[scponly] RSA Keys and scponly
Tim Churchard
tim.churchard at gmail.com
Sat Nov 5 08:23:37 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I recently moved my OpenSSH server to only accept SSH2 only RSA keys
instead of the normal login. My normal/shell-account users can login
using the key pairs they created, once I'd added their public keys to
their authorized_keys file. I changed to RSA keys because when I opened
up ssh on my internet facing interface I had > 400 login attempts per
hour with numerous usernames and passwords.
My scponlyc users cannot login, the server denies the public key
everytime. At the moment I have the test username: scponlyctest and his
chroot home directory is /mnt/share/rbup/scponlytest I had to create a
.ssh directory in that test directory, I chown'd it to
scponlytest:users and chmod to 0700 for the directory and 0600 for the
authorized_keys and known_hosts files. Did I create the .ssh directory
in the wrong place? (its just in the ~ directory) - The normal users
(that I want to have a shell account rather than a sftp account) can
login and I created .ssh directory in the same way as I have for this
test user.
I used the setup_chroot.sh script to create the scponlyctest user. When
the sshd was set to accept normal logins the account worked properly.
Can somebody explain how using scponlyc to chroot users would effect the
RSA key validation? Is there a howto or some docs somewhere I should read?
Thankyou for your help in advance
Tim
- -=-=-
... "The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location... and I'm not
even too sure about that one"
-- Dennis Hughes, FBI
* TagZilla 0.057 * http://tagzilla.mozdev.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDbLJZ2NoYWIO1Nt0RAl+TAJ4r4AraIK98S38g3jU/ctfxqK3qLACfWVp2
rvu97SsJJM5JrUse2vpDXSs=
=pV0c
-----END PGP SIGNATURE-----
More information about the scponly
mailing list