DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2009-01-04 09:22:46
- bandd
- Member
- Registered: 2009-01-04
- Posts: 6
SSH RSA Key Questions
I've got a DNS-323 with ffp 0.5 installed (fonz, you are an amazing person, I can't quite express my gratitude in words! Thank you very much for all the work you've put into this device).
This is my first experience with ssh, but I'm relatively familiar with the Linux command line. I'm connecting to the DNS-323 via an Ubuntu 8.04 client (as well as an OSX client) with OpenSSH. I can connect fine, but I'm hoping to eventually do remote backups by way of the internet and I want the DNS-323 to be as secure as reasonably possible. What I'm looking at doing is connecting via SSH remotely using both private/public KEY authentication and PASSWORD authentication (in case the keys somehow fall into the wrong hands).
I ran ssh-key-gen from my Ubuntu client. I've set up a home directory on the DNS-323 at /mnt/HD_a2/home/USER and added a .ssh directory there. I copied the id_rsa.pub file to ~/.ssh and ran
Code:
cat ~/.ssh/id_rsa.pub > authorized_keys
and deleted id_rsa.pub. I chmod the appropriate files on my client and on the DNS-323.
I edited my sshd_config file and I've attached it below. I think I've done everything how I'm supposed to, but this is my first time trying to set up ssh...
I guess I don't really know if ssh is using the keys or not, nor do I now how to tell. This is what ssh -v tells me when I run it: (note, port, usernames and host IP Changed, from true values)
Code:
Client@Client-laptop:~$ ssh -v -p 3463 USER1@DNS-323OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to DNS-323 [DNS-323] port 3463. debug1: Connection established. debug1: identity file /home/Client/.ssh/id_rsa type 1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: checking without port identifier debug1: Host 'DNS-323' is known and matches the RSA host key. debug1: Found key in /home/Client/.ssh/known_hosts:1 debug1: found matching key w/out port debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/bandd/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password USER1@DNS-323's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8
The main reason for my suspicion about the keys is because when I ssh to the DNS-323 from the OSX client I can connect with a password only--I never ran ssh-key-gen on the OSX machine. And if I ssh as a different host user (i.e. root or USER2 on the DNS-323, both of which I didn't add .pub keys for) I can connect with a password. Again, maybe I'm just not quite understanding how ssh handles these things...does this seem right?
Thanks for any insight...I'm sure it's something very newbish...
Offline
#2 2009-01-04 17:06:33
- mastervol
- Member
- Registered: 2008-09-06
- Posts: 81
Re: SSH RSA Key Questions
i was never able to get it working with rsa keys, only dsa
DNS-323 F/W: 1.06 H/W: ?? ffp: 0.5 Drives (normal mode): 1 x 1,5 TB Seagate SATA II ST31500341AS, 1 x 250 GB Western Digital SATA I
Offline
#3 2009-01-11 20:04:34
- bandd
- Member
- Registered: 2009-01-04
- Posts: 6
Re: SSH RSA Key Questions
Ok so I got RSA keys working. It was a small mistake on my part when editing the sshd_config file. I hadn't changed the:
Code:
PasswordAuthentication yes
to
Code:
PasswordAuthentication no
As stated in my initial post I wanted to have key authentication along with a password. So when I set up my keys on the client machine I typed in a password when it prompted me to. I didn't realize the the "PasswordAuthentication" value in the sshd_config file was for standard password authentication, and thus left it as the defualt yes. But I got to thinking, that it was probably different. And indeed it was. Once I disabled this value, the RSA key authentication worked perfectly, including the prompted password for access to the private key. YEAH!
Offline