Hi to all
I have a problem with accessing SSH server, I get this kind of error:
sent publickey gssapi-keyex gssapi-with-mic
I running "Security Advisor" on two of my VPS's I get the following suggestions.
SERVER AA
SSH direct root logins are permitted.
Manually edit etc-ssh-sshd_config and change PermitRootLogin to "without-password" or "no", then restart SSH in the "Restart SSH" area
SERVER BB
SSH password authentication is enabled.
Disable SSH password authentication in the "SSH Password Authorization Tweak" area.
SSH direct root logins are permitted.
Manually edit etc-ssh-sshd_config and change PermitRootLogin to "without-password" or "no", then restart SSH in the "Restart SSH" area
Wanting me to increase security and as you suggested I want to inhibit access to the root user as well, so
- I create a new user
- I add him to the Wheel group
- I generate a new SSH key
- I restart the SSH service
- I set up access to Putty
In both servers the values are set the same
etc-ssh-sshd_config
#PermitRootLogin yes
#PubkeyAuthentication yes
I assume that having put comment to the two default lines the value is OFF / NO. Right?
Trying to access SERVER AA with Putty Using a certificate:
Using username "user".
Server refused our key
no supported authentication methods available ( server sent publickey gssapi-keyex gssapi-with-mic)
Trying to access SERVER AA with Putty without the use of a certificate
Login as: user
no supported authentication methods available ( server sent publickey gssapi-keyex gssapi-with-mic)
Trying to access SERVER BB with Putty without the use of the certificate:
access regularly.
I point out that currently on the SERVER AA root access is already donewith a certificate and it works regularly.
On the SERVER BB it is enable password authentication to do this test.
Now the question is as follows:
If for added security and as suggested by Advisor, it is necessary to “Disable SSH password authentication” and “change PermitRootLogin” how can I proceed ??
For maximum security I should set
PermitRootLogin NO
PubkeyAuthentication NO
But at this point how can I log in with the user created? Or worse yet will I have access?
Sorry maybe I am confusing myself, but I don't understand the best way to find the right solution
I would not want to find myself locked out and no longer have access to the server.
Happy New Year to all of you
Thank you very much
I have a problem with accessing SSH server, I get this kind of error:
sent publickey gssapi-keyex gssapi-with-mic
I running "Security Advisor" on two of my VPS's I get the following suggestions.
SERVER AA
SSH direct root logins are permitted.
Manually edit etc-ssh-sshd_config and change PermitRootLogin to "without-password" or "no", then restart SSH in the "Restart SSH" area
SERVER BB
SSH password authentication is enabled.
Disable SSH password authentication in the "SSH Password Authorization Tweak" area.
SSH direct root logins are permitted.
Manually edit etc-ssh-sshd_config and change PermitRootLogin to "without-password" or "no", then restart SSH in the "Restart SSH" area
Wanting me to increase security and as you suggested I want to inhibit access to the root user as well, so
- I create a new user
- I add him to the Wheel group
- I generate a new SSH key
- I restart the SSH service
- I set up access to Putty
In both servers the values are set the same
etc-ssh-sshd_config
#PermitRootLogin yes
#PubkeyAuthentication yes
I assume that having put comment to the two default lines the value is OFF / NO. Right?
Trying to access SERVER AA with Putty Using a certificate:
Using username "user".
Server refused our key
no supported authentication methods available ( server sent publickey gssapi-keyex gssapi-with-mic)
Trying to access SERVER AA with Putty without the use of a certificate
Login as: user
no supported authentication methods available ( server sent publickey gssapi-keyex gssapi-with-mic)
Trying to access SERVER BB with Putty without the use of the certificate:
access regularly.
I point out that currently on the SERVER AA root access is already donewith a certificate and it works regularly.
On the SERVER BB it is enable password authentication to do this test.
Now the question is as follows:
If for added security and as suggested by Advisor, it is necessary to “Disable SSH password authentication” and “change PermitRootLogin” how can I proceed ??
For maximum security I should set
PermitRootLogin NO
PubkeyAuthentication NO
But at this point how can I log in with the user created? Or worse yet will I have access?
Sorry maybe I am confusing myself, but I don't understand the best way to find the right solution
I would not want to find myself locked out and no longer have access to the server.
Happy New Year to all of you
Thank you very much
