Re: SSH on Fedora 16

Reindl Harald <h.reindl@xxxxxxxxxxxxx> · Fri, 23 Dec 2011 17:35:56 +0100



Am 23.12.2011 17:21, schrieb Daniel Bossert:
> On 12/23/2011 05:11 PM, Reindl Harald wrote:
>> Am 23.12.2011 17:07, schrieb Daniel Bossert:
>>> # Change to no to disable s/key passwords
>>> #ChallengeResponseAuthentication yes
>>> ChallengeResponseAuthentication no
>> so why are you doing this if you want password-login?
> I know I had e mess... I changed to yes; even though it isn't working...

well, i read from top to post and stop after the first error

Dec 23 17:01:59 merkur sshd[9744]: error: Could not get shadow information for daniel

privude output of the follwoing commands:
cat /etc/shadow | grep daniel
cat /etc/passwd | grep daniel
stat /etc/shadow
stat /etc/passwd
______________________________________________

for ssh permissions are very important
if they are messed up and too open it refuses

/etc/passwd
Zugriff: (0644/-rw-r--r--)

/etc/shadow
Zugriff: (0400/-r--------)
______________________________________________

however - this is a working sshd-config with password AND
key-authentication, root allowed only with key and copied
from a production server changed to your username in the
allowed list

this is a CLEANED configuration without millions of
comments and nor random values by default

Port                            22
Protocol                        2
AddressFamily                   inet
ListenAddress                   0.0.0.0
SyslogFacility                  AUTHPRIV
PasswordAuthentication          yes
ChallengeResponseAuthentication yes
GSSAPIAuthentication            no
GSSAPICleanupCredentials        no
X11Forwarding                   no
RSAAuthentication               yes
PubkeyAuthentication            yes
PermitEmptyPasswords            no
PermitRootLogin                 without-password
AllowGroups                     root users
AllowUsers                      root daniel
IgnoreRhosts                    yes
HostbasedAuthentication         no
RhostsRSAAuthentication         no
StrictModes                     yes
UseDNS                          no
AllowTcpForwarding              no
TCPKeepAlive                    yes
KeepAlive                       yes
ClientAliveCountMax             10
ClientAliveInterval             20
UsePrivilegeSeparation          yes
Compression                     yes
UsePAM                          yes
LoginGraceTime                  45
MaxAuthTries                    5
MaxStartups                     25
AuthorizedKeysFile              .ssh/authorized_keys
AcceptEnv                       LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv                       LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv                       LC_IDENTIFICATION LC_ALL
Subsystem                       sftp internal-sftp

Attachment:
signature.asc

Description: OpenPGP digital signature
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org