Allow root to login Dragonfly BSD through SSH

To allow root to login Dragonfly BSD through SSH, you need to modify two parts in /etc/ssh/sshd_config:

......
PermitRootLogin yes
......
PasswordAuthentication yes
......

Otherwise you will bump into following error:

$ ssh root@192.168.35.195
The authenticity of host '192.168.35.195 (192.168.35.195)' can't be established.
......
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.35.195' (ECDSA) to the list of known hosts.
root@192.168.35.195: Permission denied (publickey,keyboard-interactive).

 

Fix “Permission denied, please try again.” issue when using git protocol

If you want to use git instead of https protocol, you need to leverage SSH keys. otherwise you will encounter following errors:

$ git clone git@xxxxx/xxx.git
Cloning into 'xxx'...
git@xxx's password:
Permission denied, please try again.

If you don’t have SSH keys, you need to use ssh-keygen to generate a pair of keys, then copy public key into your account. The following picture shows how to add key in gitlab(github is similar):

Reference:
Which remote URL should I use?

Use network analyzer to learn SSH session establishment

The establishment of SSH session consists of 2 parts: build up the encryption channel and authenticate user. To understand the whole flow better, I usetcpdump/Wireshark to capture and analyze the packets. Server is OpenBSD 6.1 and client is ArchLinux. The tcpdump command is like this:

sudo tcpdump -A -s 0 'net 192.168.38.176' -i enp7s0f0 -w capture.pcap

(1) Connect server first time:

1

The captured packets:

C1

We can see the client/server negotiated SSH version firstĀ (In fact, client and server sentĀ SSH version simultaneously, so please don’t misunderstand client sent first, then server responded. Use “nc 192.168.38.176 22” command to check.)

, then exchanged public key to generate secret key. The server issued “New Keys” message, and waited for client to answer.

(2) Accept server’s public key but not input password:

2

The captured packets:

C2

The first packet should be client acknowledged server’s “New Keys” message, then there are some interactions. Now the encryption channel is set up.

(3) Enter password and authenticate user:

3

The captured packets:

C3

These packets are all encrypted data. If user’s password is correct, the whole SSH session will be ready, and you can administrator server now.

Reference:
Understanding the SSH Encryption and Connection Process.