LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-23-2014, 01:42 PM   #1
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 811

Rep: Reputation: 264Reputation: 264Reputation: 264
Don't understand how to use SSH keys with "ssh" and "scp" commands on Lubuntu


I recently acquired an old netbook (Asus Eee PC 901) and installed Lubuntu 13.10 on it. I have a server at home, and SSH into it all the time from my Windows laptop. I made a new SSH key on my Windows laptop with PuTTYgen, put it on the server, and copied the private key to the netbook. I then ran this:
Code:
ssh -i key.ppk -p (port #) anthony@10.0.0.26
It replies:
Code:
Enter passphrase for key 'key.ppk':
I enter the passphrase. It asks for it two more times, then says:
Code:
Permission denied (publickey).
When I tried to use the "scp" command, I got similar results

At this point, I'm completely lost. I made sure that I typed the passphrase correctly, the key works through PuTTY, but the "ssh" and "scp" commands refuse to use it.
 
Old 02-23-2014, 03:26 PM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
read the links in my sig. they will help. ask if you have further questions.
 
Old 02-23-2014, 09:59 PM   #3
Xrandr
LQ Newbie
 
Registered: Feb 2014
Posts: 8

Rep: Reputation: 6
To copy a file or many files to ssh server

scp -P <port num> file(s) user@xxx.xxx.xxx.xxx:<destination>

scp uses a capital 'P', while ssh uses a lower case 'p'. If your ssh port is 22, you don't need the p's flag.

The following example will copy the public key to the ssh server.

Code:
scp -P <port num> ~/.ssh/id_rsa.pub user@192.168.100.15:~/.ssh/authorized_keys
To login into a ssh server

Code:
ssh -p <port num> user@xxx.xxx.xxx.xxx

Last edited by Xrandr; 02-23-2014 at 10:05 PM.
 
Old 02-23-2014, 11:52 PM   #4
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,131

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by Xrandr View Post
The following example will copy the public key to the ssh server.

Code:
scp -P <port num> ~/.ssh/id_rsa.pub user@192.168.100.15:~/.ssh/authorized_keys
That, it will do. And it will also wipe out any OTHER keys you had in your authorized_keys file!
 
Old 02-24-2014, 12:30 AM   #5
Xrandr
LQ Newbie
 
Registered: Feb 2014
Posts: 8

Rep: Reputation: 6
Quote:
Originally Posted by haertig View Post
That, it will do. And it will also wipe out any OTHER keys you had in your authorized_keys file!
I'm sure maples is aware of that and would upload the id_rsa.pub file instead and then append it to the authorized_keys file.

The code I gave is an example of setting up the public key for the first time to a new authorized_keys file.

Last edited by Xrandr; 02-24-2014 at 12:41 AM.
 
Old 02-24-2014, 12:38 AM   #6
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

ssh-copy-id is a very useful little script (in the openssh-client package on Debian and derivatives) which will append the key to the authorized_keys file.

Regarding debugging the original problem, try running ssh with versbose output, and to get even more information have a look at the sshd log (eg /var/log/auth.log).

Evo2.
 
Old 02-25-2014, 02:12 PM   #7
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 811

Original Poster
Rep: Reputation: 264Reputation: 264Reputation: 264
Thanks for the responses!

Unfortunately, I wasn't thinking when I posted this thread, and I'll be out of town and won't be able to try any of this until next week, maybe later. I'll get back with you then, but until then I won't have access to the machine that I'm having the problem on. Sorry for the lack of foresight.

Thanks again, and I apologize that I can't test anything until next week.
 
Old 03-02-2014, 01:46 PM   #8
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 811

Original Poster
Rep: Reputation: 264Reputation: 264Reputation: 264
I'm back.

Here is the verbose output:
Code:
anthony@Anthony-Eee:~$ ssh -v -p xxxx anthony@10.0.0.26 -i key.ppk 
OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.0.26 [10.0.0.26] port xxxx.
debug1: Connection established.
debug1: identity file key.ppk type -1
debug1: identity file key.ppk-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: [REMOVED]
debug1: Host '[10.0.0.26]:xxxx' is known and matches the ECDSA host key.
debug1: Found key in /home/anthony/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: key.ppk
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'key.ppk': 
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'key.ppk': 
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'key.ppk': 
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: No more authentication methods to try.
Permission denied (publickey).
anthony@Anthony-Eee:~$
Code:
anthony@Anthony-Eee:/var/log$ cat auth.log
Mar  2 12:17:01 Anthony-Eee CRON[2399]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar  2 12:17:01 Anthony-Eee CRON[2399]: pam_unix(cron:session): session closed for user root
Mar  2 12:54:50 Anthony-Eee polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:anthony to gain ONE-SHOT authorization for action com.ubuntu.pkexec.gparted for unix-process:2482:453658 [/bin/sh /usr/bin/gparted-pkexec] (owned by unix-user:anthony)
Mar  2 12:54:50 Anthony-Eee pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000)
Mar  2 12:54:50 Anthony-Eee pkexec[2483]: anthony: Executing command [USER=root] [TTY=unknown] [CWD=/home/anthony] [COMMAND=/usr/sbin/gparted]
Mar  2 13:08:51 Anthony-Eee dbus[412]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.29" (uid=0 pid=1343 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=823 comm="NetworkManager ")
Mar  2 13:20:14 Anthony-Eee dbus[412]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.29" (uid=0 pid=1343 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.7" (uid=0 pid=823 comm="NetworkManager ")
anthony@Anthony-Eee:/var/log$
I know that the public key is on the server alredy, PuTTY can use it just fine.
It appears that it is not recognizing the SSH key properly. I made it with PuTTYgen on another computer, and transferred it via flash drive. Does the ssh command have problems recognizing PuTTY keys?
 
Old 03-02-2014, 01:56 PM   #9
Drakeo
Senior Member
 
Registered: Jan 2008
Location: Urbana IL
Distribution: Slackware, Slacko,
Posts: 3,090
Blog Entries: 3

Rep: Reputation: 324Reputation: 324Reputation: 324Reputation: 324
I found the the turorial on the github to be a very nice one. how to ssh-key
As a matter of fact just learning how to set up a git repo ,just for fun. Will be the best to learn this type of stuff .

Last edited by Drakeo; 03-02-2014 at 01:58 PM. Reason: more info
 
Old 03-02-2014, 03:16 PM   #10
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Debian
Posts: 812

Rep: Reputation: 216Reputation: 216Reputation: 216
Quote:
Originally Posted by maples View Post
I'm back.
It appears that it is not recognizing the SSH key properly. I made it with PuTTYgen on another computer, and transferred it via flash drive. Does the ssh command have problems recognizing PuTTY keys?
From memory I am pretty sure that putty ssh keys have a strange format that can't be used by the openssh client.
Create a new key with ssh-keygen and upload it to your server using ssh-copy-id.

That should do the trick

EDIT: You will want to temporarily allow password logins on the server for the ssh-copy-id script to be able to upload the new key.

Last edited by joe_2000; 03-02-2014 at 03:17 PM.
 
Old 03-02-2014, 03:38 PM   #11
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,362

Rep: Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004
Quote:
Originally Posted by maples View Post
It appears that it is not recognizing the SSH key properly. I made it with PuTTYgen on another computer, and transferred it via flash drive.
Why?

Give each machine its own key and put them both in the authorized keys file on the server. Trying to share a single key between multiple client machines is both unsafe and a PITA.
 
Old 03-02-2014, 08:17 PM   #12
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 811

Original Poster
Rep: Reputation: 264Reputation: 264Reputation: 264
Quote:
Originally Posted by suicidaleggroll View Post
Why?

Give each machine its own key and put them both in the authorized keys file on the server. Trying to share a single key between multiple client machines is both unsafe and a PITA.
I have already taken that advice. I currently have 5 keys: the one I'm posting about, 2 for other home computers, one for school (password-protected, in case the system admin wants to go through my files), and one I keep on a flash drive in my pocket, because I'm a geek and feel like it. (BTW, it has 2 partitions: a bootable Ext2 and a FAT32) But thanks for making sure, I could see how another fellow newbie could make that mistake.

The only reason I had to transfer the file via flash drive is because PuTTYgen is a ".exe" and was the only way I knew how to make keys. But thanks to joe_2000, I now know the right thing to tell Google, and can do it the right way . I'll just save the public key to that same flashdrive, stick it in my laptop, and put it in through there.

I don't have a chance to do it now, though, but I should be able to tomorrow. Depends if the snow tonight is enough to cancel school.

Last edited by maples; 03-02-2014 at 08:19 PM.
 
Old 03-10-2014, 11:09 PM   #13
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 811

Original Poster
Rep: Reputation: 264Reputation: 264Reputation: 264
Wow...I thought it would be tow days not weeks. But that's what happens during research paper season...

I generated a new key with the "ssh-keygen" command, and copied it to my server, and it works! Thanks for helping me with this!

I'm marking this thread as solved.
 
  


Reply

Tags
lubuntu, putty, ssh access using key


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] I say "realloc", you say "SIGABRT" - And I don't understand it. derchris Programming 3 03-25-2011 12:02 PM
"Keep laptop running on lid close?" + "ssh via crossover cable?" FatalKeystroke Linux - Laptop and Netbook 7 03-11-2011 08:53 AM
Standard commands give "-bash: open: command not found" even in "su -" and "su root" mibo12 Linux - General 4 11-11-2007 11:18 PM
"depmod" and "modprobe" commands don't work The1PatO Fedora 7 06-10-2004 01:10 PM


All times are GMT -5. The time now is 08:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration