FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-25-2008, 05:15 AM
Nathaniel Homier
 
Default First time ssh user needs help, getting authentication failures

So I aptitude ssh and set it up according to this document:
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s5.1


I get authentication failures. I am using Etch completely updated on my
home computer and was using the Ubuntu 8.04 live CD at my mothers house.
coming home and checking auth.log it said "Invalid user ubuntu". On
the live cd at my mothers house I used $ssh
username@sub-domain.domain.org, where username is my username on my home
computer. I am looking to set up ssh to require a username and password
on my home computer but I am open to new ideas if they are secure. I'll
put my sshd_config and ssh_config on my home computer below. Any
recomendations on how to set up the files on a live cd, soon to be a
debian live cd.


sshd_config
AllowUsers not-telling ref not-telling@sub-domain.domain.*
# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port not-telling
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
ListenAddress 192.168.not-telling
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication

#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

ssh_config

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
ForwardAgent no
ForwardX11 no
ForwardX11Trusted no
RhostsRSAAuthentication no
RSAAuthentication no
PasswordAuthentication no
HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
Port not-telling
Protocol 2
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-26-2008, 12:15 AM
Nathaniel Homier
 
Default First time ssh user needs help, getting authentication failures

Rafael Fontenelle wrote:
2008/4/25, Nathaniel Homier <nathaniel.homier@bresnan.net
<mailto:nathaniel.homier@bresnan.net>>:


So I aptitude ssh and set it up according to this document:
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s5.1

I get authentication failures. I am using Etch completely updated
on my home computer and was using the Ubuntu 8.04 live CD at my
mothers house. coming home and checking auth.log it said "Invalid
user ubuntu". On the live cd at my mothers house I used $ssh
username@sub-domain.domain.org
<mailto:username@sub-domain.domain.org>, where username is my
username on my home computer. I am looking to set up ssh to require
a username and password on my home computer but I am open to new
ideas if they are secure. I'll put my sshd_config and ssh_config on
my home computer below. Any recomendations on how to set up the
files on a live cd, soon to be a debian live cd.

Hi Nathaniel.

Normally, when sshd returns Invalid user it means that this user doesn't
exist. Wasn't this "invalid user ubuntu" an attempt you made with wrong
username?
And did you try just running 'ssh [computer host and domain]' and then
insert the user when asked?


Try some stuffs and send us the ssh client output when failed connecting.

Cheers,

Rafael


Well I was trying to setup key based authentication and I figured it out
I think. The rsa.pub key has to go into authorized_keys, and then I was
using a live cd and failed to generate the key and at any rate I had no
way to copy the key with password auth turned off. I also should
mention that I got rsa to work for the localhost. It looks to be a real
drag for non local servers and I think I may just use password auth
instead as that way I don't have to bother with key transport, otherwise
I think I would have to setup password auth anyway to allow me to copy
the key to the other server. With password auth all I need it the IP or
domain and I can just call ahead to get those for Allowuser parameter.
Another thing I did was to setup and install denyhosts package.
Denyhosts is really great for sshd setup with password auth.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:27 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org