making sshd require keys

Hi there,

Can somebody please put me out of my misery please!?!

I want to make sshd use keys for authentication, and to disable logins
without a key. How do I do this?

Thanks
Allan


--
Allan Bruce
Dept. of Computing Science
University of Aberdeen
Aberdeen AB24 3UE
Scotland, UK

Allan Bruce <(E-Mail Removed)> wrote:
>
> I want to make sshd use keys for authentication, and to disable logins
> without a key. How do I do this?

Read the parts of the sshd_config manpage about PasswordAuthentication
and PubkeyAuthentication.

--
Jeremy A. Gray
(E-Mail Removed)

"Remember the Pueblo." -- the Fourth Law of Marvin

"Jeremy Gray" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Allan Bruce <(E-Mail Removed)> wrote:
> >
> > I want to make sshd use keys for authentication, and to disable logins
> > without a key. How do I do this?
>
> Read the parts of the sshd_config manpage about PasswordAuthentication
> and PubkeyAuthentication.
>
> --
> Jeremy A. Gray
> (E-Mail Removed)
>
> "Remember the Pueblo." -- the Fourth Law of Marvin

I think I have it requiring a key, when I try from putty it says

"login as: allan
Sent username "allan"
Trying public key authentication.
Key is of wrong type (PuTTY SSH2 private key)
allan@kes's password:"

It now wont let me in with just the password which is good ( I get "Access
denied"). I think the key needs to be converted. I tried
ssh-keygen -i > kes_private.openssh
and it looks as though it worked but still get the message warning of wrong
type. Do I need to change the key on the client side aswell? Or what do I
have to do to get it working?
Thanks
Allan

On Wed, 8 Oct 2003 22:50:43 +0100, Allan Bruce <(E-Mail Removed)> wrote:
>
> "Jeremy Gray" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Allan Bruce <(E-Mail Removed)> wrote:
>> >
>> > I want to make sshd use keys for authentication, and to disable logins
>> > without a key. How do I do this?
>>
>> Read the parts of the sshd_config manpage about PasswordAuthentication
>> and PubkeyAuthentication.

I believe that for Putty, you have to use its puttygen.exe to generate its
key (at least that is what I did) then transfer its authorized_keys.txt to
Linux and to append it to your authorized_keys:

cat authorized_keys.txt >> ~/.ssh/authorized_keys

Then it should show up in your authorized_keys file as a line beginning
with 1024 and ending with rsa-key-<digits>

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

Allan Bruce <(E-Mail Removed)> wrote:
>
> I think I have it requiring a key, when I try from putty it says
>
> login as: allan
> Sent username "allan"
> Trying public key authentication.
> Key is of wrong type (PuTTY SSH2 private key)
> allan@kes's password:
>
> It now wont let me in with just the password which is good ( I get "Access
> denied"). I think the key needs to be converted. I tried
> ssh-keygen -i > kes_private.openssh
> and it looks as though it worked but still get the message warning of wrong
> type. Do I need to change the key on the client side aswell? Or what do I
> have to do to get it working?

The keys must be in the correct format and location. You generate a key
pair on the client machine and then upload the public key to the server
to which you wish to connect. The private key remains on the client and
should never be uploaded anywhere. openssh expects keys in its format,
and I believe putty has an option to convert a putty public key to
openssh's format. The openssh ssh-keygen can clearly convert formats,
but I don't know if it will convert a putty key as I've never tried.

There are also issues with configuring the ssh clients and servers to
use the correct key, but that's a lot of information covering many
possibilities and is best found in a ssh howto or the ssh manpages.
For openssh, you put your public keys (one per line) into
~/.ssh/authorized_keys on the server.

--
Jeremy A. Gray
(E-Mail Removed)

"Remember the Pueblo." -- the Fourth Law of Marvin

"David Efflandt" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 8 Oct 2003 22:50:43 +0100, Allan Bruce <(E-Mail Removed)>
wrote:
> >
> > "Jeremy Gray" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Allan Bruce <(E-Mail Removed)> wrote:
> >> >
> >> > I want to make sshd use keys for authentication, and to disable
logins
> >> > without a key. How do I do this?
> >>
> >> Read the parts of the sshd_config manpage about PasswordAuthentication
> >> and PubkeyAuthentication.
>
> I believe that for Putty, you have to use its puttygen.exe to generate its
> key (at least that is what I did) then transfer its authorized_keys.txt to
> Linux and to append it to your authorized_keys:
>
> cat authorized_keys.txt >> ~/.ssh/authorized_keys
>
> Then it should show up in your authorized_keys file as a line beginning
> with 1024 and ending with rsa-key-<digits>
>

My PuttyGen didnt create an authorized_keys.txt (
Do I have to specify this somewhere? I couldnt find it anywhere though. I
tried converting some keys to OpenSSH format and SSH2 format, but still get
"wrong type" error
Allan