LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-05-2011, 01:57 PM   #1
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Rep: Reputation: 2
How to set SSH keys on SSH server


Hi:

I installed SSH server on my ubuntu-server last night, following this online Guide:

https://help.ubuntu.com/10.04/server...sh-server.html

Then I tried to generate the public and private keys.

root@ubuntu-server:~# ssh-keygen t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):


I didn't know what to enter here.


mansour
 
Old 01-05-2011, 02:01 PM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

You can put what you want as the key name so it's easier for you to identify it along the way. This tutorial explains a bit about the options you have to use the keys as authentication method (with or without password).

Kind regards,

Eric
 
Old 01-05-2011, 03:17 PM   #3
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by EricTRA View Post
Hi,

You can put what you want as the key name so it's easier for you to identify it along the way. This tutorial explains a bit about the options you have to use the keys as authentication method (with or without password).

Kind regards,

Eric


Hi Eric:

Thank you very much for your reply,
I looked at the tutorial you sent me, is a bit different from what I see in the Online Guide here.
In the online Guide it says do this:
Now copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering:
ssh-copy-id username@remotehost


But on my windows XP machine username = Administrator and host = COMP1
So
root@ubuntu-server:~# shh-copy-id Administrator@COMP1

I did and I get error message:

root@ubuntu-server:~# /usr/bin/ssh-copy-id: ERROR: No identities found

So what did I do wrong here?



mansour

Last edited by mansour; 01-05-2011 at 03:19 PM.
 
Old 01-05-2011, 03:26 PM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello,

AFAIK the ssh-copy-id works between Linux flavors only and not from Windows to Linux but I might be wrong since I never used it from Windows. You can copy your key using scp instead:
Code:
scp yourkey.pub <youruser>@<yourlinuxserver>:/home/youruser
The above will copy the key to the home directory of your user at your Linux machine. Next log in to your Linux box and check if you have the .ssh directory and the authorized_keys file in there, then add the key to that file:
Code:
cat /home/<youruser>/yourkey.pub >> /home/<youruser>/.ssh/authorized_keys
Kind regards,

Eric
 
Old 01-05-2011, 03:36 PM   #5
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by EricTRA View Post
Hello,

AFAIK the ssh-copy-id works between Linux flavors only and not from Windows to Linux but I might be wrong since I never used it from Windows. You can copy your key using scp instead:
Code:
scp yourkey.pub <youruser>@<yourlinuxserver>:/home/youruser
The above will copy the key to the home directory of your user at your Linux machine. Next log in to your Linux box and check if you have the .ssh directory and the authorized_keys file in there, then add the key to that file:
Code:
cat /home/<youruser>/yourkey.pub >> /home/<youruser>/.ssh/authorized_keys
Kind regards,

Eric


Sorry for the basic question I ask you, but what is mykey.pub? where would I find that.
I just pressed the Enter key, so don't know where the key.pub is.


mansour
 
Old 01-05-2011, 03:45 PM   #6
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello,

If you only pressed <enter> every time (once for the default filename, twice for an empty password), then your key would be named
Code:
id_dsa.pub
and if I'm not mistaking it would be in the directory where you executed the command.

BTW, I just noticed something. You generated the key apparently on your Ubuntu server, correct? And now you're want to copy the key over to your Windows machine, correct? Do you have SSH running on Windows through Cygwin? Can you clarify a bit what you want to do exactly with the keys?

If you didn't set up a SSH on the Windows site then the scp copy will not work either.

Kind regards,

Eric
 
Old 01-05-2011, 04:05 PM   #7
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by EricTRA View Post
Hello,

If you only pressed <enter> every time (once for the default filename, twice for an empty password), then your key would be named
Code:
id_dsa.pub
and if I'm not mistaking it would be in the directory where you executed the command.

BTW, I just noticed something. You generated the key apparently on your Ubuntu server, correct? And now you're want to copy the key over to your Windows machine, correct? Do you have SSH running on Windows through Cygwin? Can you clarify a bit what you want to do exactly with the keys?

If you didn't set up a SSH on the Windows site then the scp copy will not work either.

Kind regards,

Eric

Hi again:

OK, I actually found two files there. in my /home/mansour/ directroy
I named the file private (you said it could be anything)
so now I have these two files there.
private private.pub

I don't have id_dsa.pub


I was asked twice by the server to enter a paraphrase and every time I Pressed the Enter key once only.

And yes, I do have a scp Cygwin on my windows XP machine. is a nice GUI application.


My end goal is to transfer files securely between my ubuntu-server and my Win XP machine.
I also want to be able to login to my server from outside.



Regards,

mansour

Last edited by mansour; 01-05-2011 at 04:07 PM.
 
Old 01-05-2011, 04:09 PM   #8
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello,

Ok, so your keyfile is named private. The part you need to copy is the private.pub file. I assumed as you said you only pressed enter that the filename would be the default which is id_dsa.pub (for the command you used). If you got your ssh set up correctly under cygwin then you should be able to copy the file over to Windows.

Kind regards,

Eric
 
Old 01-05-2011, 04:26 PM   #9
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by EricTRA View Post
Hello,

Ok, so your keyfile is named private. The part you need to copy is the private.pub file. I assumed as you said you only pressed enter that the filename would be the default which is id_dsa.pub (for the command you used). If you got your ssh set up correctly under cygwin then you should be able to copy the file over to Windows.

Kind regards,

Eric
I actually had never used the cygwin program before, but I had been using my Win scp program which is a GUI for my school work. But now I see that I have also a shell program on my windows XP.

Ok, so I have a terminal on my Windows XP cygwin shell program like this:

Administarator@COMP1~$

Would this now change the command you asked me to enter at my ubuntu-server terminal?

also my SSH server listens on port 3000 not the default 22.

so would the command be a bit different then?
and how different it would have to be, to copy the key to Win Xp.


Thank you for your patience with my so basic questions for you.


mansour
 
Old 01-05-2011, 08:38 PM   #10
djtoltz
Member
 
Registered: Nov 2003
Location: Eastern North Carolina, USA
Distribution: Mandrake
Posts: 51

Rep: Reputation: 20
If I am reading all of this correctly, you want to use your Ubuntu machine as the ssh server and you wish to use your scp GUI application to move files between them from Windows, and you'd also like to be able to log into your Ubuntu machine from a remote machine.

Is that correct?

If I am reading that correctly, you will want to add your public key to the ~/.ssh/authorized_keys2 file on your user account on the Ubuntu server, and store the private key in your ssh folder on the client machine. You can add more than one key to the authorized_keys2 file on your server, so I would recommend that you create a pass-phrase protected key on any machine you intend to carry around with you to access your server remotely.

Also, having ssh running on port 3000 on the server would require that you either update your .ssh/config file, or add -p 3000 to all of the commands you issue on the command line.

Please clarify the roles of your machines, so we know how to direct you.
 
Old 01-05-2011, 10:58 PM   #11
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by djtoltz View Post
If I am reading all of this correctly, you want to use your Ubuntu machine as the ssh server and you wish to use your scp GUI application to move files between them from Windows, and you'd also like to be able to log into your Ubuntu machine from a remote machine.

Is that correct?

If I am reading that correctly, you will want to add your public key to the ~/.ssh/authorized_keys2 file on your user account on the Ubuntu server, and store the private key in your ssh folder on the client machine. You can add more than one key to the authorized_keys2 file on your server, so I would recommend that you create a pass-phrase protected key on any machine you intend to carry around with you to access your server remotely.

Also, having ssh running on port 3000 on the server would require that you either update your .ssh/config file, or add -p 3000 to all of the commands you issue on the command line.

Please clarify the roles of your machines, so we know how to direct you.


Actually no, I want to setup ssh server on my ubuntu-server and be able then to transfer files to my Win XP machine. I have a GUI winscp on my Win XP, but I mentioned that because the previous poster gave me a command that included scp in it.
I also happened to have a cygwin program on my Win XP which I just learned today is a ssh shell program. I haven't configured it really yet.

I didn't know what it was for. I must have downloaded it when I first installed my Winscp.
So other than trasfering files between my ubunut-server and Win XP, I also like to be able to log into my ubuntu-server from outside, but that's not very important right now.
I wonder whether this cygwin program is a client ssh or a server ssh program?
And am I able to do all the commands in it, that I can do on my ubuntu-server terminal?

The Online Guide ssh section is saying all these commands for the ssh server, which is installed on ubuntu-server machine, while I am learning here that I should do half on the win XP.(client)

And I have updated my .ssh/config file to listen on port 3000 based on the advice of the online guide here:

https://help.ubuntu.com/10.04/server...sh-server.html

Could you please tell me where would I find ~/.ssh/authorized_keys2 on my server machine?



Thank you very much

mansour

Last edited by mansour; 01-05-2011 at 11:13 PM.
 
Old 01-05-2011, 11:43 PM   #12
djtoltz
Member
 
Registered: Nov 2003
Location: Eastern North Carolina, USA
Distribution: Mandrake
Posts: 51

Rep: Reputation: 20
It sounds to me like you really need both machines set up as servers and as clients, but I am not familiar with the ssh configuration on Windows with Cygwin, so I'll stay on the Ubuntu side.

If you open a shell (command line interface) on Ubuntu and just type "cd" and hit enter, you will be in your home folder. If the .ssh folder already exists, you can see it with "ls -ad .ssh". If it's not there, you can create it with "md .ssh", then change your directory to .ssh by typing "cd .ssh". FYI, "cd ~/.ssh" will take you to it from anywhere because the tilde (~) means "from my home folder".

So, having gotten into the .ssh folder, ssh requires the permissions to be limited, so you might want to issue the "chmod 700 ." command to make the folder accessible only to you.

Now that we have the folder, we need two things for your peer-to-peer setup. You will need the public part of your Windows key written into the authorized_keys2 file on this machine, and you will need a private key for this machine to log into the Windows box. So, you could generate 2 public/private key pairs, or you could use the same one, I guess, with the private one having the name id_dsa, or whatever you configured and the public key stored in the authorized_keys2 file.

The way this works is like this;
When you use ssh or scp, the machine you are on will read it's config file from the ~/.ssh folder to get port settings and default cypher key settings for the target host. It will then use the selected key (private key) to encrypt a message that can only be decrypted with the associated public key. The remote host is contacted, the message is sent, along with some identifying information, and the remote host checks to see if the message can be decrypted with the matching key in authorized_keys2. If the remote host has the right public key in authorized_keys2 to match the private key the local host is using to connect, they will set up an encrypted pipe, and you're on. If not, the connection will be rejected.

I hope that helps.
 
Old 01-06-2011, 07:18 PM   #13
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by djtoltz View Post
It sounds to me like you really need both machines set up as servers and as clients, but I am not familiar with the ssh configuration on Windows with Cygwin, so I'll stay on the Ubuntu side.

If you open a shell (command line interface) on Ubuntu and just type "cd" and hit enter, you will be in your home folder. If the .ssh folder already exists, you can see it with "ls -ad .ssh". If it's not there, you can create it with "md .ssh", then change your directory to .ssh by typing "cd .ssh". FYI, "cd ~/.ssh" will take you to it from anywhere because the tilde (~) means "from my home folder".

So, having gotten into the .ssh folder, ssh requires the permissions to be limited, so you might want to issue the "chmod 700 ." command to make the folder accessible only to you.

Now that we have the folder, we need two things for your peer-to-peer setup. You will need the public part of your Windows key written into the authorized_keys2 file on this machine, and you will need a private key for this machine to log into the Windows box. So, you could generate 2 public/private key pairs, or you could use the same one, I guess, with the private one having the name id_dsa, or whatever you configured and the public key stored in the authorized_keys2 file.

The way this works is like this;
When you use ssh or scp, the machine you are on will read it's config file from the ~/.ssh folder to get port settings and default cypher key settings for the target host. It will then use the selected key (private key) to encrypt a message that can only be decrypted with the associated public key. The remote host is contacted, the message is sent, along with some identifying information, and the remote host checks to see if the message can be decrypted with the matching key in authorized_keys2. If the remote host has the right public key in authorized_keys2 to match the private key the local host is using to connect, they will set up an encrypted pipe, and you're on. If not, the connection will be rejected.

I hope that helps.


Hello djtoltz:

Thank you for your post, I appreciate it very much.
OK, I did all the things you asked me to do in the first three paragraph of your post here.

So there is /home/mansour/.ssh/
although obviously .ssh is an invisible directory, unless I do the command ls -la to see it. With ls command I can't see .ssh directory at all.

But the next paragraph, I don't understand.
I ran the command ssh-keygen -t rsa which generated two keys for me. I called the files key so they are key (private key) and key.pub (public key)
So now you say "You will need the public part of your Windows key written into the authorized_keys2 file on this machine".

Is the windows key, written in windows machine, or is the same key.pub I have created here here on ubuntu machine by running the ssh-keygen -t rsa?
If it is created on windows machine, I don't know how to do it on cygwin program.

authorized_keys2 file, where is this file going to be created in the directory structure below?

And I don't know why but the instruction in the online guide won't work for me ,
https://help.ubuntu.com/10.04/server...sh-server.html

I get error message when copying the file to remote host. In fact I don't know which one is remote host, in my case, it windows machine or ubuntu-server, which is hosting ssh server.

/home/mansour/.ssh/ [key, key.pub]

I am bit lost here.


Thank you

mansour

Last edited by mansour; 01-06-2011 at 07:35 PM.
 
Old 01-06-2011, 07:30 PM   #14
djtoltz
Member
 
Registered: Nov 2003
Location: Eastern North Carolina, USA
Distribution: Mandrake
Posts: 51

Rep: Reputation: 20
You can create the key wherever you want to. I think you can use a single key for both directions, so here is how it would be in your setup with your "key" and "key.pub".

You will cat key.pub >> ~/.ssh/authorized_keys2 on both machines (not sure exactly how to do it on Cygwin, but you'll need that key.pub appended to your authorized_keys2 file on both machines.

Then, you need the "key" file to be in the ~/.ssh folder on both machines. You may need to set permissions to 600 on key file on Linux because ssh will refuse to use a key that is world readable.

Now, in your ssh config file, be sure you tell it what port and key you wish to use. You can also specify those things on the command line as follows ...

ssh -p 3000 -i ~/.ssh/key user@host

I hope that helps you. It's really not too hard, once you know where to put things.
 
Old 01-06-2011, 07:48 PM   #15
mansour
Member
 
Registered: Nov 2010
Location: Toronto, Canada
Distribution: Ubuntu 10.04 Lucid Lynx - Ubuntu 10.10 notebook - Debian 5.08 - Win XP
Posts: 172

Original Poster
Rep: Reputation: 2
Quote:
Originally Posted by djtoltz View Post
You can create the key wherever you want to. I think you can use a single key for both directions, so here is how it would be in your setup with your "key" and "key.pub".

You will cat key.pub >> ~/.ssh/authorized_keys2 on both machines (not sure exactly how to do it on Cygwin, but you'll need that key.pub appended to your authorized_keys2 file on both machines.

Then, you need the "key" file to be in the ~/.ssh folder on both machines. You may need to set permissions to 600 on key file on Linux because ssh will refuse to use a key that is world readable.

Now, in your ssh config file, be sure you tell it what port and key you wish to use. You can also specify those things on the command line as follows ...

ssh -p 3000 -i ~/.ssh/key user@host

I hope that helps you. It's really not too hard, once you know where to put things.

OK, but there is no authorized_keys2 file under .ssh/ directory on my server. So I would have to create it, but what is in it? Or is just an empty file, which then the key.pub be appended to it.

And finally the other important question here, how would I create these files on windows XP cygwin, I am clueless about that cygwin program.

The config file I can modify.



mansour
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH host keys are not being read correctly from .ssh/known_hosts. bartonski Linux - Software 3 10-29-2009 05:40 PM
ssh to remote server using keys charan314 Linux - Enterprise 3 10-09-2009 02:44 AM
Logging in to SSH server with Keys SuperDude123 Linux - Server 6 05-05-2009 11:30 PM
ssh connection refused - trying to set up ssh server at home openSauce Linux - Server 10 10-18-2007 05:38 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 01:34 PM


All times are GMT -5. The time now is 10:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration