Fedora Linux Support Community & Resources Center
  #1  
Old 20th August 2008, 06:26 AM
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 65
Posts: 2,624
ssh/PuTTY setup question

I'd like access to my Fedora 9 box from my Windows laptop, so I installed PuTTY on the laptop, set up a private key/public key pair and tried things out by connecting my laptop to the LAN. The first time, of course, I had to use username and password to connect and copied over the public key to ~/.ssh/authorized_keys. After a few tries I figured out what garbage had to be deleted from that file, and ssh stopped complaining about my key. Alas, it still asks me for both a username and password each time I try to connect, although I've put my username at the end of that file and changed the permissions as suggested.

I know it's possible to have ssh authenticate without sending a password and I'd like to get that running before I open up Port 22 on my router to make it available to the outside world. Can anybody suggest something I've overlooked, or something else to try? As yet, I haven't tried editing the config files because I'm not sure I need to, and unsure just what changes to the defaults need to be made.
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #2  
Old 20th August 2008, 06:48 AM
Mariano Suárez-
Guest
 
Posts: n/a
Look at the logs, for information on what sshd is doing when you try to log in.
In particular, check that the permissions of the ~/.ssh/authorized_keys is as
specified in the man page for ssh.
Reply With Quote
  #3  
Old 20th August 2008, 07:56 AM
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 65
Posts: 2,624
I know I've set the permissions to 600. I'd love to look at the logs, but where are they? I've checked /var/log/messages, and there's nothing relevant, and I can't find any other log to check.
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #4  
Old 20th August 2008, 10:16 AM
pete_1967 Online
Clueless in a Cuckooland
 
Join Date: Mar 2006
Location: Here now, elsewhere tomorrow.
Posts: 4,329
On server you need to enable key (and remove password) authentication.

Configuration file is /etc/ssh/sshd_config

Read the comments on it carefully and change as needed. After you've done your changes, you need to restart your sshd server.

As root: `/sbin/service sshd restart`

Unless you have physical access to the linux box, keep password authentication enabled until you're sure everything works as intended.

While you are configuring your sshd server, disable allow root logins in it.

There are plenty of tutorials on how to set up and configure ssh server, just click either of the links in my sig to find them.
__________________
A Drink is Not Just For Christmas - SaskyCom :thumb:


“Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime” so now go and...
RTFM FIRST: http://docs.fedoraproject.org/ & http://rute.2038bug.com/index.html.gz
Reply With Quote
  #5  
Old 20th August 2008, 05:51 PM
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 65
Posts: 2,624
Is having the box in question "living" in my bedroom enough physical access? OK, I'll try enabling key authentication and see what happens. I want to give access to a few trusted friends (Doing pings/traceroutes over a different backbone can sometimes be Very Useful, among other things.) so I'll leave password set up so that they can upload their own keys without my interference. (I presume that if both are active, it will only ask for a password if it can't find the key or it doesn't work.)
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #6  
Old 21st August 2008, 07:05 AM
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 65
Posts: 2,624
Checking, key authentication is enabled by default, and it looks in the right place for keys. Any more suggestions? That is, other than those two utterly useless links in your signature.
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #7  
Old 21st August 2008, 07:40 AM
marcrblevins Offline
Registered User
 
Join Date: Jun 2006
Location: Texas
Age: 43
Posts: 4,168
Quote:
I'd love to look at the logs, but where are they? I've checked /var/log/messages
Thought it was /var/log/secure
Code:
su -
grep ssh /var/log/secure
Got a boatload of ssh failures... denyhosts is my friend here.
Reply With Quote
  #8  
Old 21st August 2008, 07:50 AM
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 65
Posts: 2,624
ssh/PuTTY setup question [SOLVED]

Thanx, but I just found out what the problem was. A friend had sent me an example of ~/.ssh/authorized_keys, and I realized that mine didn't match the pattern quite as well as I thought. What you need is this:

ssh-rsa BIGLONGPUBLICKEYTHAT'SMUCHLONGERTHANTHISBUTALLONON EBIGLINEWITHOUTBREAK= username@domain

There's a space before the public key itseslf, one after the equal sign but no -- repeat no -- line breaks anywhere. If you have your key like this it will work; if not, it won't. (I presume if you're using something other than rsa, you change the first string to match.)

Thanx to everybody who tried to help, because even the wrong answers helped me learn, such as disabling root logins. As I said, I'm going to leave password authentication active so that users can set up their public keys on their own if they want. (Not that there will be more than two or three, and mostly to allow pings/traceroutes over a different backbone or store a file they don't want the wife to know about...)
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #9  
Old 21st August 2008, 02:25 PM
pete_1967 Online
Clueless in a Cuckooland
 
Join Date: Mar 2006
Location: Here now, elsewhere tomorrow.
Posts: 4,329
Quote:
Originally Posted by sidebrnz
Any more suggestions? That is, other than those two utterly useless links in your signature.
Sorry, don't have any silver platters left.

Quote:
Originally Posted by pete_1967
While you are configuring your sshd server, disable allow root logins in it.
Quote:
Originally Posted by sidebrnz
Thanx to everybody who tried to help, because even the wrong answers helped me learn, such as disabling root logins.
If I'd known you don't understand what you read, I'd phrased that differently.
__________________
A Drink is Not Just For Christmas - SaskyCom :thumb:


“Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime” so now go and...
RTFM FIRST: http://docs.fedoraproject.org/ & http://rute.2038bug.com/index.html.gz
Reply With Quote
  #10  
Old 22nd August 2008, 12:54 AM
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 65
Posts: 2,624
Excuse me for living, but I guess that I'm just a beginner with only 39 years of computer experience. However, I fail to see how a link to Search Forums and one to google are that helpful. Frankly, I see them as just a "don't ask me, look for yourself" blow-off of the questioner. And, yes, the answers were wrong (but well-intentioned) because the right options are (except for root login) set by default and the issue was that ~/.ssh/authorized_keys needed to be edited in a non-intuitive manner. Oh, BTW, I was not referring to disabling root logins as a wrong answer, but that telling me that the issue was in /sshd_config was wrong, although one of the changes you suggested was good. Next time, don't be so eager to take offense where none was offered.
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #11  
Old 22nd August 2008, 12:59 AM
Hlingler Offline
Administrator
 
Join Date: Sep 2006
Location: Connellsville, PA, USA
Posts: 11,294
OK, kids, play nice now.

V
Reply With Quote
  #12  
Old 22nd August 2008, 01:05 AM
marcrblevins Offline
Registered User
 
Join Date: Jun 2006
Location: Texas
Age: 43
Posts: 4,168
Just looked at Pete's sig. What a laugh! Oh Pete, thats a good one. I would throw in 'Fedora sshd root login' on the Google link, could have got your answer there.

First one on the list:
http://www.go2linux.org/disable-ssh-root-direct-login

Problemo solvo.
Reply With Quote
  #13  
Old 22nd August 2008, 05:25 AM
Doug G Offline
Registered User
 
Join Date: Jul 2005
Posts: 640
Read the putty documentation, there are instructions on exactly how to set up key authorization with putty.
Reply With Quote
Reply

Tags
question, setup, ssh or putty

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Putty settings for vnc over putty ieuuk Guides & Solutions (No Questions) 0 5th March 2005 09:53 AM


Current GMT-time: 18:57 (Saturday, 25-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Andradas Photos - Tanghe - Nong Khae Instagram Photos