Re: authorized_key

Hi all,
Thanks in advance.
The following is my openssh version.
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004

Regards,
Rajeev.
----- Original Message -----
From: "Welsh, Armand" <Armand.Welsh@sscims.com>
To: <ssh@erdelynet.com>
Sent: Friday, November 02, 2007 8:21 PM
Subject: Re: authorized_key

> Which version of openSSH are you using on the server?
> (OpenSSH for Windows, Cygwin, or copSSH)
>
> OpenSSH for Windows is obsolete, and not managed anymore, so to set it up
on windows servers generally requires some manual configurations to the
system and the permissions. copSSH is a more plug-n-play type of solution,
as well as Cygwin (although cygwin still requires some manual
configurations, it is a newer version than openSSH for Windows)
>
> Note that all three programs are different ways of packaging and
distributing the openSSH portion of the cygwin project.
>
> Armand
>
>
> Armand Welsh
> --------------------------
> Sent from my BlackBerry Wireless Handheld
>
>
> ----- Original Message -----
> From: ssh@erdelynet.com <ssh@erdelynet.com>
> To: ssh@erdelynet.com <ssh@erdelynet.com>
> Sent: Fri Nov 02 07:27:57 2007
> Subject: Re: authorized_key
>
>
> Hi,
> Can you please help me for this???
> Iam using windows 2000 as server and windows XP as client.
> Using public key with no pass phrase , iam getting
> debug1: No more authentication methods to try.
> Permission denied (publickey,keyboard-interactive).
> Please help me
> Message are as follows
>
>
>
> C:\Documents and Settings\localuser\.ssh>ssh -vvv -i loc.key user@ip
> OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
> debug1: Reading configuration data /etc/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to "ip addr" port 22.
> debug1: Connection established.
> debug1: identity file loc.key type 0
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.8.1p1
> debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-gro
> up1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
>
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
> 56-c
> tr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
>
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
> 56-c
> tr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-gro
> up1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
>
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
> 56-c
> tr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
>
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes2
> 56-c
> tr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 144/256
> debug2: bits set: 503/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /home/localuser/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 2
> debug1: Host 'IP ADDRESS' is known and matches the RSA host key.
> debug1: Found key in /home/localuser/.ssh/known_hosts:2
> debug2: bits set: 529/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug3: input_userauth_banner
>
> ****USAGE WARNING****
>
> This is a private computer system. This computer system, including all
> related equipment, networks, and network devices (specifically including
> Internet access) are provided only for authorized use. This computer
system
> may be monitored for all lawful purposes, including to ensure that its use
> is authorized, for management of the system, to facilitate protection
> against
> unauthorized access, and to verify security procedures, survivability, and
> operational security. Monitoring includes active attacks by authorized
> entities
> to test or verify the security of this system. During monitoring,
> information
> may be examined, recorded, copied and used for authorized purposes. All
> information, including personal information, placed or sent over this
system
> may be monitored.
>
> Use of this computer system, authorized or unauthorized, constitutes
consent
> to monitoring of this system. Unauthorized use may subject you to criminal
> prosecution. Evidence of unauthorized use collected during monitoring may
be
> used for administrative, criminal, or other adverse action. Use of this
> system
> constitutes consent to monitoring for these purposes.
>
>
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug3: start over, passed a different list publickey,keyboard-interactive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey,keyboard-interactive).
>
>
> Thanks&Regards,
> Rajeev
> ----- Original Message -----
> From: "Mick Ken" <micks80@gmail.com>
> To: <ssh@erdelynet.com>
> Sent: Friday, November 02, 2007 7:57 PM
> Subject: Re: authorized_key
>
>
> > Hi,
> > I think, you just have to modify your sshd_config file to disable that
> > password option. Check this extract taken from some article:
> >
> > Disabling password authentication on OpenSSH
> >
> > Once the user's public and private keypair are verified as correct,
> > it's possible to disable password authentication on the Linux server
> > entirely. This entirely forestalls all possible password-guessing
> > attempts and dramatically secures a machine.
> >
> > However, for machines not physically local, it's wise to defer on
> > disabling password authentication until it's absolutely clear that the
> > keyed access is working properly, especially if multiple users are
> > involved. Once password authentication has been disabled, even the
> > root password won't allow one into the system.
> >
> > Those new to public key access are encouraged to test very carefully.
> >
> > The configuration of the SSH Daemon is found in the sshd_config file,
> > often stored in the /etc/ssh/ directory. This is a text file which is
> > relatively easy to read; we'll be looking for two entries to modify.
> >
> > First is to set PasswordAuthentication to the value no. This may be
> > explicitly set to yes, or it may be commented out to rely on the
> > default, but we wish to explicitly disable this:
> >
> > Second, we wish to disable SSH protocol version 1: this is old, has
> > several substantial security weaknesses, and should not be allowed
> > from the outside world.
> >
> > Edit the configuration file and ensure that the two keyword entries
> > are set properly; comment out the old entries if necessary.
> > /etc/ssh/sshd_config
> >
> > # Protocol 1,2
> > Protocol 2
> > PasswordAuthentication no
> >
> > Once the configuration file has been saved, the Secure Shell daemon
> > must be restarted; on most platforms this can be done with the
> > "service" mechanism:
> >
> > # service sshd restart
> >
> > This kills the listening daemon and restarts it, but does not
> > terminate any existing individual user sessions. Those who feel this
> > might be a risky step are invited to simply reboot the machine.
> >
> > At this point, OpenSSH will no longer accept passwords of any kind,
> > with access granted only for users with pre-established public keys.
> >
> > HTH
> > Mick
> >
> >
> > On 11/2/07, Jürgen Rott <info2007@rott-home.de> wrote:
> > >
> > >
> > >
> > > Hello,
> > >
> > >
> > >
> > > first I have to tell, that I am German and my English is more or less
a
> > > little bit poor…
> > >
> > > Anyway I have a question…
> > >
> > >
> > >
> > > I try to manage the key authorized access to my windows pc running
> openSSH.
> > > So I copied the public key of the other machine (running Linux) into
the
> > > file „authorized_keys" in „…/root/.ssh" (home-dir) on my windows
> computer
> > > called mondrian. But if I try to connect, I'm still asked for the
> password
> > > of root@mondrian. With given password, there aren't any problems so
far.
> > >
> > >
> > >
> > > Best regards,
> > >
> > >
> > >
> > > Jürgen Rott
> > >
> > >
> > >
> > >
> >
> >
> > --
> > List Info: http://erdelynet.com/ssh-l/
> > List Archives: http://erdelynet.com/archive/ssh-l/
> > To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
> >
> >
> >
>
>
>
>
> This electronic mail (including any attachment thereto) may be
confidential and privileged and is intended only for the individual or
entity named above. Any unauthorized use, printing, copying, disclosure or
dissemination of this communication may be subject to legal restriction or
sanction. Accordingly, if you are not the intended recipient, please notify
the sender by replying to this email immediately and delete this email (and
any attachment thereto) from your computer system...Thank You
>
> --
> List Info: http://erdelynet.com/ssh-l/
> List Archives: http://erdelynet.com/archive/ssh-l/
> To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
>
>
>
> --
> List Info: http://erdelynet.com/ssh-l/
> List Archives: http://erdelynet.com/archive/ssh-l/
> To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
>
>

This electronic mail (including any attachment thereto) may be confidential and privileged and is intended only for the individual or entity named above. Any unauthorized use, printing, copying, disclosure or dissemination of this communication may be subject to legal restriction or sanction. Accordingly, if you are not the intended recipient, please notify the sender by replying to this email immediately and delete this email (and any attachment thereto) from your computer system...Thank You

--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com