Re: (fedora) Re: sshd on F31 : strange problem with login with keys's

Tue, 26 Nov 2019 05:34:54 -0800 

Sam Varshavchik wrote on 26-NOV-2019 14:09:36.69

>Jouk Jansen writes:
>
>> Hi All,
>>
>> I'm trying to setup an ssh-server on F31 which logs a user in without a
>> password, but with a key-exchange. I generated all the keys and placed them
>> in the right locations. It still asks for the password.
>>
>> Than comes the strange : I stoped the service by "systemctl stop sshd" and
>> did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
>> and start with systemctl again made the passwordless login fail again)
>>
>> Question : why does is work with just running "/usr/sbin/sshd" but not with
>> "systemctl start sshd" ?
>
>Perhaps the actual command and set up, from sshd.service, will offer a clue:
>
>EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
>EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
>EnvironmentFile=-/etc/sysconfig/sshd
>ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
>
>That's what systemctl start sshd does.

/etc/crypto-policies/back-ends/opensshserver.config is the default file of
the system.

/etc/sysconfig/sshd-permitrootlogin does not exists (and we do not try to
logon as root anyway.

/etc/sysconfig/sshd : In this file the CRYPTO_POLICY= line is uncommented to
allow for more cyphers. (I try to connect from a machine with not the newest
cyphers (yes I know the risk))

It used to work on a F30 system, which crashed and is now fresh installed
with F31. Can it be that I have to add more cyphers to the
/etc/ssh/sshd_conf files? (the public key from the client machine starts
with : ssh-rsa)

           Regards
               Jouk


Pax, vel iniusta, utilior est quam iustissimum bellum.
    (free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.)
     Epistularum ad Atticum 7.1.4.3)


               Touch not the cat bot a glove

>------------------------------------------------------------------------------<

  Jouk Jansen
                 
  jo...@hrem.nano.tudelft.nl

  Technische Universiteit Delft        tttttttttt  uu     uu  ddddddd
  Kavli Institute of Nanoscience       tttttttttt  uu     uu  dd    dd
  Nationaal centrum voor HREM              tt      uu     uu  dd     dd
  Lorentzweg 1                             tt      uu     uu  dd     dd
  2628 CJ Delft                            tt      uu     uu  dd     dd
  Nederland                                tt      uu     uu  dd    dd
  tel. 31-15-2782272                       tt       uuuuuuu   ddddddd

>------------------------------------------------------------------------------<
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Reply via email to