PHWinfo - Afficher un message

03/11/2006, 05h07

I am still a bit of a newb when it comes to sshd security, but I am
attempting to set up a public-key based sshd server for my internal
server network.
The config is as follows:
=================================
Port 22
Protocol 2
HostKey /root/CA/sshd_rsa.key
SyslogFacility AUTHPRIV
LogLevel INFO
LoginGraceTime 40s
PermitRootLogin yes
StrictModes no
MaxAuthTries 4
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/int_auth_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AllowTCPForwarding yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
UsePrivilegeSeparation yes
Compression delayed
ClientAliveInterval 0
ClientAliveCountMax 5
PermitTunnel yes
Banner /etc/ssh/banner
Subsystem sftp /usr/libexec/openssh/sftp-server
=====================
Most of it comes from the stock FC5 sshd_config. When I try to start
the server it whines about not being able to load /root/CA/sshd_rsa.key
even though the file exists and is a RSA PRIVATE KEY.
Did I use the wrong command to generate it? ( it was `openssl genrsa
-out <file> 2048` IIRC)
Are there any special tools for generating this key that I could use?

03/11/2006, 05h07	#1
crazyForDynamite Messages: n/a Hébergeur:	question about sshd_config I am still a bit of a newb when it comes to sshd security, but I am attempting to set up a public-key based sshd server for my internal server network. The config is as follows: ================================= Port 22 Protocol 2 HostKey /root/CA/sshd_rsa.key SyslogFacility AUTHPRIV LogLevel INFO LoginGraceTime 40s PermitRootLogin yes StrictModes no MaxAuthTries 4 PubkeyAuthentication yes AuthorizedKeysFile /etc/ssh/int_auth_keys PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AllowTCPForwarding yes X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes PrintMotd yes PrintLastLog yes TCPKeepAlive yes UsePrivilegeSeparation yes Compression delayed ClientAliveInterval 0 ClientAliveCountMax 5 PermitTunnel yes Banner /etc/ssh/banner Subsystem sftp /usr/libexec/openssh/sftp-server ===================== Most of it comes from the stock FC5 sshd_config. When I try to start the server it whines about not being able to load /root/CA/sshd_rsa.key even though the file exists and is a RSA PRIVATE KEY. Did I use the wrong command to generate it? ( it was `openssl genrsa -out <file> 2048` IIRC) Are there any special tools for generating this key that I could use?