How can i import my RSA key

ZAMO · 06-03-2008, 01:09 AM

Geeks,

Am using a rsa-key to connect to my server , from windows using Open-ssh.
Now i want to connect to the server , from my Linux box using the same key.

How can i import the key?

ANY IDEA....

jschiwal · 06-03-2008, 02:45 AM

The keys in Linux are id_rsa and is_rsa.pub. The keys in Putty end in *.ppk and the public key should have public in it. You can run the putty genkey program, load the putty keys (from where you saved them). Then cut & paste the public key displayed on top. It is in the same format as a Linux public key. From the menu, export the private key.

I would recommend that you use a Linux key pair and add id_rsa.pub to the end of ~/.authorized_keys. Shared keys are generally not a good idea. Also, the options field in a public key entry allow things like host control. This can help protect the server even if the key is lost. For example you can restrict loggins from 192.168.0/24 for that key.

ZAMO · 06-03-2008, 03:27 AM

Thanks Guru,,

If i try to create a key in Linux ,using

Code:

$ ssh-keygen -t rsa

a RSA key is generated successfully. If I add the key to the server , using

Code:

ssh-keygen --if mykey.pub >>.ssh/authorized_keys

I get the error

Code:

uudecode failed.

I gave-up the idea of importing an already existing key from windows.

What I need now is to generate a RSA key from client, and to add it to the server.

Can anyone guide me to, set this UP....

Thanks in Advance

ischi · 06-03-2008, 03:37 AM

Thats acctually really really easy, just google ssh without password or follow this link:
http://linuxproblem.org/art_9.html

Good Luck

jschiwal · 06-03-2008, 03:54 AM

First of all, you used two dashes instead of one in the options. Secondly, the -f option is for importing an ssh key and exporting an openssh key. If you are using openssh in both, simply:
cat mykey.pub >> .ssh/authorized_keys

If the server is running a commercial ssh server, then export the openssh key to an RFC 4716 SSH public key format:
ssh-keygen -ef mykey.pub >my4716key.pub. The server will probably either accept this form or be able to import it.

ZAMO · 06-03-2008, 04:06 AM

Thank you Ischi...

Guru,

I got the point. I added the key using

cat mykey.pub >> .ssh/authorized_keys

and it works. As moving forward, my next question is... How can I login from the client shell.

Am using ssh -i mykey.pub x.x.x.x

It is prompting for password... I want to enter passphrase as login credential.What is the option for ssh , to login to a server using pub-key.

Thanks

jschiwal · 06-03-2008, 04:21 AM

Your public key should be in ~/.id_rsa.pub. Using "ssh user@server" will use that key.

Is the server configured for public key authentication?

You can try logging in like "ssh -v user@server" and see that the verbose messages says about public key authentication.

Code:

ssh -v hpmedia
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to hpmedia [127.0.0.2] port 22.
debug1: Connection established.
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jschiwal/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/jschiwal/.ssh/id_rsa':

If the server accepts password authentication, you may have had a "ssh-copy-id" program that could have added the key to the servers authorized_keys file for you.

ssh-copy-id [-i [identity_file]] [user@]machine

After opening a konsole on the local machine, I can use:
eval $(ssh-agent)
ssh-add

And then enter my passphrase once. After that the server won't ask for the passphrase each time I log in.
You may also want to disable password authentication on the server.

You could also use "PasswordAuthentication" in a ~/.ssh_config file. In the present situation, your login would fail however. Password authentication should be disabled on the server to prevent brute force username/password attack.