LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 08-03-2002, 08:24 PM   #16
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56

don't know?

mine will not accept a login without it. If I don't have the key it will ask if I want to download it.

If I say no it will not connect.

The authenticity of host 'mydomain.net (192.168.0.1)' can't be established.
RSA key fingerprint is vg:4a:0b:51:2g:97:75:92:d5:6v:14e:26:23:12:15:74.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.

Last edited by DavidPhillips; 08-03-2002 at 08:25 PM.
 
Old 08-03-2002, 08:31 PM   #17
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56
if I say yes

it will download the key to ~/.ssh/known_hosts

the format is

mydomain.net,192.168.0.1 ssh-rsa FJFLKJALKFUOIAUFU)**FU&*&
)*F)(UIFUA)*&Q)*R&UEW&(*YUF(&F(*YF(&YA(FYA(&^F&(AEFT
&AEYTD&(YT&*EYF(&^&A^^A%T*YA%T*&DYA(*^&Y(&Q^E=
mydomain2.net,192.168.1.1 ssh-rsa JEAF809u09EIUOI4Wr76E987Y
R9872LKJZSHDKLJHSoiupfjsE988U08EU7F8WEU8FU0W70898wu09r
9u8eyd987y87d7ud89798d73789798uoidullkjdfkjkef=
 
Old 08-03-2002, 08:33 PM   #18
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56
If the name and ip address of the server does not match a known host it will download a new key
 
Old 08-03-2002, 08:39 PM   #19
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56
Maybe I should not call it a key, since it is not the same as actually using a key instead of a password.
 
Old 08-05-2002, 03:58 AM   #20
lopezjo49
Member
 
Registered: Jun 2002
Location: NJ
Distribution: Mainly Kubuntu 8.10
Posts: 44

Rep: Reputation: 15
Maybe this is of some interest

Passwords are used with usernames and are not the same as passphrases, used for private keys. A passphrase can be a gibberish sentence with spaces, therefore much more difficult to attack using brutforce.

>The authenticity of host 'myserver.net (192.168.0.1)' can't be established.
>RSA key fingerprint is >cd:da:eb:b41:2g:95:79:70:d8:65:14:2r:2g:42:15:77.
>Are you sure you want to continue connecting (yes/no)?

This is the fingerprint and public key of the host, therefor going in the knownhosts file. This is asked to verify HOST authentication not user. This is to make sure your host is who they say they are and if you "trust" them you download this key and it will never ask you again.

Once that is established it asks for the user authentication. Here are 2 methods.
1) Username/Password is the lowest form

Username/Password uses the same sign-on as if you telneted. This means it can be guessed easier using brutforce adn you should change your passwords more frequently.

2)Public/Private key authentication, RSA authentication.

Public/Private (key pair) key usage. The Host will encrypt the data with your public prior to sending the info. This information can only be decrypted using the the private key of that key pair. You should have a safe backup copy of your private key and NEVER give it out. On top of that, if it was given out or stolen, the person would have to guess a long "passphrase" which may include spaces or a complete sentence.
 
Old 08-05-2002, 07:59 AM   #21
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Original Poster
Rep: Reputation: 45
Ok, so as I said, if you want to use encryption, you MUST use key authentication, right?

And if you want to use key, you have to:
1-Create keys with ssh-keygen
2-Put the .pub key in a FILES (and not folder) called authorized_key, in the folder .ssh, in the home of the system you wish to use as "local"
3-Keep id-xx.pub and id-xx (xx is rsa or dsa) in the ~/.ssh/ folder of the remote machine (the one runing sshd)

Is all these steps are ok? I want to figure why I can't use these damn key. Do I need to add different option while ./configure to enable key authentication???
 
Old 08-05-2002, 01:06 PM   #22
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56
http://www.csua.berkeley.edu/ssh-howto.html

this explains it.

Basically not having to type a password is a convenience. It uses an agent to take care of the password.

Using a password is not insecure with ssh.

Unless your password is something like..

apple
 
Old 08-05-2002, 04:47 PM   #23
lopezjo49
Member
 
Registered: Jun 2002
Location: NJ
Distribution: Mainly Kubuntu 8.10
Posts: 44

Rep: Reputation: 15
Quote:
Originally posted by Half_Elf
Ok, so as I said, if you want to use encryption, you MUST use key authentication, right?

And if you want to use key, you have to:
1-Create keys with ssh-keygen
2-Put the .pub key in a FILES (and not folder) called authorized_key, in the folder .ssh, in the home of the system you wish to use as "local"
3-Keep id-xx.pub and id-xx (xx is rsa or dsa) in the ~/.ssh/ folder of the remote machine (the one runing sshd)

Is all these steps are ok? I want to figure why I can't use these damn key. Do I need to add different option while ./configure to enable key authentication???
1)Yes, create the keys with a command like: "ssh-keygen -t rsa -b 2048".

2) Then copy .pub to ~/.ssh/authorized_keys, with chmod 600 on authorized_keys on the HOST machine (the one you want to connect to).
NOTE!!! authorized_keys is plural, because you can have more then one pub key in this file. Why? Because you may ssh from multiple clients using different private keys for each host, therefore putting their public keys in one file.

3) Keep id_xx in ~/.ssh/id_xx, with permissons set to chmod 600 on the client (sshing from).

4) Now on the HOST!! (running sshd) machine's /etc/ssh/sshd_conf set "RSAAuthentication yes" and "PasswordAuthentication no" (on the HOST machine)
 
Old 08-05-2002, 10:00 PM   #24
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Original Poster
Rep: Reputation: 45
Hum it's exactly what I already tried.... (hrrmmpppfff) I will forgot key authentication I think.... Anyways my password is more like "Tf43ybn$#bFFF4" :0p
 
Old 08-06-2002, 03:08 PM   #25
lopezjo49
Member
 
Registered: Jun 2002
Location: NJ
Distribution: Mainly Kubuntu 8.10
Posts: 44

Rep: Reputation: 15
Hopefully, you have backups of the ssh config files you modified or you may be best off removing ssh and reinstalling it on the client and host if you messed with too many areas. Then follow the four steps above should do it. Shouldn't take more then 5 mins.

OH, I just thought of something. Are you restarting sshd on the host after changing it's /etc/ssh/sshd_config file to have RSAAuthentication yes. You must restart or reload sshd after configuring the file. To restart ssh run this from a command line as root /etc/init.d/sshd restart.
 
Old 08-06-2002, 05:37 PM   #26
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Original Poster
Rep: Reputation: 45
Of course I do... I will try reinstall and come back with good news (I hope)
 
Old 08-07-2002, 03:59 AM   #27
lopezjo49
Member
 
Registered: Jun 2002
Location: NJ
Distribution: Mainly Kubuntu 8.10
Posts: 44

Rep: Reputation: 15
ok.. just making sure. sometimes the little things escape us in frustration.

good luck
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
ssh Host Key ziox Linux - Networking 6 02-07-2005 03:57 PM
SSH Global Key? kuronai Linux - Networking 3 08-18-2004 01:23 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 10:51 PM
ssh / ssh-key -- its always asking for passphrase BaerRS Linux - General 1 01-07-2003 07:21 PM


All times are GMT -5. The time now is 05:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration