Re: (fedora) Re: sshd on F31 : strange problem with login with keys's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sam Varshavchik wrote on 26-NOV-2019 14:09:36.69

>Jouk Jansen writes:
>
>> Hi All,
>>
>> I'm trying to setup an ssh-server on F31 which logs a user in without a
>> password, but with a key-exchange. I generated all the keys and placed them
>> in the right locations. It still asks for the password.
>>
>> Than comes the strange : I stoped the service by "systemctl stop sshd" and
>> did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
>> and start with systemctl again made the passwordless login fail again)
>>
>> Question : why does is work with just running "/usr/sbin/sshd" but not with
>> "systemctl start sshd" ?
>
>Perhaps the actual command and set up, from sshd.service, will offer a clue:
>
>EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
>EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
>EnvironmentFile=-/etc/sysconfig/sshd
>ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
>
>That's what systemctl start sshd does.

/etc/crypto-policies/back-ends/opensshserver.config is the default file of
the system.

/etc/sysconfig/sshd-permitrootlogin does not exists (and we do not try to
logon as root anyway.

/etc/sysconfig/sshd : In this file the CRYPTO_POLICY= line is uncommented to
allow for more cyphers. (I try to connect from a machine with not the newest
cyphers (yes I know the risk))

It used to work on a F30 system, which crashed and is now fresh installed
with F31. Can it be that I have to add more cyphers to the
/etc/ssh/sshd_conf files? (the public key from the client machine starts
with : ssh-rsa)

           Regards
	       Jouk


Pax, vel iniusta, utilior est quam iustissimum bellum.
    (free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.)
     Epistularum ad Atticum 7.1.4.3)


               Touch not the cat bot a glove

>------------------------------------------------------------------------------<

  Jouk Jansen
		 
  joukj@xxxxxxxxxxxxxxxxxxxx

  Technische Universiteit Delft        tttttttttt  uu     uu  ddddddd
  Kavli Institute of Nanoscience       tttttttttt  uu     uu  dd    dd
  Nationaal centrum voor HREM              tt      uu     uu  dd     dd
  Lorentzweg 1                             tt      uu     uu  dd     dd
  2628 CJ Delft                            tt      uu     uu  dd     dd
  Nederland                                tt      uu     uu  dd    dd
  tel. 31-15-2782272                       tt       uuuuuuu   ddddddd

>------------------------------------------------------------------------------<
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux