DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2009-01-04 09:22:46

bandd
Member
Registered: 2009-01-04
Posts: 6

SSH RSA Key Questions

I've got a DNS-323 with ffp 0.5 installed (fonz, you are an amazing person, I can't quite express my gratitude in words! Thank you very much for all the work you've put into this device).

This is my first experience with ssh, but I'm relatively familiar with the Linux command line.  I'm connecting to the DNS-323 via an Ubuntu 8.04 client (as well as an OSX client) with OpenSSH.  I can connect fine, but I'm hoping to eventually do remote backups by way of the internet and I want the DNS-323 to be as secure as reasonably possible.  What I'm looking at doing is connecting via SSH remotely using both private/public KEY authentication and PASSWORD authentication (in case the keys somehow fall into the wrong hands). 

I ran ssh-key-gen from my Ubuntu client.  I've set up a home directory on the DNS-323 at /mnt/HD_a2/home/USER and added a .ssh directory there.  I copied the id_rsa.pub file to ~/.ssh and ran

Code:

cat ~/.ssh/id_rsa.pub > authorized_keys

and deleted id_rsa.pub.  I chmod the appropriate files on my client and on the DNS-323. 

I edited my sshd_config file and I've attached it below.  I think I've done everything how I'm supposed to, but this is my first time trying to set up ssh...

I guess I don't really know if ssh is using the keys or not, nor do I now how to tell.  This is what ssh -v tells me when I run it: (note, port, usernames and host IP Changed, from true values)

Code:

Client@Client-laptop:~$ ssh -v -p 3463 USER1@DNS-323OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to DNS-323 [DNS-323] port 3463.
debug1: Connection established.
debug1: identity file /home/Client/.ssh/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: Host 'DNS-323' is known and matches the RSA host key.
debug1: Found key in /home/Client/.ssh/known_hosts:1
debug1: found matching key w/out port
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/bandd/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
USER1@DNS-323's password: 
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

The main reason for my suspicion about the keys is because when I ssh to the DNS-323 from the OSX client I can connect with a password only--I never ran ssh-key-gen on the OSX machine.  And if I ssh as a different host user (i.e. root or USER2 on the DNS-323, both of which I didn't add .pub keys for) I can connect with a password.  Again, maybe I'm just not quite understanding how ssh handles these things...does this seem right?

Thanks for any insight...I'm sure it's something very newbish...


Attachments:
Attachment Icon sshd_config.current, Size: 3,321 bytes, Downloads: 219

Offline

 

#2 2009-01-04 17:06:33

mastervol
Member
Registered: 2008-09-06
Posts: 81

Re: SSH RSA Key Questions

i was never able to get it working with rsa keys, only dsa


DNS-323     F/W: 1.06  H/W: ??  ffp: 0.5  Drives (normal mode): 1 x 1,5 TB Seagate SATA II ST31500341AS, 1 x 250 GB Western Digital SATA I

Offline

 

#3 2009-01-11 20:04:34

bandd
Member
Registered: 2009-01-04
Posts: 6

Re: SSH RSA Key Questions

Ok so I got RSA keys working.  It was a small mistake on my part when editing the sshd_config file.  I hadn't changed the:

Code:

PasswordAuthentication yes

to

Code:

PasswordAuthentication no

As stated in my initial post I wanted to have key authentication along with a password.  So when I set up my keys on the client machine I typed in a password when it prompted me to.  I didn't realize the the "PasswordAuthentication" value in the sshd_config file was for standard password authentication, and thus left it as the defualt yes.  But I got to thinking, that it was probably different.  And indeed it was.  Once I disabled this value, the RSA key authentication worked perfectly, including the prompted password for access to the private key.  YEAH!

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB