LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Don't understand how to use SSH keys with "ssh" and "scp" commands on Lubuntu (https://www.linuxquestions.org/questions/linux-newbie-8/dont-understand-how-to-use-ssh-keys-with-ssh-and-scp-commands-on-lubuntu-4175495956/)

maples 02-23-2014 12:42 PM
Don't understand how to use SSH keys with "ssh" and "scp" commands on Lubuntu
 
I recently acquired an old netbook (Asus Eee PC 901) and installed Lubuntu 13.10 on it. I have a server at home, and SSH into it all the time from my Windows laptop. I made a new SSH key on my Windows laptop with PuTTYgen, put it on the server, and copied the private key to the netbook. I then ran this:
Code:
ssh -i key.ppk -p (port #) anthony@10.0.0.26
It replies:
Code:
Enter passphrase for key 'key.ppk':
I enter the passphrase. It asks for it two more times, then says:
Code:
Permission denied (publickey).
When I tried to use the "scp" command, I got similar results

At this point, I'm completely lost. I made sure that I typed the passphrase correctly, the key works through PuTTY, but the "ssh" and "scp" commands refuse to use it.

lleb 02-23-2014 02:26 PM
read the links in my sig. they will help. ask if you have further questions.

Xrandr 02-23-2014 08:59 PM
To copy a file or many files to ssh server

scp -P <port num> file(s) user@xxx.xxx.xxx.xxx:<destination>

scp uses a capital 'P', while ssh uses a lower case 'p'. If your ssh port is 22, you don't need the p's flag.

The following example will copy the public key to the ssh server.

Code:
scp -P <port num> ~/.ssh/id_rsa.pub user@192.168.100.15:~/.ssh/authorized_keys
To login into a ssh server

Code:
ssh -p <port num> user@xxx.xxx.xxx.xxx

haertig 02-23-2014 10:52 PM
Quote:
Originally Posted by Xrandr (Post 5123494)
The following example will copy the public key to the ssh server.

Code:
scp -P <port num> ~/.ssh/id_rsa.pub user@192.168.100.15:~/.ssh/authorized_keys
That, it will do. And it will also wipe out any OTHER keys you had in your authorized_keys file!

Xrandr 02-23-2014 11:30 PM
Quote:
Originally Posted by haertig (Post 5123526)
That, it will do. And it will also wipe out any OTHER keys you had in your authorized_keys file!
I'm sure maples is aware of that and would upload the id_rsa.pub file instead and then append it to the authorized_keys file.

The code I gave is an example of setting up the public key for the first time to a new authorized_keys file.

evo2 02-23-2014 11:38 PM
Hi,

ssh-copy-id is a very useful little script (in the openssh-client package on Debian and derivatives) which will append the key to the authorized_keys file.

Regarding debugging the original problem, try running ssh with versbose output, and to get even more information have a look at the sshd log (eg /var/log/auth.log).

Evo2.

maples 02-25-2014 01:12 PM
Thanks for the responses!

Unfortunately, I wasn't thinking when I posted this thread, and I'll be out of town and won't be able to try any of this until next week, maybe later. I'll get back with you then, but until then I won't have access to the machine that I'm having the problem on. Sorry for the lack of foresight.

Thanks again, and I apologize that I can't test anything until next week.

maples 03-02-2014 12:46 PM
I'm back.

Here is the verbose output:
Code:
anthony@Anthony-Eee:~$ ssh -v -p xxxx anthony@10.0.0.26 -i key.ppk
OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.0.26 [10.0.0.26] port xxxx.
debug1: Connection established.
debug1: identity file key.ppk type -1
debug1: identity file key.ppk-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: [REMOVED]
debug1: Host '[10.0.0.26]:xxxx' is known and matches the ECDSA host key.
debug1: Found key in /home/anthony/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: key.ppk
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'key.ppk':
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'key.ppk':
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'key.ppk':
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: No more authentication methods to try.
Permission denied (publickey).
anthony@Anthony-Eee:~$
Code:
anthony@Anthony-Eee:/var/log$ cat auth.log
Mar  2 12:17:01 Anthony-Eee CRON[2399]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar  2 12:17:01 Anthony-Eee CRON[2399]: pam_unix(cron:session): session closed for user root
Mar  2 12:54:50 Anthony-Eee polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:anthony to gain ONE-SHOT authorization for action com.ubuntu.pkexec.gparted for unix-process:2482:453658 [/bin/sh /usr/bin/gparted-pkexec] (owned by unix-user:anthony)
Mar  2 12:54:50 Anthony-Eee pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar  2 12:54:50 Anthony-Eee pkexec[2483]: anthony: Executing command [USER=root] [TTY=unknown] [CWD=/home/anthony] [COMMAND=/usr/sbin/gparted]
Mar  2 13:08:51 Anthony-Eee dbus[412]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.29" (uid=0 pid=1343 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=823 comm="NetworkManager ")
Mar  2 13:20:14 Anthony-Eee dbus[412]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.29" (uid=0 pid=1343 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=823 comm="NetworkManager ")
anthony@Anthony-Eee:/var/log$
I know that the public key is on the server alredy, PuTTY can use it just fine.
It appears that it is not recognizing the SSH key properly. I made it with PuTTYgen on another computer, and transferred it via flash drive. Does the ssh command have problems recognizing PuTTY keys?

Drakeo 03-02-2014 12:56 PM
I found the the turorial on the github to be a very nice one. how to ssh-key
As a matter of fact just learning how to set up a git repo ,just for fun. Will be the best to learn this type of stuff .

joe_2000 03-02-2014 02:16 PM
Quote:
Originally Posted by maples (Post 5127487)
I'm back.
It appears that it is not recognizing the SSH key properly. I made it with PuTTYgen on another computer, and transferred it via flash drive. Does the ssh command have problems recognizing PuTTY keys?
From memory I am pretty sure that putty ssh keys have a strange format that can't be used by the openssh client.
Create a new key with ssh-keygen and upload it to your server using ssh-copy-id.

That should do the trick

EDIT: You will want to temporarily allow password logins on the server for the ssh-copy-id script to be able to upload the new key.

suicidaleggroll 03-02-2014 02:38 PM
Quote:
Originally Posted by maples (Post 5127487)
It appears that it is not recognizing the SSH key properly. I made it with PuTTYgen on another computer, and transferred it via flash drive.
Why?

Give each machine its own key and put them both in the authorized keys file on the server. Trying to share a single key between multiple client machines is both unsafe and a PITA.

maples 03-02-2014 07:17 PM
Quote:
Originally Posted by suicidaleggroll (Post 5127547)
Why?

Give each machine its own key and put them both in the authorized keys file on the server. Trying to share a single key between multiple client machines is both unsafe and a PITA.
I have already taken that advice. I currently have 5 keys: the one I'm posting about, 2 for other home computers, one for school (password-protected, in case the system admin wants to go through my files), and one I keep on a flash drive in my pocket, because I'm a geek and feel like it. (BTW, it has 2 partitions: a bootable Ext2 and a FAT32) :D But thanks for making sure, I could see how another fellow newbie could make that mistake.

The only reason I had to transfer the file via flash drive is because PuTTYgen is a ".exe" and was the only way I knew how to make keys. But thanks to joe_2000, I now know the right thing to tell Google, and can do it the right way :). I'll just save the public key to that same flashdrive, stick it in my laptop, and put it in through there.

I don't have a chance to do it now, though, but I should be able to tomorrow. Depends if the snow tonight is enough to cancel school. :study:

maples 03-10-2014 10:09 PM
Wow...I thought it would be tow days not weeks. But that's what happens during research paper season...

I generated a new key with the "ssh-keygen" command, and copied it to my server, and it works! Thanks for helping me with this!

I'm marking this thread as solved.


All times are GMT -5. The time now is 06:33 AM.