Re: (fedora) Re: sshd on F31 : strange problem with login with keys's - users - Fedora mailing-lists

26 Nov 2019


      Sam Varshavchik wrote on 26-NOV-2019 14:09:36.69
...
Jouk Jansen writes:
...
Hi All,
I'm trying to setup an ssh-server on F31 which logs a user in without a
password, but with a key-exchange. I generated all the keys and placed them
in the right locations. It still asks for the password.
Than comes the strange : I stoped the service by "systemctl stop sshd" and
did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
and start with systemctl again made the passwordless login fail again)
Question : why does is work with just running "/usr/sbin/sshd" but not with
"systemctl start sshd" ?
Perhaps the actual command and set up, from sshd.service, will offer a clue:
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
That's what systemctl start sshd does.
/etc/crypto-policies/back-ends/opensshserver.config is the default file of
the system.
/etc/sysconfig/sshd-permitrootlogin does not exists (and we do not try to
logon as root anyway.
/etc/sysconfig/sshd : In this file the CRYPTO_POLICY= line is uncommented to
allow for more cyphers. (I try to connect from a machine with not the newest
cyphers (yes I know the risk))
It used to work on a F30 system, which crashed and is now fresh installed
with F31. Can it be that I have to add more cyphers to the
/etc/ssh/sshd_conf files? (the public key from the client machine starts
with : ssh-rsa)
Regards
           Jouk
Pax, vel iniusta, utilior est quam iustissimum bellum.
    (free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.)
     Epistularum ad Atticum 7.1.4.3)
Touch not the cat bot a glove
...
------------------------------------------------------------------------------<
Jouk Jansen
    	 
  joukj@hrem.nano.tudelft.nl
Technische Universiteit Delft        tttttttttt  uu     uu  ddddddd
  Kavli Institute of Nanoscience       tttttttttt  uu     uu  dd    dd
  Nationaal centrum voor HREM              tt      uu     uu  dd     dd
  Lorentzweg 1                             tt      uu     uu  dd     dd
  2628 CJ Delft                            tt      uu     uu  dd     dd
  Nederland                                tt      uu     uu  dd    dd
  tel. 31-15-2782272                       tt       uuuuuuu   ddddddd
...
------------------------------------------------------------------------------<