Nathan Ollerenshaw wrote:
On 5/20/04 5:24 PM, "Edward" <edward@xxxxxxxxxxxxxxxxxxxx> wrote:
OK, I need some more clarification here please. After reading all the suggestions, I'd like to set up shared key authentication.
You mean, Public key authentication.
After reading mountains of stuff on the internet, I can't get this to work.
The client is PuTty if that makes a difference.
1> Used PuTtygen.exe to create a key pair with a pass phrase. 2> saved both keys into a folder on the client PC. 3> Copied the PUBLIC key to $HOME/.ssh/authorized_keys on the ssh server (FC1 with all updates).
Make sure that the public key is in the format
ssh-rsa [key string] <comment - usuall user@host>
I know puttygen will by default create a different style key, you can manually convert it to the format above. It needs to be on one line.
Also, make sure ~/.ssh is mode 0700 and authorized_keys is 0600. Other permissions can cause problems (not sure if this is the case these days, but I do it anyway because you don't want other people looking in your .ssh dir anyway).
One virtual beer for you Nathan - I got it working on my test server here. Sweet.
I now have it set up so without a key, you cannot get in over the net - exactly what I wanted.
I now also need the key for getting in locally, however, I don't have a problem with that.
Just out of curiosity though - can the configuration be set so that local users don't need a key, but over the net you do? Just thinking about the headless set-ups I have around the place for which I've taught the users how to shutdown or restart the server via ssh. Just thinking another thing to remember will most definitely confuse them.
I somehow doubt it - as it is the .ssh/authorized_keys that controls this behaviour, but I thought I'd ask.
Regards, Ed.