From: Can E. Acar (can.acar@pro-g.com.tr)
Date: Mon 24 Apr 2006 - 09:05:52 GMT
yaşar tunçez wrote:
> Merhaba,
>
> scp/rsh v.s ile parolasız erişim için internetten ve çeşitli
> dokümanlardan ve sizlerden aldığım önerileri denedim ama bir türlü
> halledemedim. Hala scp ve rsh larda parola istiyor. Kullandığım
> makinalar redhat 9.0.
> Yaptıklarım:
> yerel makinada; $cd .ssh $ssh-keygen -t dsa komutlarını çalıştırdım.
> Parolaları boş geçtim. Oluşan id_dsa.pub dosyasını erişmek istediğim
> makinada .ssh dizinine authorized_keys olarak attım. Ama yine
> baÄŸlanmak istediÄŸimde parola soruyor.
> Not: Başlangıçta ev dizininde .ssh dizini yoktu. mkdir .ssh ile ben
> oluşturdum. Aşağıda erişmek istediğim uzak bilgisayardaki
> /etc/ssh/sshd_config dosyasının içeriğini verdim:
> (teşekkürler.)
>
Konfigurasyonda bir problem gozukmuyor.
.ssh dizininin ve authorized_keys dosyasinin
hedef kullaniciya ait oldugudan ve baska
kimseye yazma hakki vermediginizden emin olun
# chown -R hedef_kullanici ~hedef_kullanici/.ssh
# chmod og-w ~hedef_kullanici/.ssh
baglanmaya calistiginiz sistemdeki authlog (veya security veya daemonlog)
kayit dosyalarinda erisim ile ilgili mesajlari inceleyerek problem ile
ilgili daha fazla bilgi sahibi olabilirsiniz.
Iyi calismalar
Can
> #$OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
>
> # This is the sshd server system-wide configuration file. See
> # sshd_config(5) for more information.
>
> # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
>
> # The strategy used for options in the default sshd_config shipped with
> # OpenSSH is to specify options with their default value where
> # possible, but leave them commented. Uncommented options change a
> # default value.
>
> #Port 22
> #Protocol 2,1
> #ListenAddress 0.0.0.0
> #ListenAddress ::
>
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_dsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> #KeyRegenerationInterval 3600
> #ServerKeyBits 768
>
> # Logging
> #obsoletes QuietMode and FascistLogging
> #SyslogFacility AUTH
> SyslogFacility AUTHPRIV
> #LogLevel INFO
>
> # Authentication:
>
> #LoginGraceTime 120
> #PermitRootLogin yes
> #StrictModes yes
>
> #RSAAuthentication yes
> #PubkeyAuthentication yes
> #AuthorizedKeysFile.ssh/authorized_keys
>
> # rhosts authentication should not be used
> #RhostsAuthentication no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
>
> # To disable tunneled clear text passwords, change to no here!
> #PasswordAuthentication yes
> #PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> #ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
>
> #AFSTokenPassing no
>
> # Kerberos TGT Passing only works with the AFS kaserver
> #KerberosTgtPassing no
>
> # Set this to 'yes' to enable PAM keyboard-interactive authentication
> # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
> #PAMAuthenticationViaKbdInt no
>
> #X11Forwarding no
> X11Forwarding yes
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PrintMotd yes
> #PrintLastLog yes
> #KeepAlive yes
> #UseLogin no
> #UsePrivilegeSeparation yes
> #PermitUserEnvironment no
> #Compression yes
>
> #MaxStartups 10
> # no default banner path
> #Banner /some/path
> #VerifyReverseMapping no
>
> # override default of no subsystems
> Subsystemsftp/usr/libexec/openssh/sftp-server
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Linux-ag mailing list
> Linux-ag@liste.linux.org.tr
> http://liste.linux.org.tr/mailman/listinfo/linux-ag
>
_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag