten neither to work from what I've been able to tell.
One time I was close and got something saying that my key's permissions had to be changed because they were to open so I fixed that warning and then it said that my key was accepted and I entered my passphrase. But then just to play around I removed my key (wanted to see if it wouldn't let me connect). It did and asked for my password not passphrase. What I was hoping for was that the server would see that i didn't have a key and deny my access but saddly it didn't. Now I'm editing some of my /etc/ssh/sshd_config file like uncommenting: (correct? I shouldn't be editing /etc/ssh/ssh_config?) RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile /root/.ssh/authorized_keys (I did rename the key I was using this and made sure it was all on one line) PasswordAuthentication no but I still don't have anything working. I've restarted sshd by doing: /etc/rc.d/sshd restart each time as well. Am I wrong to assume the server should deny me access if I don't have the key or is using RSA/DSA authentication just to assure myself that I'm actually connecting to my server and not some other person's trying to get my passwords? Thank you for reading this mess, as you can tell I'm pretty bewildered. Erik _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
