On Tue, 13 Sep 2011 20:15:17 +0100, Orchid XP v8 wrote:

>>> The solution may not be complex. Trying to find it in the
>>> documentation often is.
>>
>> man sshd_config
>>
>> Search manpage.
> 
> And now there are *two* problems... ;-)
> 
> In seriousness, manpages are, by definition, *reference* documentation.
> What the standard Unix system lacks entirely is any kind of
> *explanation*.

Depends on the manpage.

     PasswordAuthentication
             Specifies whether password authentication is allowed.  The
             default is “yes”.

Seems pretty straightforward to me.

>>> Now explain how to generate a keypair and put the public half on the
>>> list of acceptable clients.
>>
>> ssh-keygen
>>
>> Then copy the id_rsa.pub (or id_dsa.pub) file to the ~/.ssh directory
>> on the target system.
>>
>> Problem solved.
> 
> That's... interesing. I'm damned /sure/ the manpage said to put the
> files into /etc/sshd or similar. And to edit the SSH configuration file
> to tell it what (local) user account goes with a given key. And how many
> simultaneous logins that user can have, what their shell is, and a bunch
> of other complicated stuff...

There's a difference between configuring sshd and using the public key for
authentication.

You *can* do a host key, but in most cases it's not necessary:

     Normally each user wishing to use SSH with public key authentication runs
     this once to create the authentication key in ~/.ssh/identity,
     ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa.  Additionally, the sys-
     tem administrator may use this to generate host keys, as seen in /etc/rc.

Jim

Post a reply to this message