Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok now I understand a little better. Just copy the copy the id_rsa.pub file to the users home directory under the .ssh folder. If it is not present then create one. As far as the authorized_key file, I dont copy anything into it just place the *.PUB file in the same folder. Forgive me for my stupidity!
Originally posted by metallica1973 Ok now I understand a little better. Just copy the copy the id_rsa.pub file to the users home directory under the .ssh folder. If it is not present then create one. As far as the authorized_key file, I dont copy anything into it just place the *.PUB file in the same folder. Forgive me for my stupidity!
I think there's still a mis-communication:
1. you have keys in /etc/ssh - leave them there; those are the server keys
2. make a ~/.ssh folder && cd ~/.ssh
3. generate a new rsa keypair
4. cp id_rsa.pub authorized_keys OR cat id_rsa.pub >> authorized_keys --the authorized_keys file must contain your public key, as that is what the server authenticates against when your ssh client (putty) passes the public key
5. use the same options as in my 1st post (except it might be a good idea to leave logging-in enabled until you get it working
6. do the puttygen, pageant stuff on your windows machine.
If you change your sshd_config file, remember to restart the sshd service. This varies depending on distribution. On Slackware, it's just /etc/rc.d/rc.sshd restart.
you mean copy the *.pub file into the .ssh directory and or do you mean copy the contents of the pub file into the .ssh/authorized_keys files? I am an idiot please forgive?
God I can be so stupid at times. I fully understand. cp the content of the *.pub file into the authorized_key file. I clearly understand. I have amazing patients and I thank you for it!!!
I just tried it from work and it still does the same thing. I can put my username in but when I put my password in and hit enter is disappears using PUTTY. I am going to reinstall the latest OPENSSH and maybe that will resolve the issue. It all started from trying to use keys.
Last edited by metallica1973; 08-16-2005 at 03:22 PM.
Major.Tom I believe you made a mistake. I think you meant copy my SSH_HOST_RSA_KEY.PUB to my ~/.ssh/authorized_key file and not the ID_RSA.PUB. I just created a new pair of keys and this is what it named it. I also have ID_RSA.PUB in their also. I looked at my var/log/messages and it stated that I had an failed illegal public key and thatmy username was listed in the deny groups. I think I know what had happened and I wanted to thank you and MATIR for your advice. I lost my chain of thinking and did not read what you all were stating very carefully. My sinsays, thank you!
I THINK I KNOW WHAT IS GOING ON. I GENERATED MY KEYS IN ETC/SSH ON THE SERVER LOGGED IN AS DABEAST. I COPIED THE *.PUB KEY FROM THERE INTO MY HOME/DABEAST/.SSH FOLDER AND THEN I >> THAT TO AUTHORIZED_KEYS. I THEN TOOK THAT *.PUB KEY TO WORK AND IMPORTED IT INTO PUTTY AND IT STILL DOES THE SAME THING. WHAT YOU ARE SAYING IS TO GENERATE MY KEYS UNDER /HOME/DABEAST/.SSH AND THEN CP *.PUB >> AUTHORIZED_KEYS. THEN TAKE THAT *.PUB KEY TO WORK AND IMPORT IT INTO PAGEANT AND BINGO I AM IN. IT STILL DOES NOT WORK. I WILL POST MY VAR/LOG/MESSAGE FILE TONIGHT.
MY QUESTION IS AS FOLLOWS:
1 - ARE THE PRIVATE KEYS THAT ARE CREATED UNDER /ETC/SSH DURING THE INSTALLATION OF THE OPENSSH ON MY SERVER.
2 IF SO ME USING THE SSH-KEYGEN UNDER MY HOME/DABEAST/.SSH DIRECTORY IS THIS ONLY CREATING THE PUBLIC KEY FILES AND THAT IT HAS NOTHING TO DO WITH HOST KEY FILES UNDER ETC/SSH.
3 IS THIS THE DIRECTORY THAT I SHOULD BE USING THE SSH-KEYGEN FOR THE DSA PROTOCOL 2
PUBLIC KEY FILES.
I WILL PREVAIL, THIS SSH BEAST WILL NOT GET THE BEST OF ME!
1 - ARE THE PRIVATE KEYS THAT ARE CREATED UNDER /ETC/SSH DURING THE INSTALLATION OF THE OPENSSH ON MY SERVER.
I believe so. There were key files there when I started playing with ssh on my linux machine, and I don't remember generating them. It's ok, though, if you re-generated server keys (in /etc/ssh). No harm done. You sill need to generate your user's keys (if you haven't already) in /home/dabeast/.ssh.
Quote:
2 IF SO ME USING THE SSH-KEYGEN UNDER MY HOME/DABEAST/.SSH DIRECTORY IS THIS ONLY CREATING THE PUBLIC KEY FILES AND THAT IT HAS NOTHING TO DO WITH HOST KEY FILES UNDER ETC/SSH.
That's right. There are separate (and should be different) keys.
Quote:
3 IS THIS THE DIRECTORY THAT I SHOULD BE USING THE SSH-KEYGEN FOR THE DSA PROTOCOL 2
PUBLIC KEY FILES.
You don't really need the DSA keys if using RSA. You can, but that's only a matter of preference. If you plan on using BOTH (I don't) then BOTH of your user's public keys have to be in /home/dabeast/.ssh/authorized_keys. (That's why I typed cp /home/<user>/.ssh/*.pub >> /home/<user>/.ssh/authorized_keys. That appends the contents of both .pub files to the same file authorized_keys.)
In any case, you DO need the public key from /home/dabeast/.ssh on the client machine (windows or work) from which you are connecting to your linux machine.
When you get to work, don't forget to run the .pub file through puttygen to convert the .pub file to a .ppk. Then you import it into pageant and make sure pageant is running when you run putty.
It also helps if you understand the basics of RSA. Basically, each person communicating has 2 keys: a public key and a private key. Each side of the conversation only needs the other person's public key for the communication to be secure. When you first connect to the server with putty, it automatically retrieve's your server's public key (from /etc/ssh) and sends the public key you import into pageant to send to the server.
This is why the keys in /etc/ssh and /home/dabeast/.ssh should not be the same. Anybody attempting to connect to your ssh server can retrieve your server's public key. If it's the same as your user's public key, they can just use it to establish a secure connection. Very bad security.
But without a valid public key, they should not be able to connect to your server successfully even though they are able to get the server's public key.
For the record, the public key should be located on the server you are connecting to. The public key is the one that will end up in the authorized_keys file. id_dsa or id_rsa is your private key, and (hence the name) should remain private.
Our rules state to post constructively, if your not going to contribute to the thread, ignore it and move on please. When we see members doing such things, it comes off as if your only trying to boost your post count or to get around the 5 post for URL rule, which looking at your posts was the clear intention. Too many warnings and you can lose all privileges to this site, let's make this your first and last warning.
Any questions, email me, another moderator or the site administrator.
Review the rules you agreed to http://www.linuxquestions.org/rules.php and if we have a rule in place about posting URL's, don't bend such rules to accommodate yourself, your only displaying disrespect not only for the members here that follow such rules but the site itself.
I AM TRYING TO IMPORT MY ID_RSA.PUB INTO PUTTY USING PUTTYGEN, CONVERSION, IMPORT AND THEN IT GIVES ME A PUTTY GEN ERROR SAYING: COULD NOT LOAD PRIVATE KEY,THIS IS NOT A PRIVATE KEY. WHAT IS GOING ON?
I am going kick myself in the Q@#$@#@%@#$%@$#%@ if that was the case. This whole time I have been copying id_rsa.pub or id_dsa.pub to my PUTTYGEN here at work and it has been going crazy. So what you are saying is that I shoud have copied my id_rsa or id_dsa file from my
~/dabeast/.ssh to my work and then imported it into PUTTYGEN and then add the *.ppk file to my keys and that viola. If this is the case then shame on my sinsays for there typo but thanks for the help. Is what I am saying correct?
I AM AS HAPPY AS PIGS IN MUD. KDR_KANE MUCH RESPECT. THIS WHOLE TIME I WAS USING THE ID_RSA.PUB FILE AND TRYING TO MIGRATE IT INTO PUTTY. I NEEDED TO USE THE IDS_RSA AND MIGRATE IT TO PUTTY.IT DIDNT HELP THAT SOME OF THE POST WERE USING *.PUB IN THERE EXAMPLE AND TO USE PUTTY TO MIGRATE STUFF WHEN IT WAS THE PRIVATE KEY THAT I NEEDED. BUT MOSTLY IT WAS ME JUST NOT READING THE SSH MATERIAL AND PAYING ATTENTION. MANY THANKS TO ALL FOR A LEAST POINTING ME IN THE RIGHT DIRECTION. MANY THANKS TO MAJOR.TOM AND TO EVERYONE ELSE FOR TAKING THE TIME TO HELP. PLEASE CONTINUE THE GREAT WORK.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.