SSH on Fedora 16
Reindl Harald
h.reindl at thelounge.net
Fri Dec 23 16:35:56 UTC 2011
Am 23.12.2011 17:21, schrieb Daniel Bossert:
> On 12/23/2011 05:11 PM, Reindl Harald wrote:
>> Am 23.12.2011 17:07, schrieb Daniel Bossert:
>>> # Change to no to disable s/key passwords
>>> #ChallengeResponseAuthentication yes
>>> ChallengeResponseAuthentication no
>> so why are you doing this if you want password-login?
> I know I had e mess... I changed to yes; even though it isn't working...
well, i read from top to post and stop after the first error
Dec 23 17:01:59 merkur sshd[9744]: error: Could not get shadow information for daniel
privude output of the follwoing commands:
cat /etc/shadow | grep daniel
cat /etc/passwd | grep daniel
stat /etc/shadow
stat /etc/passwd
______________________________________________
for ssh permissions are very important
if they are messed up and too open it refuses
/etc/passwd
Zugriff: (0644/-rw-r--r--)
/etc/shadow
Zugriff: (0400/-r--------)
______________________________________________
however - this is a working sshd-config with password AND
key-authentication, root allowed only with key and copied
from a production server changed to your username in the
allowed list
this is a CLEANED configuration without millions of
comments and nor random values by default
Port 22
Protocol 2
AddressFamily inet
ListenAddress 0.0.0.0
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication yes
GSSAPIAuthentication no
GSSAPICleanupCredentials no
X11Forwarding no
RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
PermitRootLogin without-password
AllowGroups root users
AllowUsers root daniel
IgnoreRhosts yes
HostbasedAuthentication no
RhostsRSAAuthentication no
StrictModes yes
UseDNS no
AllowTcpForwarding no
TCPKeepAlive yes
KeepAlive yes
ClientAliveCountMax 10
ClientAliveInterval 20
UsePrivilegeSeparation yes
Compression yes
UsePAM yes
LoginGraceTime 45
MaxAuthTries 5
MaxStartups 25
AuthorizedKeysFile .ssh/authorized_keys
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
Subsystem sftp internal-sftp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20111223/378cb29d/attachment.sig>
More information about the users
mailing list