Lab 5.3

MohamedLan

I can´t do the last step, the system still asking for password and the password is not correct.

Edit the file /etc/ssh/sshd_config and make sure this line is present:
PermitRootLogin without-password
Restart the sshd daemon.

systemctl restart sshd.service

NOTE: On Ubuntu, the ssh service is named ssh not sshd. Attempt to log in as root. It should fail.
$ ssh garply
Copythefile/home/student/.ssh/authorized_keystothedirectory/root/.ssh/ and make sure it is owned by the root user and group.

cat /home/student/.ssh/authorized_keys >> /root/.ssh/authorized_keys

chown root.root /root/.ssh/authorized_keys

chmod 640 /root/.ssh/authorized_keys

Log in to the host garply again, to prove your ssh-key login works.

$ ssh garply *****************************************************************+(FAIL)

lee42x

This step is dependant on a previous step (5.1) to place the public key for student into the authorized_key file. Please confirm that student can ssh to localhost without needing a password.

MohamedLan

Thanks for the quick answer.
Yes, steps 5.1 and 5.2 are done without any problem, everything's running well.
Once I changed "PermitRootLogin without-password" the last part of the exercise 5.3 doesn`t work.
Below you can see my the content of /etc/ssh/sshd_config file

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

PermitRootLogin without-password

PubkeyAuthentication yes

AuthorizedKeysFile /.ssh/authorized_keys

PasswordAuthentication yes

ChallengeResponseAuthentication no

GSSAPIAuthentication yes
GSSAPICleanupCredentials no

UsePAM yes

X11Forwarding yes

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

Subsystem sftp /usr/libexec/openssh/sftp-server

MohamedLan

I've tried this exersice in diferent systems and still can't finish it

MohamedLan

After changing to this :"PermitRootLogin yes" the system allows me to access but still asking me the root password and should't be, isn't it?

lee42x

Yes, using a authorized_keys instead of a password is one of the goals in this exercise. The sequence is: student creates a key, copy student's public key to root's authorized_keys file and test the login works without a password then force root login to only use the authorized_keys. If you are getting prompted for a password, ssh cannot find the key. Our lab has an extra step that copies student's public key in to his own authorized_keys file so the command "ssh student@localhost" works without a password.
1/ please check that student can log in to localhost without a password.
2/ confirm the authorized_keys file in /home/student/.ssh/ and /root/.ssh/ are the same.
Lee

MohamedLan

I created new user on the system and it worked. Some mistake adding ssh key to a ssh agent with the previous user. I removed all files in $HOME/.ssh/ and tried again and finally worked!!! Thanks for the indications