LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   OpenSSH with multiple secret keys (http://www.linuxquestions.org/questions/linux-server-73/openssh-with-multiple-secret-keys-491457/)

slackamp 10-11-2006 11:58 AM

OpenSSH with multiple secret keys
 
hello forum, well i have been googling but could not find relevant searches. i have multiple servers and would like to use different public/secret keypair. how do i go about doing this? on the server side i can append to the authorize_keys file, on the client side i tried appending to the id_rsa file and this doesn't seem to work. so i can only use one secret key.

tronayne 10-11-2006 12:36 PM

When you ssh <machine>, that machine is added to .ssh/known_hosts in whatever your home directory is when you connect. This happens on every machine when it first connects with ssh to another machine. If you want to connect without a password to a given machine, you need to, in every user home directory that will be connecting to every machine, generate a public and private key with ssh-keygen. For example, if you're using rsa, you would generate the public-private keys with
ssh-keygen -b 1024 -t rsa
and you'll have two files in .ssh: id_rsa and id_rsa.pub. You copy the id_rsa.pub file to the authorized_keys file on all the other machines that will connect to this one as this user; that is, you'll have one entry for every machine on your network in known_hosts and one entry for every machine on your network in authorized_keys (you don't put the id_rsa.pub file into the authorized_keys on "this" machine, only those files from "other" machines).

You said above that you copied the id_rsa file to another box? If you actually did that, you need to redo as above (copy id_rsa.pub not id_rsa).

Hope this helps.

slackamp 10-11-2006 01:01 PM

thanks for the input but i don't that answers my question.

reason for doing this is i want to password protect 1 secret key and the other not.

scenario:

1 client and 1 userid

userid exists on both server1 and server2 and both uses OpenSSH.

server1 - slackware (password protected secret key)
server2 - aix (not password protected secret key)

generated keypair in server1 (id_rsa and id_rsa.pub)
cat id_rsa.pub > authorized_keys

generated keypair in server2 (id_rsa and id_rsa.pub)
cat id_rsa.pub > authorized_keys

i then scp both id_rsa's from server1 and server2 to my client pc.

so now i have 2 secret keys. how do i go about using them both simultaneously and be able to login to 2 different servers.

tronayne 10-11-2006 01:39 PM

From what you replied, it looks like you're doing it backwards, maybe? You're supposed, AFAIK, to do it like this:

server1:
ssh-keygen -t rsa
cp id_rsa.pub > server2 authorized_keys

server2:
ssh-keygen -t rsa
cp id_rsa.pub > server1 authorized_keys

The important thing is to copy the id_rsa.pub file to the other server's authorized_keys file -- it looks like you're copying id_rsa.pub to the authorized_keys file on this server and that's not going to do any good whatsoever.

When you look at authorized_keys on server1, the last thing in the entry should be user@server2; that's so user@server2 can connect to server1 without a password.

If you want the user on server2 to provide a password to log in on server1, then don't have any entry in authorized_keys for that user and "user" will always be prompted for a password. The concept is that an entry in authorized_keys is a trusted user on a trusted server.


All times are GMT -5. The time now is 01:47 PM.