help configuring ssh pub keys instead of passwords
greg at grokking.org
greg at grokking.org
Sat Mar 5 11:21:30 PST 2005
> so far i have done
>
> edit /etc/sshd_config
>
> Port 22
> Protocol 2
> PermitRootLogin no
> MaxStartups 5:50:10
> X11Forwarding no
> PrintLastLog yes
> SyslogFacility auth
> LogLevel VERBOSE
> PasswordAuthentication no
> PermitEmptyPasswords no
> Banner /etc/issue
> AllowGroups sshusers <-- this exsists
>
> # create some group that you can put OpenSSH users into
> Next, we'll open and edit /etc/ssh/ssh_config
>
> [user at server /dir]#vi /etc/ssh/ssh_config
>
> ForwardAgent no
> ForwardX11 no
> PasswordAuthentication no
> CheckHostIP yes
> Port 22
> Protocol 2
>
> then i su to unpriv user and ran ssh-keygen -d
>
> then i did
> cat id_dsa.pub > authorized_keys2
make sure you have a line in /etc/ssh/sshd_config that points to this,
like so:
AuthorizedKeysFile .ssh/authorized_keys2
If it's commented out that's okay (default) just make sure it's the same
filename you've used!
(Incidentally, on my 5.3 box it's set as .ssh/authorized_keys)
>
> then copy the id_dsa.pub to a floppy so that i could transfer the dsa key to
> the machine from which id be accessing the unix box.
>
No, you need to put the PRIVATE key (id_dsa by default) on the client
machines in the .ssh directory under each users' home dir. The PUBLIC
key stays on the server in authorized_keys as you've done above. Make
sure this key and the directory it's in is accessible only by the user
you want.
Hope that helps,
G
More information about the freebsd-questions
mailing list