LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-14-2013, 09:00 AM   #1
tripialos
Member
 
Registered: Apr 2012
Posts: 123

Rep: Reputation: Disabled
Question how does SSH use public/private Keys


Greetings

Happy new year to everyone.

I don't know if i should ask here or even my question to be addressed is like private lectures but when it comes to confusion i always run here in Linux Questions.

I have read many articles regarding ssh but i just got confused and mixed all things up.

So, i am firing up:

1) How come when i ssh to my server i am able to login since i havent generated any keys?

2) Does ssh uses keypairs to authorize a user or a host?

3) How does actually ssh uses the public/private keys for its purpose?

Thanks
 
Old 01-14-2013, 09:06 AM   #2
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,278

Rep: Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087
Honestly, this has been talked to death elsewhere ... do a little more Googling.

If you are able to ssh to a server without logging-in, then try this command: [font=courier]ls ~/.ssh[font] ... and don't forget the dot. See anything? If so, then you do have private keys defined and that's why you can log in without a password.

It's also possible that, on your (corporate) network, both systems are using a common password-authority such as LDAP. Both systems therefore recognize you and so they're letting you pass without further challenge.

SSH can be configured in many different ways. Yes, it does use keys to verify remote systems. In addition to this, it may use keys to recognize users. But there are several different ways that it can recognize users.
 
Old 01-14-2013, 09:13 AM   #3
tripialos
Member
 
Registered: Apr 2012
Posts: 123

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sundialsvcs View Post
Honestly, this has been talked to death elsewhere ... do a little more Googling.
Roger that :-S

Quote:
Originally Posted by sundialsvcs View Post
If you are able to ssh to a server without logging-in, then try this command: [font=courier]ls ~/.ssh[font] ... and don't forget the dot. See anything? If so, then you do have private keys defined and that's why you can log in without a password.
Provably i wasnt that clear. What i ment is that i do get password promt and enter my login credentials to gain access to my VPS. However, in all tutorials i read that you generate password/pass-wordless keys in order to access the remote hist. Hence my question why i get login prompt since i havent generated any keys. [/QUOTE]

Will do more googling
 
Old 01-15-2013, 01:54 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,247

Rep: Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025
You can login with password OR passwordless-using-ssh-keys ie its either one or the other.
This is not taking into acct distributed auth systems like LDAP as mentioned above.

PS try chap 17 http://www.linuxtopia.org/online_boo...ion/index.html
 
Old 01-15-2013, 02:35 AM   #5
tripialos
Member
 
Registered: Apr 2012
Posts: 123

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by chrism01 View Post
You can login with password OR passwordless-using-ssh-keys ie its either one or the other.
This is not taking into acct distributed auth systems like LDAP as mentioned above.

PS try chap 17 http://www.linuxtopia.org/online_boo...ion/index.html
Thanks. I am on it.

Since yesterday i am reading the book :SSH, The Secure Shell: The Definitive Guide

http://www.amazon.co.uk/SSH-Secure-S.../dp/0596008953

So far it made clear a lot of things that were confusing me. Once i finish it i am thinking to come back and post a very brief, simplified version of SSH in order to answer my question
 
Old 01-15-2013, 02:51 AM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Look at your /etc/ssh/sshd_config file. Just after the UsePAM is a paragraph of comments which say which settings to change for using keys instead. You still need to generated keys on your client computer, and add the public keys to $HOME/.SSH/authorized_keys,

You also need to check the permissions of .SSH and your home directory,

Use ssh-keygen to generate the key pair.

Last edited by jschiwal; 01-15-2013 at 02:52 AM.
 
  


Reply

Tags
publickeys, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh prompts for password even though public and private keys have been generated kaplan71 Linux - Software 6 05-07-2008 04:57 PM
ssh public/private keys lord_darkhelmet Linux - Newbie 8 10-29-2005 03:14 PM
SSH public / private keys problem guideweb Linux - Software 7 08-27-2005 09:49 PM
How to delete public & private keys for SSH? TrulyTessa Linux - Security 2 11-18-2004 12:27 PM
Help with SSH and public/private keys stodge Linux - Security 5 05-14-2003 01:22 PM


All times are GMT -5. The time now is 12:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration