# Setting up a ssh server/client



## tmd3vt (Nov 19, 2011)

I have a new 9.0 installation currently with a working nfs server on it but now I want to get my ssh server working so I can log on from a far.  I thought I followed the handbook correctly but now I can not connect.  My client and server are connected to an internal wireless router.  It gives the the error message:


```
ssh: connect to host 192.168.2.1 port 22: Connection refused
```

I am trying to use a public key to log on only.  My sshd_config settings are:


```
Port 22
Protocol 2
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowUsers myosxusername@ipaddress serverusername@serveripaddress
```

Before I had PasswordAuthentication and ChallengeResponseAuthentication set to 'no' it would always ask for a password and none worked and it would give me a PAM authentication error.  

I have tried connecting from my user account on the server, and it gives me the same error.  Any ideas?  

Thanks in advance.


----------



## wblock@ (Nov 19, 2011)

sshd(8) has to be enabled in /etc/rc.conf.  That will let clients connect from the internal network.  To connect from outside, the router has to be set to forward port 22 connections to the server.


----------



## tmd3vt (Nov 20, 2011)

sshd is enabled in rc.conf so that is not it.  While looking at my rc.conf config though I thought I might disable my firewall completely.  It was set at open with no config changes and that allowed me to log on from the same computer fixing that problem.  Now I am getting 


```
Permission denied (publickey).
```

from my Mac laptop when I try to ssh in.  I copied the authorized keys file from my user account on the server which worked there.  From the error somewhere the key is failing to be read correctly but I am not sure where I went wrong.  Thanks for your help so far!


----------



## wblock@ (Nov 20, 2011)

Depending on DNS, it might help to delete the entries for the FreeBSD server from the ~/.ssh/known_hosts file and reconnect.  Also check that you copied the public key, not the private one.


----------



## tmd3vt (Nov 20, 2011)

I figured it out.  I created a key on my client machine and put it in the authorized_keys on the server user account and I was able to log in.  I do not see where it says to do this in the handbook.  It seemed to be a one way transaction and not both ways.  Is this the correct way to do this?  Thanks!


----------



## wblock@ (Nov 20, 2011)

Setting up keys is described in the OpenSSH section of the Handbook, but it might be different on OSX.


----------

