sshd is now broke

Edward Glowacki glowack2@msu.edu
Tue, 17 Jul 2001 07:48:46 -0400

Previous message: sshd is now broke
Next message: X11 forwarding broke (was Re: sshd is now broke)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoted from Michael Robert Szumlinski on Mon, Jul 16, 2001 at 10:23:09PM -0400:
> For some reason my sshd will no longer accept connections and I can't remember
> changing anything...unfortunately I'm a dumbass and started putzing with the
> sshd_config file and now I think I've screwed it up with no backup. Here
> is what I get when I try to login now.
> 
> ---
> [localhost:~] root# ssh -l szumlins 192.168.3.1
> szumlins@192.168.3.1's password:
> Connection to 192.168.3.1 closed by remote host.
> Connection to 192.168.3.1 closed.
> ---
> 
> Is it possible that my ssh_host_key is broken? I can't figure it out...any
> ideas would be appreciated.
> 
> -Mike

If you want to regen your host keys, try:

ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -N "" -f /etc/ssh/ssh_host_key

The first one does the DSA key (generally used with ssh2) and the
second regenerates the RSA key (generally used with ssh1).

Here's my config, which hasn't changed much from the FreeBSD default
(I'm assuming you're trying this all on FreeBSD?).

# This is ssh server systemwide configuration file.
#
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.3 2000/10/28 23:00:51 kris Ex
p $

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
HostDsaKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 120
KeyRegenerationInterval 3600
PermitRootLogin no
# Rate-limit sshd connections to 5 connections per 10 seconds
#ConnectionsPerPeriod 5/10
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

CheckMail yes
#UseLogin no

# Uncomment if you want to enable sftp
#Subsystem      sftp    /usr/libexec/sftp-server
#MaxStartups 10:30:60


-- 
Edward Glowacki				glowack2@msu.edu
GLLUG Peon  				http://www.gllug.org
Imagination is the one weapon in the war against reality.
                -- Jules de Gaultier

Previous message: sshd is now broke
Next message: X11 forwarding broke (was Re: sshd is now broke)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]