# (easy) ssh config question!! (takes 2 seconds to read & ans)

## RAD709

I can't find in Gentoo documentation or forums (probably from lack of trying) how to set up gentoo to allow someone to ssh to the machine with only a password. I have edited the /etc/ssh/ssh_config file to not use rsa keys and done /etc/init.d/sshd restart but it still yells at me for no rsa-key matchup. what other files need to be edited?!? 

p.s.: I am not trying to log on as root, I have every option in ssh_config set to no except login with passwd (i would post the file but I can't ssh to the machine to copy/paste and I haven't figured out how to do that with links yet)

----------

## jmbsvicetto

 *RAD709 wrote:*   

> I can't find in Gentoo documentation or forums (probably from lack of trying) how to set up gentoo to allow someone to ssh to the machine with only a password. I have edited the /etc/ssh/ssh_config file to not use rsa keys and done /etc/init.d/sshd restart but it still yells at me for no rsa-key matchup. what other files need to be edited?!? 
> 
> p.s.: I am not trying to log on as root, I have every option in ssh_config set to no except login with passwd (i would post the file but I can't ssh to the machine to copy/paste and I haven't figured out how to do that with links yet)

 

Hi.

First, you probably made a typo, but you're talking about /etc/ssh/sshd_config and not /etc/ssh/ssh_config. Then, you should enable UsePAM yes in the config file.

Does this work?

----------

## RAD709

okay, so this wasn't a typo, I guess I meant to be editing the sshd_config file and after configing this file as the other one, it still wont accept me...

----------

## Dlareh

The default configuration will accept both passwords and keys.  Perhaps you should revert to it.

----------

## jmbsvicetto

You have the service running /etc/init.d/sshd status, right?

What did you change in the sshd_config file?

----------

## RAD709

I uncommented the passwordauthentication yes line and that is it. is there somewhere in the documentation where this is possibly better explained? 

I also ran 

```
 /etc/init.d/sshd status 
```

 but I am not sure what it does. nothing different yet though[/code][/i]

----------

## jmbsvicetto

Make sure that the UsePAM line is not commented.

The /etc/init.d/* status command, shows you if the service * is running. It should show if a service is stopped or started. You can also use start, stop and restart to control the service.

----------

## RAD709

the usepam option wasn't commented so that didn't need to change. does the status just mean the process just shows up in ps ? I knew about the start/stop/restart though-tnx anyway.

----------

## RAD709

the default sshd_config file had everything commented out except for the UsePAM option set to yes. should this allow for both authentications then? if both are set to yes, do you need both? 

Maybe I will just try to come up with my uber-prime-sieve to crack 2048 bit RSA-keys...

----------

## jmbsvicetto

My sshd_config file, which I haven't touched, has only the following lines not commented

```
atl64 atlantis # grep -v \# /etc/ssh/sshd_config

Protocol 2

PasswordAuthentication no

UsePAM yes

Subsystem       sftp    /usr/lib64/misc/sftp-server

atl64 atlantis # 
```

----------

## RAD709

and the only difference I should make in mine is? 

```
PasswordAuthentication yes 
```

----------

## jmbsvicetto

 *RAD709 wrote:*   

> the usepam option wasn't commented so that didn't need to change. does the status just mean the process just shows up in ps ? I knew about the start/stop/restart though-tnx anyway.

 

The status command tells if a service is running, stopped or dead. I think that the services use the start-stop-daemon to start and stop services. This is a binary file that is part of the baselayout package. I don't think it uses ps to determine if an app is running. I suspect that it starts by looking at the pid files in /var/run/ to determine the status of a service.

----------

## Dlareh

"/etc/init.d/<servicename> status" uses the records in /var/lib/init.d to report on the status of a process.

rc-status does this as well, just for all processes in a particular runlevel (default is the current one)

ps is independent of the init script system and is not affected; it simply reports what the kernel knows is running

the pid files in /var/run have other purposes, do not necessarily correspond to services started by the init script system, and certainly and do not affect the rc/init status commands

----------

## zeek

 *RAD709 wrote:*   

> I can't find in Gentoo documentation or forums (probably from lack of trying) how to set up gentoo to allow someone to ssh to the machine with only a password.

 

I hope you got that bassackwards because keys are a good idea and passwords are a bad idea.  Passwords will probably go away in a couple of years.

----------

## RAD709

For very specific reasons I can't use keys to authenticate. It turns out just being more secure with my setup.

----------

## jmbsvicetto

 *Dlareh wrote:*   

> "/etc/init.d/<servicename> status" uses the records in /var/lib/init.d to report on the status of a process.
> 
> rc-status does this as well, just for all processes in a particular runlevel (default is the current one)
> 
> ps is independent of the init script system and is not affected; it simply reports what the kernel knows is running
> ...

 

Thanks for the info. I wasn't sure how it worked.

That didn't happened to me yet in Gentoo, but in SuSE if a service dies, /etc/init.d/service status shows the service as dead. Does that info come from the /var/lib/init.d or do you think that ps and or the pid files are used somehow?

----------

## Dlareh

 *jmbsvicetto wrote:*   

> Thanks for the info. I wasn't sure how it worked.
> 
> That didn't happened to me yet in Gentoo, but in SuSE if a service dies, /etc/init.d/service status shows the service as dead. Does that info come from the /var/lib/init.d or do you think that ps and or the pid files are used somehow?

 

Apparently it depends on the init script.  If the start-stop-daemon command line line has "--pidfile /var/run/something.pid" then it does check when you run status (and perhaps earlier, I'm not sure).

I spend more time working with custom init scripts that don't use --pidfile because they start more than one thing and it's easier just to use pkill.

----------

## RAD709

when I change the port from 22 to something random like 348 and restart sshd the change takes affect (i.e. I can only be denied ssh on 348 and on port 22 I just get the connection refused) So the config file in /etc/ssh/sshd.conf isn't being ignored. here is the file though: 

```
 rob #grep -v \# /etc/ssh/sshd_config

protocol 2

PasswordAuthentication yes

UsePAM no

Subsystem   sftp   /usr/lib64/misc/sftp-server 
```

I really didn't think the arch mattered in something this trivial but if it helps it is a single proc. Apple G5 1.8 Ghz in pure 64-bit mode.

----------

## jmbsvicetto

RAD709,

you should edit the /etc/ssh/sshd_config and activacte the UsePAM option.

Does that make any difference?

----------

## RAD709

no. I have tried UsePAM yes and no with Passwordauthentication yes and no but no difference!

----------

## RAD709

does it matter which user I am trying to log in as? i.e. if i made a newuser with wheel privileges and tried to log on as him from another computer (ssh newuser@192.168.0.9 :Cool:  should this config allow it? 

```
protocol 2 

ListenAddress 192.168.0.98

PasswordAuthentication yes 

UsePAM yes

Subsystem   sftp   /usr/lib64/misc/sftp-server
```

----------

## truc

hey, I had the same problem just today and didn't find any Howto, But the Docs  I found told me default file should be *enough* to ssh as root

just to let you know, sshd isn't running by default.

Each ssh*_config was the default one (since I never used ssh before)

The problem was, I gave my monitor (to my mother  :Smile:  ) So I've got nothing to display what I'm typing on my gentoo box  :Shocked: . 

turn on my gentoo box, log in as root and then

```
#/etc/init.d/sshd start 
```

As I didn't see anything of what I were doing, I couldn't check wether sshd was running or not, but...

I'm also using a laptop Mac OSX, and it has an interesting feature which tells which port are open and so on

Then I could know ssh was running: 

```
Port Scanning host: 192.168.0.2

    Open Port:    22      ssh
```

yeah, great, I finally foundthe right comand to ssh as root my gentoo box through the terminal of OSX:

```
$ssh 192.168.0.2 -l root

Password: 
```

(where password is the root password)

As it was also connected to the internet, i wanted the modify the  sshd_config *bad idea*

After playing a bit with gentoo ( (...) emerge world -Du then etc-update (...) ), I quited (exited?) ssh, but could not ssh again  :Sad: 

 Here comes the interesting things for you (i think)

I had to rescue the default ssh config files, in an easy way since I still can't see anything (no monitor, no ssh  :Confused:  )

So Still blindly, I did 

```
#/etc/init.d/sshd stop (in order to be sure)

#emerge -C openssh

#emerge openssh (then I waited till nothings seemed to happen

#etc-update 
```

Then I chose " -5 "(it's not using mv -i as far as i remember) since there was only the ssh config files

Then 

```
#/etc/init.d/sshd start
```

Then yeah!! I could ssh again!!

hope it can help;)

Sorry for my bad englishLast edited by truc on Mon Sep 05, 2005 8:08 am; edited 1 time in total

----------

## Dlareh

 *truc wrote:*   

> hey, I had the same problem just today and didn't find any Howto, But the Docs  I found told me default file should be *enough* to ssh as root
> 
> just to let you know, sshd wasn't is running by default.
> 
> Each ssh*_config was the default one (since I never used ssh before)
> ...

 

Three ways:

```
ps aux | grep sshd

netstat -atpn

emerge -u nmap

nmap -p22 localhost
```

----------

## RAD709

hmm this was one of the first things I did. reinstall openssh. it gave me the clean sshd_config file and everything, but no dice.

----------

## RAD709

truc ==> as this worked for you i thought I'd try it anyway... it doesn't actually recover any config files: it leaves the old ones untouched. so this didn't do the trick. can someone just post a fresh/clean config file or tell me how to recover one? this is a very quirky bug...

----------

## jmbsvicetto

RAD709,

as you can see the ssh_config and sshd_config belong to the openssh package.

```
atl64 linux # equery belongs /etc/ssh/ssh_config

[ Searching for file(s) /etc/ssh/ssh_config in *... ]

net-misc/openssh-4.1_p1-r1 (/etc/ssh/ssh_config)

atl64 linux # equery belongs /etc/ssh/sshd_config

[ Searching for file(s) /etc/ssh/sshd_config in *... ]

net-misc/openssh-4.1_p1-r1 (/etc/ssh/sshd_config)

atl64 linux # 
```

----------

## truc

 *Dlareh wrote:*   

>  Three ways:
> 
> ```
> ps aux | grep sshd
> 
> ...

 

As I said, I don't have any monitor to display on, so I blindly typed what I said, but I couldn't check anything, except if you tell me the way to make my computer talking to me  :Wink: 

I'm sorry I'm not at home for now, I will paste my config file as soon as I get home (if nobody does it before)

I can just remember that I tried to move (sorry I'm not sure if it worked, since I can't see anything (sorry for repeating myself but it's really annoying  :Confused:  ) )    the /etc/ssh/sshd_config to /etc/ssh/sshd_config_sthg_else

And only then I did the emerge -C openssh then emerge openssh then etc-update  . Sure you did the last one? (I'm not even sure if it was needed or not  :Embarassed:  )Last edited by truc on Mon Sep 05, 2005 7:40 am; edited 1 time in total

----------

## Dlareh

Oh, missed that...

Incidentally, do you know of any good livecds that automatically start sshd ?

----------

## truc

yeah I though about using a Live CD(actually that was my first adea), the problem was/is, 

I would have had to chose the right medium to boot from, and in the boot menu from the BIOS (assuming I would press the "boot menu key" (don't know how to say..) at the right moment)  there are a lot of possibilities (2 HD, Lan, USB and a many else (nforce 2 mobo) ) and I don't really remember where the CDROM stand in that loonngg list  :Wink: 

----------

## truc

So:)

everything is commented in ssh_config

and sshd_config looks like (by default)

```
Protocol 2

PasswordAuthentication no

UsePAM yes

Subsystem       sftp    /usr/lib/misc/sftp-server

```

----------

