Re: Enabling SSHD

In reply to: Paul M Foster : "Re: Enabling SSHD"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dewayne Geraghty <dewayne_at_heuristicsystems.com.au>
Date: Mon, 29 Jan 2024 22:13:06 UTC
Hi Paul,
You don't need to populate ~/.ssh.  It is required if you use ssh keys 
for outbound connections with keys or because that's the usual place for 
the authorized_keys file for inbound (to your machine).  But you're not 
doing that.

I use a lot of virtualbox VM's for development and use an ssh password 
to connect to them.  This is what I do:
1. Change root's password so you have something in master.passwd to log 
into.

2. cat /etc/ssh/sshd_config |grep -v "^Port "
PermitRootLogin yes
AuthorizedKeysFile      .ssh/authorized_keys
ChallengeResponseAuthentication yes
PasswordAuthentication yes
UsePAM yes
Subsystem sftp /usr/libexec/sftp-server
UseDNS no
RekeyLimit default none
PermitTunnel no
UseBlacklist no
VersionAddendum Linux-Kali
KerberosAuthentication no
GSSAPIAuthentication no
X11Forwarding no
PrintMotd no
PrintLastLog no

3. Adjust the client accordingly, I use putty from windoz.
4. Be happy.

This is NOT what I have for machines accessible via the internet, where 
I only use long keys (rsa > 5K), no root, different port, encrypted keys 
and restrict KEX etc - stuff you'll learn as you progress.  Its a lot of 
fun and "ssh -vv" is your friend. :)
Cheers.
PS I don't like having sftp but it does make copying convenient



On 30/01/2024 6:15 am, Paul M Foster wrote:
> On Mon, Jan 29, 2024 at 10:30:52AM -0800, Walter Parker wrote:
> 
>>     For a permission denied error, check to see if the files have the
>>     correct permission (home dir, -/.ssh, other files as used). Also check
>>     your client to make sure it has the proper permissions.
> 
> On the server (the BSD machine) there are no ~/.ssh files for my user. Does
> that matter? On the Linux box (the client), my local ssh files are all
> okay. I routinely ssh into other (Linux) boxes on my network.
> 
>>
>>     The other way to find errors is to start sshd (from the command line)
>>     with  -d and/or -v flags and then try to connect using your ssh client.
>>     The sshd server will out logging as to what the errors are. It may tell
>>     you what is causing the permission denied error.
> 
> Lots of gobbledegook, except maybe this:
> 
> debug1: userauth-request for user paulf service ssh-connection method none [preauth]
> 
> Then it does a couple of other things and closes the connection.
> 
> Paul
>