LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-11-2006, 10:58 AM   #1
slackamp
Member
 
Registered: Dec 2005
Distribution: slackware-current
Posts: 86

Rep: Reputation: 16
OpenSSH with multiple secret keys


hello forum, well i have been googling but could not find relevant searches. i have multiple servers and would like to use different public/secret keypair. how do i go about doing this? on the server side i can append to the authorize_keys file, on the client side i tried appending to the id_rsa file and this doesn't seem to work. so i can only use one secret key.
 
Old 10-11-2006, 11:36 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,042

Rep: Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761
When you ssh <machine>, that machine is added to .ssh/known_hosts in whatever your home directory is when you connect. This happens on every machine when it first connects with ssh to another machine. If you want to connect without a password to a given machine, you need to, in every user home directory that will be connecting to every machine, generate a public and private key with ssh-keygen. For example, if you're using rsa, you would generate the public-private keys with
ssh-keygen -b 1024 -t rsa
and you'll have two files in .ssh: id_rsa and id_rsa.pub. You copy the id_rsa.pub file to the authorized_keys file on all the other machines that will connect to this one as this user; that is, you'll have one entry for every machine on your network in known_hosts and one entry for every machine on your network in authorized_keys (you don't put the id_rsa.pub file into the authorized_keys on "this" machine, only those files from "other" machines).

You said above that you copied the id_rsa file to another box? If you actually did that, you need to redo as above (copy id_rsa.pub not id_rsa).

Hope this helps.
 
Old 10-11-2006, 12:01 PM   #3
slackamp
Member
 
Registered: Dec 2005
Distribution: slackware-current
Posts: 86

Original Poster
Rep: Reputation: 16
thanks for the input but i don't that answers my question.

reason for doing this is i want to password protect 1 secret key and the other not.

scenario:

1 client and 1 userid

userid exists on both server1 and server2 and both uses OpenSSH.

server1 - slackware (password protected secret key)
server2 - aix (not password protected secret key)

generated keypair in server1 (id_rsa and id_rsa.pub)
cat id_rsa.pub > authorized_keys

generated keypair in server2 (id_rsa and id_rsa.pub)
cat id_rsa.pub > authorized_keys

i then scp both id_rsa's from server1 and server2 to my client pc.

so now i have 2 secret keys. how do i go about using them both simultaneously and be able to login to 2 different servers.
 
Old 10-11-2006, 12:39 PM   #4
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,042

Rep: Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761
From what you replied, it looks like you're doing it backwards, maybe? You're supposed, AFAIK, to do it like this:

server1:
ssh-keygen -t rsa
cp id_rsa.pub > server2 authorized_keys

server2:
ssh-keygen -t rsa
cp id_rsa.pub > server1 authorized_keys

The important thing is to copy the id_rsa.pub file to the other server's authorized_keys file -- it looks like you're copying id_rsa.pub to the authorized_keys file on this server and that's not going to do any good whatsoever.

When you look at authorized_keys on server1, the last thing in the entry should be user@server2; that's so user@server2 can connect to server1 without a password.

If you want the user on server2 to provide a password to log in on server1, then don't have any entry in authorized_keys for that user and "user" will always be prompted for a password. The concept is that an entry in authorized_keys is a trusted user on a trusted server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
multiple wep keys stellamarie Linux - Wireless Networking 2 06-03-2006 11:13 AM
Keys in bind -p or inputrc, what do these keys translate to? muha Linux - Newbie 0 03-06-2006 06:52 AM
maping keys of multiple keyboards dupontct Linux - General 1 10-20-2005 01:41 PM
Using GPG Keys on Multiple Computers General_Tso Linux - Security 5 10-06-2004 10:37 AM
Working with SSH and multiple private keys IgD Linux - Security 2 09-08-2003 10:07 PM


All times are GMT -5. The time now is 07:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration