search for: sshd_conf

?Hola! [Please keep me in the Cc: list, i amn't subscribed to the list] (From ftp://ftp.plig.org/pub/OpenBSD/OpenSSH/portable/openssh-2.2.0p1-vs-openbsd.diff.gz) --- ssh-openbsd-2000090200/sshd_config Tue Aug 8 16:55:05 2000 +++ openssh-2.2.0p1/sshd_config Wed Aug 30 09:40:09 2000 @@ -2,7 +2,7 @@ Port 22 #Protocol 2,1 -#ListenAddress 0.0.0.0 +ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh_host_key ServerKeyBits 768 ---- Why? If there's no ListenAddress ssh listens on all...

...ub tester at 192.168.0.2:.ssh [192.168.0.2 $] cat .ssh/id_dsa.pub >> .ssh/authorized_keys [192.168.0.2 $] chmod 700 .ssh [192.168.0.2 $] chmod 600 .ssh/authorized_keys [192.168.0.4 $] ssh id at 192.168.0.2 Permission denied (publickey). But with password, I can connect to 192.168.0.2. The sshd_conf is as follows; 192.168.0.4(centos 5.2) sshd_conf: Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key SyslogFacility AUTHPRIV #LogLevel INFO RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no ChallengeResp...

Well, I seem to have resolved most of this. In the end I had to create a separate logical link for the chrooted users' home directories that pointed back to their actual directory. It sounds confusing because it is. I first tried this in sshd_conf ChrootDirectory %h and in ~/%h I had created the following mount points: bin dev etc lib lib64 tmp usr Upon which I had hung mounts to directories containing the chroot reduced functionality. mount --bind /path/to/chroot/bin bin However, that did not work. I next tried this: ChrootD...

.... We have set up sshd (OpenSSH server) on the machine. We have placed ssh keys into each user's home directory that needs to access the system (and they work). We want to disable everyone from logging in, using a password, utilizing ssh keys only to access the system. I have modified /etc/ssh/sshd_conf to have these settings: ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no I then restarted the ssh daemon (/etc/init.d/sshd restart), but it still allows the user to login using their password. What am I missing? Searching google, only turned up the changes that I...

...I also want to be able to ssh as root with a required password to do whatever I like. So I thought that in addition to root, I'd make a rootback account: root:x:0:0:root:/root:/bin/bash rootback:x:0:0:root:/root:/bin/bash (Entries in /etc/shadow are required for both, turns out.) In sshd_conf I have this Match User rootback PermitRootLogin yes ForceCommand /root/bin/dobackup Match User root PermitRootLogin yes Match When I ssh -l rootback host whatever it runs the dobackup script. However, when I run ssh -l root host date it logs me in...

Hello We have successfully set up Red Hat Enterprise Linux ES4 and we are now trying to connect remote clients to connect to it. The problems we are having are as follows: a) If we set connect with telnet, we get the login prompt. If we use any valid login name & password combination (including root), we get the response "Login incorrect" and then the login prompt comes back. How

I've been getting a few locked sessions (unable to ctrl-c, ctrl-z it) with the message: Hm, dispatch protocol error: type 20 plen 136 I've never seen this message before openssh-SNAP-2000082900, and it's only happened when connected to SSH 2.3.0, from openssh-SNAP-2000082900. Both machines are mips-sgi-irix6.5. Anybody care to explain what it means? Is it a known bug? -jf

Hi all: I have recentely update to openssh3.7.1p2, the my pam authentication broken. I have followed the advice to modify my configuration file sshd_conf and set UsePAM yes PasswordAutentication no ChallengeResponseAuthentication yes but it still doesn't work.I have modified pam.conf to this. sshd auth requiste pam_authtok_get.so.1 sshd auth required pam_dhkeys.so.1 sshd auth sufficient...

Hello, I have a question. Why do I have pam_close_session with every user but not with root? Can I configure this in sshd_conf? Best regards Karl-Heinz Delzeit

Hi, As I understand the "ForceCommand" in the sshd_confing file is meant to ignore any command supplied by the client, but if user's home is shared by server and client machines over network (ex. NFS) then user can still put something else into ~/.ssh/rc file and overcome this limitation. Is it possible to disable execution of the ~/.ssh/rc file in...

HI: I tried to deploy a SFTP server with chroot but when i tried to connnect the client send the next error: Write failed: Broken pipe Couldn't read packet: Connection reset by peer The sshd_conf file is the next: ------------------------------------------------------------------- # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind...

...ar 22, 2008, at 3:32 PM, openssh-unix-dev-request at mindrot.org wrote: > Date: Thu, 20 Mar 2008 18:19:02 -0400 > From: "Mikhail Terekhov" <termim at gmail.com> > Subject: ForceCommand and ~/.ssh/rc > > Hi, > > As I understand the "ForceCommand" in the sshd_confing file is > meant to > ignore any command supplied by the client, but if user's home is > shared by > server and client machines over network (ex. NFS) then user can > still put > something else into ~/.ssh/rc file and overcome this limitation. Is it > possible to di...

Hello. I'm not 100% sure if this is a configuration error on my side or a 'bad idea' on sshd/FreeBSD sides. A remote root ssh connection to a FreeBSD 4.10 server (with no remote root access) will allow you to 'work out' the root password. However, if you try the same against 5.2.1 FreeBSD, you have little chance. The following are pretty clear examples. If this is a config

Hi guys. Anybody has seen something like this from 'ssh' and care to comment? -> $ ssh 10.0.1.6 (root at 10.0.1.6) Password: client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0: error in libcrypto I have virtually identical c8 Stream boxes and only one gives out this message. I regen keys but that changed nothing. many thanks, L.

http://bugzilla.mindrot.org/show_bug.cgi?id=185 ------- Additional Comments From koenig at science-computing.de 2002-03-27 01:28 ------- I found a possible workaround for my problem: adding X11UseLocalhost no in sshd_conf for HP-UX 10.20 avoids the X11-forwarding problems. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hello: Can anyone show me direction on how to config the sshd_conf and ssd_conf file so that I can remotely login to other machine without typing any password (for root user)? I am using the openssh as default in Red Hat 7.3. I have set the machine IP/user name in the files: /root/.shosts, /etc/ssh/shosts.equiv, /etc/hosts.equiv. But it is still fail! Thanks a l...

...0; } I guess that the forked child process that calls the sshpam_cleanup() function is forked before the parent calls do_pam_session() (which sets sshpam_session_open to true). pam_close_session() will be invoked by removing surrounding if-statement. Is this a bug? My changes to the default sshd_conf are: 72c72 < UsePAM yes --- > #UsePAM yes 83c83 < UsePrivilegeSeparation no --- > #UsePrivilegeSeparation yes 96c96 < #Subsystem sftp /local/libexec/sftp-server --- > Subsystem sftp /local/libexec/sftp-server By the way: This is a bug in the documentation: The d...

...cleanup 0x33ecc(0x0) It seems that it doesn't "recognise" correctly SSH 2 and that the 'path' to the keys (public & private) are wrong. I've also noticed that it seems to skip completely the file "authorized_keys" even I specify it "as it is" in sshd_conf! I didn't finish completely the tests but apparently it's working fine with OpenSSH rel. < 3. Thanks in advance and do not hesitate if you need more informations. Kind Regards, S.G. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are wa...

...~/.ssh/authorized_keys file has about 15000 entries. With about 300 characters per line I'd get 4,5 MB of data. I believe that this length of file could lead to performance issues; so I'm looking for solutions. I already saw the possibility of using "%u" or "%h" in sshd_conf/AuthorizedKeysFile; but that's system-wide and not for this one user. And %u wouldn't differentiate between my users, as the target-user is always the same. One solution would be to have a %2p, which would take 2 characters of the public-key (preferably the last two - the first two won&...

> > On Mar 22, 2008, at 3:32 PM, Chris Wilson wrote: > > > >> As I understand the "ForceCommand" in the sshd_confing file is meant to > >> ignore any command supplied by the client, but if user's home is shared > >> by server and client machines over network (ex. NFS) then user can > >> still put something else into ~/.ssh/rc file and overcome this > >> limitation. Is it...