0

The last day or so, I've been trying to figure out how to setup SSH on my Slackware box with public/private keys.

Somethings still confuses me:

  • In the sshd_config file, should I use a relative reference or an absolute reference when setting the path for the AuthorizedKeysFile directive? I've read that it can be either or.

    Currently set to, AuthorizedKeysFile /root/.ssh/authorized_keys

  • I'm pretty sure that when generating a key through ssh-keygen it should be generated on the client machine and the public key should be copied to the server and added into the authorized_keys file. Is this correct?

  • I'm pretty sure that the permissions to the .ssh directory and authorized_keys file are correct.

    drw------- .ssh
    drwx--x--- authorized_keys
    -rw----r-- known_hosts

  • I've done a ps -e aux | grep sshd to see what user was running the sshd process. Here are the results: moros is a standard user account that i'm using to log into my box.

    root 5449 0.0 0.0 4112 0980 ? Ss 01:06 0:00 /usr/sbin/sshd
    root 5574 0.0 0.1 6700 2020 ? Ss 15:22 0:00 sshd: moros [priv]
    root 5576 0.0 0.0 6700 1272 ? S 15:22 0:00 sshd: moros@pts/0
    root 5609 0.0 0.0 2204 0628 pts/0 S+ 15:42 0:00 grep sshd

  • Here's what part of my sshd_config looks like

    Port 22
    Protocol 2

    SyslogFacility AUTH
    LogLevel VERBOSE

    PermitRootLogin yes
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile /root/.ssh/authorized_keys

    PasswordAuthentication yes
    PermitEmptyPasswords no

    The rest of it is standard default values.

Anyway, there are a few things that I've been able to determine so far. I know that ssh is working because I can login from a client machine with a password for a valid user on the slackware machine. I've generated a ssh-keygen rsa style and copied the pub key to the server using scp. At the moment, I'm pretty sure that the authorized_keys is setup correctly. I did a cat file >> authroized_keys and added the pub key that I copied to the server. The file has the form of ssh-rsa AAAAB3Nza..... for each line. I turned on VERBOSE logging to get as much information as possible. Last night, I saw in the log, "Failed publickey for moros from 'ip' port 'num' ssh2.

With that log message, I'm boiling the cause of the issue down to one of two things. Either sshd can not find my authorized_keys file and thus the reason for the failure of the key or that the permissions to either the .ssh folder or the authorized keys file are incorrect.

Has anyone run into similar problems with ssh keys and slackware in the past?

UPDATE

As it turns out, the AuthorizedKeysFile directive should state, .ssh/authorized_keys.
This now works when i login as some other than root.

4

1 回答 1

0

With AuthorizedKeysFile /root/.ssh/authorized_keys, you are telling sshd to go look for the key in /root/.ssh/authorized_keys for whomever is trying to connect. That can't work for anyone else than root. You should stick to the default of ~/.ssh/authorized_keys

The key pair can be generated anywhere. Simply, the public key should be present on the server to which you want to connect, and the private key on the client form which you are connecting.

The permissions are pretty messed up. They should look like:

drwx------- .ssh
-rw------- authorized_keys
-rw-r--r-- known_hosts

authorized_keys should be a file, not a directory.

Also, make sure the permission of the private key are be -rw-------.

于 2013-11-29T22:21:56.227 回答