YA SSH newbie

Troy Piggins troy at piggo.com
Thu May 25 12:15:31 UTC 2006 

* GrepZen <ulist at gs1.ubuntuforums.org> :
> 
> 1st, Gentlemen, thank you for your time and efforts spent with this. 
> --it's greatly appreciated.
> 
> *Vram*, No, I did not install RSSH. Further, I've checked for its
> existance with negative results.
> 
> *Troy*, 
> 
> 1) RE: -/etc/ssh/sshd_conf-  I'm presuming that since
> *PasswordAuthentication yes* is commented out.. that the default is no.
> 
> Code:
> --------------------
>     # Change to no to disable tunnelled clear text passwords
> 
>   #PasswordAuthentication yes

So you changed it to "yes" and uncommented it?  While testing this is probably
easiest, but I strongly recommend once you get this set up and working, look
into public key authentication and change it back to no.  Passwords can be
discovered/dictionary attacked.

> 2) Upon initial review, both -/etc/hosts.deny- and -/etc/hosts.allow-
> had no active entries.
> 
> -- I've since modified -/etc/hosts.allow- and added the following two
> lines:
> 
> ALL:192.168.7.
> 
> ALL:LOCAL
> 
> After the changes in (2) above, I'm still getting the same response. 
> 
> "connection refused"

If there's nothing in /etc/hosts.deny about ssh, then should be fine.  I think.

> I've strippd all the comments from ~sshd_conf and  included it below.
> 
> Code:
> --------------------
>   Port 22
>   ListenAddress 192.139.7.9

Try with the above commented out.

>   Protocol 2
>   HostKey /etc/ssh/ssh_host_rsa_key
>   HostKey /etc/ssh/ssh_host_dsa_key
>   UsePrivilegeSeparation yes
>   KeyRegenerationInterval 3600
>   ServerKeyBits 768
>   SyslogFacility AUTH
>   LogLevel INFO
>   LoginGraceTime 120
>   PermitRootLogin yes

^^^^^^^^^^^^^^^^^^^^^^^
No.  Never permit root login.  You should never need to.  Normal user login and
sudo or su if needed.

>   StrictModes yes
>   RSAAuthentication yes
>   PubkeyAuthentication yes
>   IgnoreRhosts yes
>   RhostsRSAAuthentication no
>   HostbasedAuthentication no
>   PermitEmptyPasswords no
>   ChallengeResponseAuthentication no
>   X11Forwarding yes
>   X11DisplayOffset 10
>   PrintMotd no
>   PrintLastLog yes
>   KeepAlive yes
>   AcceptEnv LANG LC_*
>   Subsystem sftp /usr/lib/openssh/sftp-server
>   UsePAM yes

Try adding 

AllowUsers grepzen

or whatever username you have.

My sshd_config:

-----8<-----
$ cat /etc/ssh/sshd_config |grep ^[^\#]
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
AllowUsers troy
-----8<-----

Note that I don't use passwd logins, key only.

-- 
Troy Piggins
  ,-o    Ubuntu v5.10 (Breezy Badger): kernel 2.6.12-10-k7,
 o   )   postfix 2.2.4, procmail 3.22, mutt 1.5.11i,
  `-o    slrn 0.9.8.1/rt (score_color patch), vim 7.0

More information about the ubuntu-users mailing list