password authentication only - SSH

This is a discussion on password authentication only - SSH ; This must be a very elementary question, but my understanding of ssh is very limited. I want to connect from my laptop computer to my desktop while I'm traveling. Both boxes run Linux (kernel 2.6.x.). I only want password authentication. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: password authentication only

  1. password authentication only

    This must be a very elementary question, but my understanding of ssh is
    very limited.
    I want to connect from my laptop computer to my desktop while I'm
    traveling. Both boxes run
    Linux (kernel 2.6.x.). I only want password authentication.

    In the server /etc/ssh2/sshd2_config file I have the line
    AllowedAuthentications password
    and on the client (laptop) /etc/ssh2/ssh2_config file I have exactly
    the same line.

    Yet, when I try to connect I get the error message,

    %ssh2 emyl@xxx.xxx.xxx.xxx
    Host key not found from database.
    Key fingerprint:
    [ ... long fingerprint deleted ... ]
    You can get a public key's fingerprint by running
    % ssh-keygen -F publickey.pub
    on the keyfile.
    warning: tcsetattr failed in ssh_rl_set_tty_modes_for_fd: fd 1:
    Interrupted system call

    Obviously, I'm doing something wrong.

    One more piece of information: the server is behind a firewall, but the
    ssh port
    is open (obviously

    Any hints greatly appreciated !!

    Emyl


  2. Re: password authentication only


    > This must be a very elementary question, but my understanding of ssh is
    > very limited.
    > I want to connect from my laptop computer to my desktop while I'm
    > traveling. Both boxes run
    > Linux (kernel 2.6.x.). I only want password authentication.
    >
    > In the server /etc/ssh2/sshd2_config file I have the line
    > AllowedAuthentications password
    > and on the client (laptop) /etc/ssh2/ssh2_config file I have exactly
    > the same line.
    >
    > Yet, when I try to connect I get the error message,
    >
    > %ssh2 emyl@xxx.xxx.xxx.xxx
    > Host key not found from database.
    > Key fingerprint:
    > [ ... long fingerprint deleted ... ]
    > You can get a public key's fingerprint by running
    > % ssh-keygen -F publickey.pub
    > on the keyfile.
    > warning: tcsetattr failed in ssh_rl_set_tty_modes_for_fd: fd 1:
    > Interrupted system call
    >
    > Obviously, I'm doing something wrong.


    No; you're simply missing some information. SSH performs two
    authentications: first, the client identifies the server (to thwart
    spoofing and man-in-the-middle attacks), and after that, the server
    identifies the user (to determine access to requested account). You have
    required password-only for user authentication, but server authentication
    still uses publickey. It is possible to use other methods for server
    authentication as well, but it's much more involved. What you should do
    is simply accept the key (in a secure context, and/or checking the
    fingerprint); once that's done, your client will be able to verify that
    server in the future.

    General note: SRP would be great for this sort of thing, where Kerberos or
    PKI are overkill -- there used to be some patches for SRP in OpenSSH, but
    I don't know that status of that now.

    --
    Richard Silverman res@qoxp.net


+ Reply to Thread