Matthias Kauer | 28 Aug 23:15 2013

Re: Login via ~/.ssh/authorized_keys fails

Hi Mike,
thanks for the confirmation and the submission.

If anyone is interested, one thing I did for now, to address this issue was to allow password-based access from my LAN addresses as described here: http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses (Note that the match block should be at the end of sshd_config file as it affects all statements below it if I understand it correctly)

Use a Match block in /etc/ssh/sshd_config.

PasswordAuthentication no Match address 192.0.2.0/24 PasswordAuthentication yes
Best,
Matthias

PS: Is there a comfortable way to reply to individual messages from the digest email that doesn't involve plenty of copy &paste + praying that it will be sorted correctly like just now? Probably no, right?

Hi Matthias, On Mo 26 Aug 2013 23:54:55 CEST Matthias Kauer wrote:
Hi, I am looking for input on how to set up an ssh key-based authentication. I generated an RSA key pair with puttygen and added it to ~/.ssh/authorized_keys2 => confirmed that I can login with putty. Now, I specify the same private key in x2goclient (windows). I enter my password and I am then prompted for the password of the ssh key. I enter it and the same ssh key password prompt reappears. This seems to be an infinite loop. When I cancel it, I get a message saying that only publickey is supported as login method (which corresponds to my sshd_config settings). I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair. putty still works as expected with both of these alternatives. x2goclient still shows the same problems however. It only lets me login if I adapt my sshd_config and authenticate via user / password combination. Is this a known limitation? What is the best way to achieve high security? Can I limit the x2go connections to only LAN IPs (without restricting the pure ssh connections)?
I have just forwarded this issue to our bug tracker. I have observed similar irregularities that desperately need a fix. Mike

<div>
    Hi Mike,<br>
    thanks for the confirmation and the submission.<br><br>
    If anyone is interested, one thing I did for now, to address this
    issue was to allow password-based access from my LAN addresses as
    described here:
    <a class="moz-txt-link-freetext" href="http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses">http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses</a>

    (Note that the match block should be at the end of sshd_config file
    as it affects all statements below it if I understand it correctly)<br><div class="post-text">
      <p>Use a Match block in /etc/ssh/sshd_config.</p>
      PasswordAuthentication no

Match address 192.0.2.0/24
    PasswordAuthentication yes

    </div>
    Best,<br>
    Matthias<br><br>
    PS: Is there a comfortable way to reply to individual messages from
    the digest email that doesn't involve plenty of copy &amp;paste +
    praying that it will be sorted correctly like just now? Probably no,
    right?<br><br><div class="moz-cite-prefix">On 28/8/2013 12:00 PM,
      <a class="moz-txt-link-abbreviated" href="mailto:x2go-user-request@...">x2go-user-request@...</a> wrote:<br>
</div>
    <blockquote cite="mid:mailman.19.1377684006.13349.x2go-user@..." type="cite">

Hi Matthias,

On Mo 26 Aug 2013 23:54:55 CEST Matthias Kauer wrote:

      <blockquote type="cite">
        Hi,
I am looking for input on how to set up an ssh key-based authentication.

I generated an RSA key pair with puttygen and added it to
~/.ssh/authorized_keys2 =&gt; confirmed that I can login with putty.
Now, I specify the same private key in x2goclient (windows). I enter my
password and I am then prompted for the password of the ssh key. I enter
it and the same ssh key password prompt reappears. This seems to be an
infinite loop. When I cancel it, I get a message saying that only
publickey is supported as login method (which corresponds to my
sshd_config settings).

I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair.
putty still works as expected with both of these alternatives.
x2goclient still shows the same problems however. It only lets me login
if I adapt my sshd_config and authenticate via user / password combination.

Is this a known limitation?
What is the best way to achieve high security? Can I limit the x2go
connections to only LAN IPs (without restricting the pure ssh connections)?

      </blockquote>

I have just forwarded this issue to our bug tracker. I have observed  
similar irregularities that desperately need a fix.

Mike

    </blockquote>
    <br>
</div>

Gmane