Alexander Dalloz wrote:
Am Fr, den 08.07.2005 schrieb Michael Yep um 22:03:
Don't top-post, please.
I was under the impression that with this setup I would not have to
enter a password
No, it requests to enter the pubkey passphrase.
Enter passphrase for key '/cygdrive/c/Documents and
Settings/myep/.ssh/id_rsa':
Ctrl-C
Notice how it trys publickey auth and then it fails, and then tries
password auth.
Can you mark the line where you see that? I frankly don't see that.
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/identity (0x0)
debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/id_rsa
(0x100e9c40)
debug2: key: /cygdrive/c/Documents and Settings/myep/.ssh/id_dsa (0x0)
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug3: start over, passed a different list
publickey,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Documents and
Settings/myep/.ssh/identity
debug3: no such identity: /cygdrive/c/Documents and
Settings/myep/.ssh/identity
debug1: Offering public key: /cygdrive/c/Documents and
Settings/myep/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp
a9:b1:ac:29:22:15:54:47:2d:f0:42:12:78:39:df:cb
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
If you want to disable password auth as a fallback method you must
disable that method in sshd_config.
And please: don't use passphrase-less public keys! That has a security
drawback. Use ssh-agent for not often entering the passphrase during a
desktop session.
Alexander
Ok I'm not sure what Top Posting means, but I guess I'll try down here.
taken from this website
http://www.penguinsecurity.net/pensec/modules.php?name=News&file=article&sid=256
The goal of using Identity/Pubkey authentication is to remove the need
for static passwords. Instead of providing a password, which could be
captured by a keystroke logger or witnessed as you type it, you have a
key pair on your disk that you use to authenticate. Your account on the
SSH server has a list of Identities/Pubkeys that it trusts, and if you
can prove you have the public and private key then you are granted
access without supplying a password.
Some of the nice features of this form of authentication are:
* No one can shoulder-surf your password and log in to your accounts
- they'd need both your Identity passphrase and the private key
from your machine.
* The server administrator could disable password authentication
entirely, to prevent password guessing attacks.
* You can use the |ssh-agent| and SSH agent forwarding to have your
authentication credentials 'follow' you.
* You can place restrictions on Identities/Pubkeys, for example
forbidding port forwards, forcing predetermined commands,
regardless of what the user wanted to run, and more.
In this week's article we'll show how you create keys and configure your
account to allow them to log in. In later articles we'll go into some of
the other capabilities of SSH identities.
Am I misunderstanding this article? I would like to run rsync jobs via
cron, and not require a password
--
Michael Yep
Development / Technical Operations
RemoteLink, Inc.
(630) 983-0072 x164
