LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-05-2006, 11:07 AM   #1
Noob69
LQ Newbie
 
Registered: Jan 2006
Posts: 3

Rep: Reputation: 0
Can't use public key authentication with SSH


Hello all,

I think I have got SSH working. I can connect OK - but only using username/password authentication. I want to use public keys but it doesn't seem to work.

I want to be able to connect from my work laptop to my home PC (running FC4) to username "fred".

I have generated RSA key pairs on both machines and have placed the laptop's public key in my /home/fred/.ssh/authorized_keys file.

When I connect I think that I am met not with the /home/fred/.ssh/id_rsa.pub key, but with the /etc/ssh/ssh_host_rsa_key.pub key (i.e. the systemwide key - not my user "fred"'s) key.

The session does not therefore establish properly.

What am I doing wrong?

What should I do to fix it?

Thanks in advance
 
Old 01-05-2006, 11:05 PM   #2
leandean
Member
 
Registered: Oct 2005
Location: Burley, WA
Distribution: Sabayon
Posts: 276

Rep: Reputation: Disabled
To start, make sure the public keys is formatted as such :

ssh-rsa(space)"key proper goes here="(space)identifier (usually yourname@anything. The spaces and = are important. Make sure the entire key is one continuous line. You can do this by placing the cursor at the end of the string and pressing the 'home' key. If it returns to the first 's' in ssh you're good. If not, join the lines.

Next, make sure the .ssh directory is owned by fred.fred (or users) and chmod is 700. Make sure the key is owned by fred.users and permissions are 600.

ps: no quotes around the key
 
Old 01-06-2006, 02:19 AM   #3
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Do you log into ssh using user fred?
ie are you doing:
ssh fred@your_Linux_machine ?
 
Old 01-06-2006, 03:28 AM   #4
Noob69
LQ Newbie
 
Registered: Jan 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Ahhh...

The client software I am using on the (cough) WinXP box is SSH Secure Shell V.3.2.9 Although I have also tried PuTTY. They generate keys in the form
Code:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "FRED'S Laptop [2048-bit rsa, Fred Bloggs@My-Laptop, Thu J\
an 05 2006 08:02:41]"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCU3BJFerYl8CJfadvHlWOXFCGAwATA49q7f013N2
w57EPobClGnbO+7AtpV3E5rPn5l0b2MVnqy5R2mrPrYBi2KWigDLjvNAGI5xYoPCrRVci5
+5douvqmvazxxs0DXaM8ErTVZkTWUUFMf3sMIHrmDCRLqhS+NgsIeSXOpYiB2Fp+w75wN/
8WSkslRGcK6dDyk5aPONqLwE5LQ16o8qCfv+pe9lOnFP2aU3wo1GhkRMYa/Sf49ktYR6pY
GEaNsO+bJTTurEThGl2vFrkN465dooQx08l6c8s34Pal9V6X4Jhvw0ZG5kI6oze+juxBNJ
W3cKOh31lGwRjE5g0XNXXr
---- END SSH2 PUBLIC KEY ----
Is this the problem?

Timmeke,
The SSH Secure Shell GUI software asks for us username before attempting the connection, so yes, I am connecting to fred@IP_Address. On connection the first thing it asks for is "Fred's password" It also has a command line version (ssh2.exe) and I have just tried doing ssh2 fred@ip_address and it does log in and ask me for fred's password.

With PuTTY I log into the IP address and it first asks me for a user (fred) and then password. However, at this point it has already said that the key fingerprint is xxxx,yyyy,xxxx etc... (which I think is the main one - not Fred's).

What to do next?

Many Thanks
 
Old 01-06-2006, 04:02 AM   #5
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
That key fingerprint is just the public key for the machine you're trying to connect to. On Linux, ssh
prints it too and asks you - the first time you connect to the machine - to store the key in the "known_hosts" file. This is done to prevent some types of spoofing attacks.

If I understand the ssh algorithm correctly, fred's key isn't actually transmitted. Rather, the server will send some kind of message, encrypted with fred's key to the client. If the client then has the right private key to decrypt the message, he has proven to the server that he is in fact who he claims to be (someone with access to fred's account).
The key you see is nothing more than the public key of the server, for your system to verify if the server is the right one. The client will use this key to encrypt anything sent to the server. Only the server will be able to decrypt it.

But then again, I may be mistaken.
 
Old 01-06-2006, 06:27 AM   #6
Noob69
LQ Newbie
 
Registered: Jan 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Something weird is happening,

After a *lot* of Googling I found a site that showed how to convert a Key generated in a windows client into an open SSH format: ssh-keygen -i -f windows_style_key > linux_style_key and so I converted one of the many keys I had been experimenting with and tried it. Guess what - it worked! There was an error caused by one of the other test keys which I had somehow mangled so, still whooping with joy, I deleted everything in the .ssh directory (except my "Fred" keypair) and deleted all the test keys off the windows box and started again. Step-by-step I created a new (what I hoped would be a "real") key with the windows client, I uploaded it to the linux box, I converted it to open-SSH format, I copied it into "authorized_keys" (now empty) and tried to connect. REFUSED. *&^"!!"**!
(password logons still work)

Try as I might I cannot get it to work again. Having had a taste of success I am now frustrated beyond words...

What on earth is going on?

{EDIT}

Ignore the above rant I've solved it!.....

In all my messing around I forgot that the "authorized_keys" file had to be chmod 600. When I deleted and recreated it, the file somehow had other rw permissions... Doing chmod 600 authorized_keys was all it too to fix the problem (blush).

I am now a *very* happy camper.

Thanks to all who helped.

Last edited by Noob69; 01-06-2006 at 06:40 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public key authentication teacup Linux - Networking 4 11-27-2011 11:27 PM
DISCUSSION: Public key authentication with ssh david_ross LinuxAnswers Discussion 31 02-02-2011 08:13 AM
ssh public key authentication problem flgal3 Linux - Software 21 02-06-2009 11:15 AM
SSH - Problem with Public Key Authentication HaPagan Linux - Security 5 11-28-2005 11:27 PM
ssh public key authentication to different remote home directory shawn_t Linux - Networking 2 03-20-2005 03:39 PM


All times are GMT -5. The time now is 06:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration