I did some more testing and managed to get it to work. Seems to have just been a permissions issue on the .ssh folder. The ftp server uses rssh so users get chrooted into their home directories and using sftp/ssh for data transfer. One thing I'm not sure of, is the issue of generating keys with empty passphrases. According to my tests, the client has to generate a keypair using empty passphrases, otherwise they get prompted for a passphrase at login. What I want to achieve is for only one client to be able to sftp via a script of some sort, and such that they "automatically" authenticate (no password/passphrase prompt). My current solution is for the client to generate the keypair, provide me with the generated public key, which I then add to the client's .ssh folder in their home directory as a file called authorized_keys. Am I on the right track, or am I still maybe missing something? Would appreciate any advice, as obviously the security aspect is of great importance. Thanks. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Steve Phillips Sent: 22 March 2008 15:08 To: Scott Ruckh; General Red Hat Linux discussion list Subject: Re: host keys authentication Scott Ruckh wrote: [snipped bits] > Are you saying the client is going to be using SFTP and/or SCP and you > would like to use Public Key Authentication (PKA) with no password? Or > are you trying to use FTP/s or something entirely different? What are > the clients, and what are the client platforms that will need to be > supported? > > If you are trying to implement SFTP/SCP with PKA you might take a look > at http://www.pizzashack.org/rssh/ or > http://olivier.sessink.nl/jailkit/. I successfully implemented both for > setting up accounts for SFTP/SCP only access along with PKA for > password-less logins. > Also, the latest version of sshd (which may not be the RHEL 5 version) also apparently supports chroot jails for sftp, which it didn't in the past, you may want to look into upgrading sshd completely. afaik, the only versions of shhd that supported chroot jails for users were the commercial ones before this. one thing to be aware of when using public key authing is that the permissions are very strict, check that the only person with access to the .ssh directory is the user themselves. (also, don't permit empty passwords, very bad idea) HTH, -- Steve. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list