Did you restart the SSH daemon?

--
Richard Silverman
res@qoxp.net

In article Peter
writes:
>I am running the Cygwin SSHD server on a machine and have been seeing
>lots of attacks lately from all over the globe. so i generated a public
>/ private key set and applied them correctly and now i connect properly
>using these new keys. i then went into the file "cygwin\etc
>\sshd_config" and set the following lines
>
> # To disable tunneled clear text passwords, change to no here!
> #PasswordAuthentication no
> #PermitEmptyPasswords no

Lines starting with '#' are comments - they're only there to inform you
what the keywords and their default values are. No amount of changing a
line that starts with '#' will have any effect, you need to remove the
'#' on the relevant line or create a new line without the '#'.

>so i went back to the file "cygwin\etc\sshd_config" and sure enough i
>find this
>
> # To disable tunneled clear text passwords, change to no here!
> #PasswordAuthentication yes <-------its still set to yes?
> #PermitEmptyPasswords no

Don't know why that would be, but it probably doesn't have much to do
with ssh - either you can't operate your editor, or something Windowsy
is messing things up.

>so i then looked at the folder holding the file and found that there are
>now 2 files "cygwin\etc\sshd_config" and "cygwin\etc\sshd_config~" the
>one with the ~ char at the end is owned by the loged in user and the one
>without the ~ char is owned by the system. the one owned by the system
>is the one where the password is still set to yes. every time i edit and
>save the file it creates a new file with more and more ~ chars at the
>end. what in the world is going on?

Appending a ~ to the file name for the "backup copy" (i.e. what the file
was before you edited it) is a semi-common thing for editors to do.

>am i going about it the wrong way trying to edit my "cygwin\etc
>\sshd_config" file? is there a command i need to run to make this change
>permenant?

On Unix, you just need to restart the ssh daemon, and nothing in the
system will modify your sshd_config file. I'm afraid I don't know about
Windows (or Cygwin).

--Per Hedeland
per@hedeland.org

>>>>> "PH" == Per Hedeland writes:

PH> Lines starting with '#' are comments - they're only there to
PH> inform you what the keywords and their default values are. No
PH> amount of changing a line that starts with '#' will have any
PH> effect...

Good point.

PH> On Unix, you just need to restart the ssh daemon, and nothing in
PH> the system will modify your sshd_config file. I'm afraid I don't
PH> know about Windows (or Cygwin).

The system might be configured to start a new sshd instance on each
connection (e.g. from (x)inetd), in which case it would not be necessary
to restart anything. OS X is configured this way.

--
Richard Silverman
res@qoxp.net

ok followup time

I changed the sshd_config file so that the # comment symbol was not
infront of the passwordauthentication no line and tried it again

$ ssh localhost

i get an error now that says permission denied (public key , keyboard
interactive)

I know my keys are in the right place because if i change that line in
sshd_config back to passwordauthentication yes i can log in but not have
to enter a password. if i remove the keys to a dummy directory and try
to log in the server asks me for a password.

so in short the host knows and uses my public key when passwords are set
to yes

if keys are missing then host falls back to asking the password.

if the sshd_config file is set to not allow passwords it all fails no
matter if i have proper keys in the correct directory or not.

i feel like im missing something very fundamental to what im trying to do
but have not stumbled onto it yet. this config file seems very plain to
understand but the things i ask it to do just cause it to choke.

i have read a little about openssh and was wondering if there are any
experts out there and can vouch for it and or point to a good
configuration site. cygwin has me 99% of the way there but this last 1%
is driving my nuts. i would hate to jump ship on it now after all i have
learned but im tired of the brute force attacks on my host.

thanks again





Peter wrote in
news:Xns9734742E74ACAretrodoghotmailcom@216.168.3. 66:

> I am running the Cygwin SSHD server on a machine and have been seeing
> lots of attacks lately from all over the globe. so i generated a
> public / private key set and applied them correctly and now i connect
> properly using these new keys. i then went into the file "cygwin\etc
> \sshd_config" and set the following lines
>
> # To disable tunneled clear text passwords, change to no
> here! #PasswordAuthentication no
> #PermitEmptyPasswords no
>
> the attacks continued so i tried a test. i moved the keys i just
> generated to a dummy folder and then tried to connect to the machine
> hosting the server
>
> $ ssh localhost
>
> to my surprise it asked for a password
>
> so i went back to the file "cygwin\etc\sshd_config" and sure enough i
> find this
>
> # To disable tunneled clear text passwords, change to no
> here! #PasswordAuthentication yes <-------its still set to
> yes? #PermitEmptyPasswords no
>
> so i then looked at the folder holding the file and found that there
> are now 2 files "cygwin\etc\sshd_config" and "cygwin\etc\sshd_config~"
> the one with the ~ char at the end is owned by the loged in user and
> the one without the ~ char is owned by the system. the one owned by
> the system is the one where the password is still set to yes. every
> time i edit and save the file it creates a new file with more and more
> ~ chars at the end. what in the world is going on? i made sure to
> chmod 777 the file to edit it then chmoded it back to 644. nothing
> seems to work and in the mean time im getting massive attacks in the
> night from IP's all over the world. I have hardend my password and
> there not succeeding but it still is unnerving to see your security
> logs fill up like that
>
> am i going about it the wrong way trying to edit my "cygwin\etc
> \sshd_config" file? is there a command i need to run to make this
> change permenant?
>
> thanks in advance for the help