Public Key Login Problems - SSH

This is a discussion on Public Key Login Problems - SSH ; Hi all, Probably a really simple problem, but I can't figure it out. I'm trying to allow NetBeans to connect to a CVS repository on a Windows server using ssh. The only way that NetBeans can do this is if ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Public Key Login Problems

  1. Public Key Login Problems

    Hi all,

    Probably a really simple problem, but I can't figure it out. I'm
    trying to allow NetBeans to connect to a CVS repository on a Windows
    server using ssh. The only way that NetBeans can do this is if I use
    public key authentication and bypass the password requirement for ssh.


    I created public/private keys using the ssh-keygen -t rsa
    command (with no password). I then appended the public key to the
    server's authorized_keys file. From what I understand, this should
    allow me to connect securely without having to type a password, but
    alas, it doesn't. Every time I try to connect it asks for my password.

    What gives and how do I fix it?


  2. Re: Public Key Login Problems

    Matt wrote:
    > Hi all,
    >
    > Probably a really simple problem, but I can't figure it out. I'm
    > trying to allow NetBeans to connect to a CVS repository on a Windows
    > server using ssh. The only way that NetBeans can do this is if I use
    > public key authentication and bypass the password requirement for ssh.
    >
    >
    > I created public/private keys using the ssh-keygen -t rsa
    > command (with no password). I then appended the public key to the
    > server's authorized_keys file. From what I understand, this should
    > allow me to connect securely without having to type a password, but
    > alas, it doesn't. Every time I try to connect it asks for my
    > password.
    >
    > What gives and how do I fix it?


    Install the Putty software bundle, available from links at www.openssh.com,
    and use the "Pageant" tool to manage live SSH keys. Then look up the public
    notes on Pagent and CVS and SSH.



  3. Re: Public Key Login Problems


    Matt wrote:
    [snip]
    > I then appended the public key to the server's authorized_keys file.

    [snip]

    There's no server's authorized keys, is the user's authorized keys in
    ~/.ssh and make sure you have the default configuration on the server
    for this, i.e. "grep authorized_k /etc/sshd_config" should return a
    commented out default or the possibly changed name of the file.

    HTH
    --
    René Berber


  4. Re: Public Key Login Problems

    >>>>> "RB" == René Berber writes:

    RB> Matt wrote: [snip]
    >> I then appended the public key to the server's authorized_keys
    >> file.

    RB> [snip]

    RB> There's no server's authorized keys, is the user's authorized keys
    RB> in ~/.ssh...

    Since the file is on the *server* machine, and read by the SSH *server*, I
    think calling it the server's authorized_keys file is perfectly correct.
    The file exists per account, but he didn't imply otherwise.

    --
    Richard Silverman
    res@qoxp.net


  5. Re: Public Key Login Problems


    René wrote:

    > [snip]
    > There's no server's authorized keys, is the user's authorized keys in
    > ~/.ssh and make sure you have the default configuration on the server
    > for this, i.e. "grep authorized_k /etc/sshd_config" should return a
    > commented out default or the possibly changed name of the file.


    Something else I forgot to say, check the permissions on the file and
    the directory, sshd does not use (or trust) the keys if the file is not
    secured (the man page says it's only a recommendation, but if you set
    it world writable sshd will not use it); I have read/write only by
    owner and the .ssh directory is read/write/execute only by owner.
    --
    René Berber


  6. Re: Public Key Login Problems

    On 2006-08-24, René Berber wrote:
    > Something else I forgot to say, check the permissions on the file and
    > the directory, sshd does not use (or trust) the keys if the file is not
    > secured (the man page says it's only a recommendation, but if you set
    > it world writable sshd will not use it);


    ....unless the server has StrictModes set to "no".

    > I have read/write only by
    > owner and the .ssh directory is read/write/execute only by owner.


    FWIW the sshd(8) man page is now a lot more specific about this:

    http://www.openbsd.org/cgi-bin/man.cgi?query=sshd

    ~/.ssh/authorized_keys
    Lists the public keys (RSA/DSA) that can be used for logging in
    as this user. The format of this file is described above. The
    content of the file is not highly sensitive, but the recommended
    permissions are read/write for the user, and not accessible by
    others.

    If this file, the ~/.ssh directory, or the user's home directory
    are writable by other users, then the file could be modified or
    replaced by unauthorized users. In this case, sshd will not al-
    low it to be used unless the StrictModes option has been set to
    ``no''. The recommended permissions can be set by executing
    ``chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys''.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread