Tuesday, 29 July 2008

ssh server and keys hints

Sometimes it's hard to know why ssh server refuses to use your .ssh/authorized_keys file.
Remember that with some ssh servers (running in strict mode) your ssh configuration folder and files mustn't be accessible to anyone but you:

$HOME/.ssh                 must have mode -rwx------ (0700)
$HOME/.ssh/authorized_keys must have mode -rw------- (0600)

How to test ssh server or account configuration? If you're trying to see what ssh server is doing with your keys just execute it in following way:

/usr/sbin/sshd -Ddddde -p 8823 -oListenAddress=localhost
means "don't detach"
means output all log and debug messages to satderr instead of system log
means execute in debug mode level 3
With this you have ssh server that can be used for playing with configuration without distrupting general purpose ssh service.

No comments: