Key-Based SSH logins With PuTTY - OpenBSD Problem

Discussion in 'HOWTO-Related Questions' started by al4, Feb 8, 2007.

  1. al4

    al4 New Member

    Using these instructions: Key-Based SSH Logins With PuTTY.

    I am unable to get it to work with an OpenBSD 4.0 system. It's a fresh install, with nothing else on it. I've used the instructions before on other operating systems and it has worked. I have not been successful in getting it to work with OpenBSD 4.0 though.

    I figure it's an OpenSSH setting, but I don't know where to look. I thought I'd check here before I started asking the OpenSSH/OpenBSD people.
     
    Last edited: Feb 8, 2007
  2. falko

    falko Super Moderator

    What exactly doesn't work? What's in your sshd_config?
     
  3. al4

    al4 New Member

    "The server rejected your key" was the error.

    I was going to modify my initial post to reflect that, but never did - my apologies.
     
  4. falko

    falko Super Moderator

    What's in your sshd_config?
     
  5. al4

    al4 New Member

    Code:
    #	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #Protocol 2,1
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768
    
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    PermitRootLogin no 
    #StrictModes yes
    #MaxAuthTries 6
    
    AuthorizedKeysFile	.ssh/authorized_keys2
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    
    # no default banner path
    #Banner /some/path
    
    # override default of no subsystems
    Subsystem	sftp	/usr/libexec/sftp-server
    
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #	X11Forwarding no
    #	AllowTcpForwarding no
    #	ForceCommand cvs server
    
     
  6. falko

    falko Super Moderator

    You can try this in your sshd_config instead:

    Code:
    # Package generated configuration file
    # See the sshd(8) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768
    
    # Logging
    SyslogFacility AUTH
    LogLevel INFO
    
    # Authentication:
    LoginGraceTime 600
    PermitRootLogin no
    StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    #AuthorizedKeysFile     %h/.ssh/authorized_keys
    
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    
    # Change to yes to enable tunnelled clear text passwords
    PasswordAuthentication no
    
    
    # To change Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #AFSTokenPassing no
    #KerberosTicketCleanup no
    
    # Kerberos TGT Passing does only work with the AFS kaserver
    #KerberosTgtPassing yes
    
    X11Forwarding no
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    KeepAlive yes
    #UseLogin no
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    Subsystem       sftp    /usr/lib/sftp-server
    
    UsePAM no
    This one's working.
     

Share This Page