On Thu, 20 Jan 2000, Subba Rao wrote:
>
> Hi,
>
> I have downloaded OpenSSH and am trying to get it to work. The sshd is
> started in .xinitrc.
do you mean sshd or ssh? Why would you need a user to login to the system
in order to make ssh connection? And why login to X as root?
You would normally run the sshd as a "system service: have it run at
runlevels 3,4,5, for instance, or simply put it in rc.local).
> After logging in, the 'ps' command does list it:
>
> (0)root@myhost:~ => ps waux | grep ssh
> root 18615 0.0 0.8 1424 536 ? S Jan19 0:01 sshd -f
>/usr/local/etc/sshd_config -h /usr/local/etc/ssh_host_key
>
> After that, I am issuing the ssh-agent command. I have tried 2 options.
>
> $ ssh-agent bash
> $ ssh-agent login
>
ssh-agent is not for server-side verification. It has nothing to do with
allowing the server to use rsa signatures for verification.
ssh-agent is used when you want toprotect your private key from other
local users:
The private key is your secret. It never leaves your computer. Therefore
it must be in a file that is only readble by you.
But every file is readble by root, and you might not trust root (or other
people with access to your account). Therefore you can protect it by not
keeping the key itself, but an encrypted copy of that key, encrypted with
a "passphrase". Therefore you need to know the passphrase to use your
public key. Note that (unlike s simple password authntification) - that
passphrase never leaves your computer, and is never transefered to the
sshd on the other side.
the ssh-agent is a local daemon that keeps in its memory those keys (or
passphrases, I don't remeber exactly what, since I currently don't use
it),and allows you toinput your password only once per login.
But it has nothing to do with the sshd.
> The instance of ssh-agent seem to be valid only for that xterm. Once the xterm is
> terminated, the ssh-agent is terminated too.
>From reading TFM - this is exactly how it is supposed to behave - allow
authentification only for processes that were spawned (directly or
inderectly) from the ssh-agent process.
> The keys (identity file) have been generated. Then I add the keys using ssh-add.
>
> (0)root@myhost:~ => ssh-add
> Need passphrase for /root/.ssh/identity
> Enter passphrase for root@myhost:
> Identity added: /root/.ssh/identity (root@myhost)
>
>
> When I try to login from NT, using TeraTermPro+TTSSH or Putty, the system says
>invalid
> password. I have tried the user's Linux password and the SSH key passphrase.
> The system log has the following entry.
First of all - try logging in using the simple password authentification,
without any keys or passphrases ("plain password" on ttssh).
also - try running the sshd in debug mode and see what messages do you get
(note: standard ssh has a -d switch for that. I assume openssh's sshd has
an equivalent option).
>
> Jan 20 07:36:23 myhost sshd[21993]: Failed password for ROOT from 10.3.23.21 port
>2483
> Jan 20 07:36:27 myhost sshd[21993]: Received disconnect:
>
The obvious question: did you give the password for the user, or for root?
have you tried connecting with ssh from myhost?
> What am I doing wrong here? How do I establish the SSH session between the Linux
> and NT boxen?
>
> Thank you in advance for any help.
>
> Subba Rao
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
