Results 1 to 6 of 6

Thread: ISO SSH tutorial (secure login part)

  1. #1
    Join Date
    Sep 2006
    Location
    Montréal Québec Canada
    Beans
    209
    Distro
    Ubuntu Development Release

    ISO SSH tutorial (secure login part)

    I am trying to remove the ability to login with password so, I follow the procedures I have found to generate a key, copy it on the server and after editing the sshd_conf file to set PasswordAuthentication to no, after I restart ssh, I find my self locked out of it....


    Can anyone help pls
    Ubuntu Québec Loco team
    Étudiant en certificat en informatique à l' UQAM

    Ubuntu 12.04 on Asus G73JW-A1

  2. #2
    Join Date
    Apr 2009
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ISO SSH tutorial (secure login part)

    Did you set the public key in the authorized_keys file in your user login ssh folder on the server? Also would you mind posting your sshd_config file here.
    Ubuntu Christian Edition chat on irc at server: OFTC/channel: #ubuntuCE
    BootInfoScript DualBooting
    Grub Grub2 MBR/GRUB
    Boot Info Script courtesy of community member meierfra and ghulselmans

  3. #3
    Join Date
    Sep 2006
    Location
    Montréal Québec Canada
    Beans
    209
    Distro
    Ubuntu Development Release

    Re: ISO SSH tutorial (secure login part)

    Quote Originally Posted by stlsaint View Post
    Did you set the public key in the authorized_keys file in your user login ssh folder on the server? Also would you mind posting your sshd_config file here.
    Here it is:

    Code:
    # Package generated configuration file
    # See the sshd_config(5) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768
    
    # Logging
    SyslogFacility AUTH
    LogLevel INFO
    
    # Authentication:
    LoginGraceTime 120
    PermitRootLogin no
    StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile	%h/.ssh/authorized_keys
    
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    # IgnoreUserKnownHosts yes
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    
    Subsystem sftp /usr/lib/openssh/sftp-server
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM yes
    Ubuntu Québec Loco team
    Étudiant en certificat en informatique à l' UQAM

    Ubuntu 12.04 on Asus G73JW-A1

  4. #4
    Join Date
    Sep 2006
    Location
    Montréal Québec Canada
    Beans
    209
    Distro
    Ubuntu Development Release

    Re: ISO SSH tutorial (secure login part)

    a simple ssh-add on local terminal fixed it
    Ubuntu Québec Loco team
    Étudiant en certificat en informatique à l' UQAM

    Ubuntu 12.04 on Asus G73JW-A1

  5. #5
    Join Date
    Apr 2009
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: ISO SSH tutorial (secure login part)

    You also will want to change the "PasswordAuthentication" option to NO.
    Ubuntu Christian Edition chat on irc at server: OFTC/channel: #ubuntuCE
    BootInfoScript DualBooting
    Grub Grub2 MBR/GRUB
    Boot Info Script courtesy of community member meierfra and ghulselmans

  6. #6
    Join Date
    Sep 2006
    Location
    Montréal Québec Canada
    Beans
    209
    Distro
    Ubuntu Development Release

    Re: ISO SSH tutorial (secure login part)

    It was set at yes so I could access it till it work As soon as I had access to it I changed it.
    Ubuntu Québec Loco team
    Étudiant en certificat en informatique à l' UQAM

    Ubuntu 12.04 on Asus G73JW-A1

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •