ssh using DSA keys - as per the handbook

Dominic Mitchell dom at happygiraffe.net
Fri Jul 26 17:20:58 BST 2002


On Fri, Jul 26, 2002 at 04:21:19PM +0100, Steven Purdy wrote:
> Hi all:
> 
> I've tried the RTFM method, had a google around and even asked the boss!
> I hope someone can help with this.
> 
> What I've done:
> 
> 1) ssh-keygen -d (To create a dsa key)
> 2) scp ~/.ssh/id_dsa.pub steve at remote-bsd:/home/steve/.ssh/
> 3) (ssh to the remote box)mv id_dsa.pub authorized_keys2
> 4) ssh steve at remote-bsd
> 	
> I get slightly different results from PC to PC and sometimes who I'm
> logging in as.
> 
> On one box it works as steve but not as another user (having done the
> same procedure for that user).
> 
> Mostly I just get returned a login prompt.
> 
> I've tried this with different versions and same versions of sshd (2.3 -
> 2.9 from memory).

If you're not running 3.4 or newer, upgrade.  There are serious security
holes in all prior versions.   See http://www.openssh.com/ for source,
or cvsup to the latest version of -STABLE or -CURRENT.

Warnings aside, is it down to permissions on the authorized_keys2 file
and the .ssh directory?  I often find when creating these that they've
ended up with group writeability, which sshd doesn't like.

If that still doesn't solve it, you can always run sshd in debug mode to
find out what's wrong.  If you log in to the remote box and run:

    remote% sshd -d -p 2222

Leave that window alone, and try logging in to that port from another
window:

    local% ssh -p 2222 remote

And you'll get lots of debug output in the sshd window telling you why
it failed.

-Dom




More information about the Ukfreebsd mailing list