On Sun, Aug 19, 2001 at 12:19:20PM +0100, D wrote:
Anyone ever got this to work? Not sat down and tried yet but a guy I was talking to yesterday said its harder then it looks, surely you just need the host keys etc.. and your away.
I have it working.
Both hosts should be known to each other, i.e. each host has the other host's public key (ssh_host_key.pub) in its ssh_known_hosts file. The user account on the desination end needs to have the public key of the account on the originating end (.ssh/identity.pub) in its .ssh/authorized_keys file.
In addition to that the file permissions all need to be correct:
For the host specific files (/etc/ssh/* or /etc/ssh_*) all should be writable only by root and the host private key should not be readable by anyone else either. All the others files should be world readable.
For the user specific files, all should be owned by the user concerned and writable only by that user, with the private key (identity) and the authorized_keys files being readable only by that user and the others world readable.
If it doesn't work when you set it up, try the -d option on the server end to get a debug log from it which will tell what types of authenciation it is trying and why they fail. To use -d you need to run sshd from the command line as it doesn't go into the background and only goes round once (one connection attempt).
HTH, Steve.