[FC5] how to use public key login for ssh?
Man-Chi Leung
manchi.leung+news at gmail.com
Mon Jul 10 02:23:27 UTC 2006
thanks so much for your friends help.
i got it solved!! this is exactly bcos of the permission setting:
it works correctly after I did the following:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
thanks for all of you.
~manchi
On 2006-07-07 12:39:35 +0800, Todd Zullinger <tmz at pobox.com> said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Man-Chi,
>
>> sorry that I am a newbie to fedora FC5, I used to be in Solaris
>> environment.
>
> No need to be sorry. :)
>
>> i could not configure correctly for public key ssh login as I used
>> to do in Solaris.
>>
>> my step:
>>
>> 1) cat my public key and put in my $fedora_user/.ssh/authorized_keys
>
> What are the permissions on ~/.ssh and on ~/.ssh/authorized_keys?
> OpenSSH is particular about them and won't use the key if the
> permissions on the file or directory are too lax. I set ~/.ssh to 700
> and authorized_keys to 600 and ssh is happy.
>
>> 2) configure fedora's /etc/ssh/sshd_config, uncomment the following
>> 2 lines
>>
>> PubkeyAuthentication yes
>> AuthorizedKeysFile .ssh/authorized_keys
>
> It doesn't hurt, but you don't need to do this because the values
> specified in sshd_config are the defaults.
>
>> However, ssh login still prompts me for password.....
>
> What is the prompt? It may be a prompt for the password of your key,
> unless the key has no password (which is bad) or you are using the
> ssh-agent and have already added your key to the agent.
>
> - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
> ======================================================================
> If a government were put in charge of the Sahara Desert, within five
> years they'd have a shortage of sand.
> -- Dr. Milton Friedman
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (GNU/Linux)
> Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
>
> iG0EARECAC0FAkSt5YcmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
> ei5hc2MACgkQuv+09NZUB1p9IQCgxcTJic1bPJv5p3Yf5WJc+ssKhc8AoLHG8HOy
> utheLHkzDr2ntPpB0SyA
> =2d51
> -----END PGP SIGNATURE-----
More information about the fedora-list
mailing list