LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Can't use public key authentication with SSH (https://www.linuxquestions.org/questions/linux-general-1/can%27t-use-public-key-authentication-with-ssh-399853/)

Noob69 01-05-2006 11:07 AM
Can't use public key authentication with SSH
 
Hello all,

I think I have got SSH working. I can connect OK - but only using username/password authentication. I want to use public keys but it doesn't seem to work.

I want to be able to connect from my work laptop to my home PC (running FC4) to username "fred".

I have generated RSA key pairs on both machines and have placed the laptop's public key in my /home/fred/.ssh/authorized_keys file.

When I connect I think that I am met not with the /home/fred/.ssh/id_rsa.pub key, but with the /etc/ssh/ssh_host_rsa_key.pub key (i.e. the systemwide key - not my user "fred"'s) key.

The session does not therefore establish properly.

What am I doing wrong?

What should I do to fix it?

Thanks in advance

leandean 01-05-2006 11:05 PM
To start, make sure the public keys is formatted as such :

ssh-rsa(space)"key proper goes here="(space)identifier (usually yourname@anything. The spaces and = are important. Make sure the entire key is one continuous line. You can do this by placing the cursor at the end of the string and pressing the 'home' key. If it returns to the first 's' in ssh you're good. If not, join the lines.

Next, make sure the .ssh directory is owned by fred.fred (or users) and chmod is 700. Make sure the key is owned by fred.users and permissions are 600.

ps: no quotes around the key :)

timmeke 01-06-2006 02:19 AM
Do you log into ssh using user fred?
ie are you doing:
ssh fred@your_Linux_machine ?

Noob69 01-06-2006 03:28 AM
Ahhh...

The client software I am using on the (cough) WinXP box is SSH Secure Shell V.3.2.9 Although I have also tried PuTTY. They generate keys in the form
Code:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "FRED'S Laptop [2048-bit rsa, Fred Bloggs@My-Laptop, Thu J\
an 05 2006 08:02:41]"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCU3BJFerYl8CJfadvHlWOXFCGAwATA49q7f013N2
w57EPobClGnbO+7AtpV3E5rPn5l0b2MVnqy5R2mrPrYBi2KWigDLjvNAGI5xYoPCrRVci5
+5douvqmvazxxs0DXaM8ErTVZkTWUUFMf3sMIHrmDCRLqhS+NgsIeSXOpYiB2Fp+w75wN/
8WSkslRGcK6dDyk5aPONqLwE5LQ16o8qCfv+pe9lOnFP2aU3wo1GhkRMYa/Sf49ktYR6pY
GEaNsO+bJTTurEThGl2vFrkN465dooQx08l6c8s34Pal9V6X4Jhvw0ZG5kI6oze+juxBNJ
W3cKOh31lGwRjE5g0XNXXr
---- END SSH2 PUBLIC KEY ----
Is this the problem?

Timmeke,
The SSH Secure Shell GUI software asks for us username before attempting the connection, so yes, I am connecting to fred@IP_Address. On connection the first thing it asks for is "Fred's password" It also has a command line version (ssh2.exe) and I have just tried doing ssh2 fred@ip_address and it does log in and ask me for fred's password.

With PuTTY I log into the IP address and it first asks me for a user (fred) and then password. However, at this point it has already said that the key fingerprint is xxxx,yyyy,xxxx etc... (which I think is the main one - not Fred's).

What to do next?

Many Thanks

timmeke 01-06-2006 04:02 AM
That key fingerprint is just the public key for the machine you're trying to connect to. On Linux, ssh
prints it too and asks you - the first time you connect to the machine - to store the key in the "known_hosts" file. This is done to prevent some types of spoofing attacks.

If I understand the ssh algorithm correctly, fred's key isn't actually transmitted. Rather, the server will send some kind of message, encrypted with fred's key to the client. If the client then has the right private key to decrypt the message, he has proven to the server that he is in fact who he claims to be (someone with access to fred's account).
The key you see is nothing more than the public key of the server, for your system to verify if the server is the right one. The client will use this key to encrypt anything sent to the server. Only the server will be able to decrypt it.

But then again, I may be mistaken.

Noob69 01-06-2006 06:27 AM
Something weird is happening,

After a *lot* of Googling I found a site that showed how to convert a Key generated in a windows client into an open SSH format: ssh-keygen -i -f windows_style_key > linux_style_key and so I converted one of the many keys I had been experimenting with and tried it. Guess what - it worked! There was an error caused by one of the other test keys which I had somehow mangled so, still whooping with joy, I deleted everything in the .ssh directory (except my "Fred" keypair) and deleted all the test keys off the windows box and started again. Step-by-step I created a new (what I hoped would be a "real") key with the windows client, I uploaded it to the linux box, I converted it to open-SSH format, I copied it into "authorized_keys" (now empty) and tried to connect. REFUSED. *&^"!!"**!
(password logons still work)

Try as I might I cannot get it to work again. Having had a taste of success I am now frustrated beyond words...

What on earth is going on?

{EDIT}

Ignore the above rant I've solved it!.....

In all my messing around I forgot that the "authorized_keys" file had to be chmod 600. When I deleted and recreated it, the file somehow had other rw permissions... Doing chmod 600 authorized_keys was all it too to fix the problem (blush).

I am now a *very* happy camper.

Thanks to all who helped.


All times are GMT -5. The time now is 04:48 PM.