LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxAnswers Discussion
User Name
Password
LinuxAnswers Discussion This forum is to discuss articles posted to LinuxAnswers.

Notices

Reply
 
Search this Thread
Old 09-29-2005, 02:21 PM   #16
riteshsarraf
LQ Newbie
 
Registered: Jan 2002
Location: Nepal
Distribution: Debian, RedHat
Posts: 9

Rep: Reputation: 0

Excellent step-by-step articles. Got it working in the first shot.
Thank You.
 
Old 09-29-2005, 02:29 PM   #17
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
omlex, atomicx,

On the client side, what does
Code:
cat /etc/ssh/ssh_config | grep 'IdentityFile'
show you?

On the server side, what does
Code:
cat /etc/ssh/sshd_config | grep 'Authorized'
show you?

These entries must coincide with what you're trying to name the files as. (Note that you may have to adjust these commands based on the file paths/names for your distro.)

Last edited by anomie; 09-29-2005 at 02:30 PM.
 
Old 11-11-2005, 11:35 PM   #18
Nawar
Member
 
Registered: Nov 2005
Location: Midwest America
Distribution: SuSE, RedHat
Posts: 39

Rep: Reputation: 15
One more step that I take in my work, is that I use multiple keys to get from one system to another.

If I want to do an interactive shell, I use a passphrase with the key.

If I want to automate a task, I generate a key-pair for that specific task.

On the <receiver> system, I modify the "authorized_keys" or "authorized_keys2" file to restrict a key to a specific command.

The format for this follows....

command="/path/to/script.sh" ssh-dss keystring

I then create a new line for each key and script that I want to run remotely.

From there, when I want to execute one of the commands, I use the following.

echo "parameter list" | ssh -i /path/to/identity/file remotesystem

This then connects to the remote system, executes the command determined by the authorized_keys file, and then said script, reads it's input from the "echo" command output stream.

The script runs, then exits.

It's simple, effective, and very secure.
 
Old 05-23-2006, 12:12 AM   #19
sc24
LQ Newbie
 
Registered: May 2006
Distribution: AIX, Redhat
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by omlex
pls. help.

I'm having problem with puttygen. Everytime i tried to login my Linux box is still asking me for my password. Here's what i did

1. Generated a public key from puttygen. I used ssh v2
2. Saved the private and public key in my Win2k desktop.
3. Copied the public key to my $HOME/.ssh/authorized_keys2 directory
4. Added the private key to puttgen for remote connection.

what else did i forget?
In my setup authorized_keys was a file.

Also after you've generated the key pair in puttygen make sure you copy and paste from the OpenSSH Text Area into the authorized_keys file instead of using the "Save Public Key" button.

That worked for me.
 
Old 09-05-2006, 04:16 PM   #20
tidww01
LQ Newbie
 
Registered: Dec 2005
Posts: 19

Rep: Reputation: 0
I had a similar problem and it turned out to be a line in the sshd_config file. One that said UsePAM yes. Comment that out and restart the ssh daemon.
 
Old 09-11-2006, 03:38 PM   #21
sysconfig
Member
 
Registered: Sep 2006
Location: (.)
Posts: 44

Rep: Reputation: 15
Another docs for the same

You could find the same guide at:

http://forums.linuxwebadmin.info/ind...opic,65.0.html
 
Old 09-11-2006, 03:39 PM   #22
sysconfig
Member
 
Registered: Sep 2006
Location: (.)
Posts: 44

Rep: Reputation: 15
Same guide

Duplicate entry so edited:
 
Old 09-18-2006, 03:33 AM   #23
Sukhwinder Singh
LQ Newbie
 
Registered: Sep 2006
Posts: 4

Rep: Reputation: 0
DSA key authauication

i have solve the problem. i just used
client:
Use the command: /usr/bin/ssh-keygen -t dsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user-id/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user-id/.ssh/id_dsa.
Your public key has been saved in /home/user-id/.ssh/id_dsa.pub.
The key fingerprint is:
XXXblablablaXXXaf:90:8f:dc:65:0d:XXXXXXXXXXXXXX user-id@node-name

Files generated:

$HOME/.ssh/id_dsa - binary
$HOME/.ssh/id_dsa.pub - ssh-dsa ...223564257432 email address - Multiple keys/lines allowd.


Server:
o FTP the file $HOME/.ssh/id_dsa.pub to the server
o cd $HOME/.ssh/
o cat id_dsa.pub >>authorized_keys
 
Old 05-30-2007, 04:51 AM   #24
MikeAtVillage
Member
 
Registered: May 2005
Location: Mid Wales (UK)
Distribution: Slackware 8.0, Suse 10.0/1/2, CentOS (SMEServer7)
Posts: 38

Rep: Reputation: 15
Directory does not exist ? :-(

Hi,

I've successfully set this up on my main server to access all my sub-servers which are all running Slackware Linux.

But, I'm now trying to set up access to my mail server which is running Fedora Core 4 and I'm getting an error message when I try

cat ~/.ssh/id_dsa.pub | ssh user@server "cat - >> ~/.ssh/authorized_keys"

It tells me that the directory does not exist ! I've looked on the FC4 server and indeed there is no root/.ssh/ directory.

What do I do ?

TIA

Mike
 
Old 05-30-2007, 04:58 AM   #25
MikeAtVillage
Member
 
Registered: May 2005
Location: Mid Wales (UK)
Distribution: Slackware 8.0, Suse 10.0/1/2, CentOS (SMEServer7)
Posts: 38

Rep: Reputation: 15
Please ignore

Silly me. I just created the .ssh directory under root and it all works now.
 
Old 07-09-2007, 10:47 AM   #26
Harlin
Member
 
Registered: Dec 2004
Location: Atlanta, GA U.S.
Distribution: I play with them all :-)
Posts: 316

Rep: Reputation: 30
One of the finest howto's I've ever seen for any software... if only every one of them were done in this fashion and perfect amount of detail (not too much and not too little). Kudos!
 
Old 09-04-2008, 12:46 AM   #27
mohdshakir
Member
 
Registered: Jan 2006
Distribution: gentoo, slackware
Posts: 36

Rep: Reputation: 15
I guess it's better to use ssh-copy-id to transfer the key to the server as described here

Last edited by mohdshakir; 07-06-2010 at 04:49 AM. Reason: updating link
 
Old 04-16-2010, 05:19 AM   #28
charlesdef
LQ Newbie
 
Registered: Apr 2010
Posts: 1

Rep: Reputation: 0
connection ssh publickey

Quote:
Originally Posted by gointomexico View Post
I had to do this for a class project. I found this information extreemly infomrative, and helpful, thanks!

I had the same problem trying to get mine to work. I did a chmod on the server: <chmod 600 authorized_keys>
and then it started working. no password required!

hope this helps.

P.S. This was a debian to debian connection following the steps outlined in the guide.
Thanks I got same pb with Fedora 11, it was 660 I changed 600 and it worked. In fact the file must only be written by the owner, 644 works too.
 
Old 06-13-2010, 07:33 AM   #29
HuMan-BiEnG
Member
 
Registered: Jun 2010
Posts: 87

Rep: Reputation: 15
Quote:
Originally Posted by atomicx View Post
I'm still not able to connect without a password.

Here is my debug notes when I run -vv

Code:
[trichard@testserv110 trichard]$ ssh -vv trichard@ftpserv111
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftpserv111 [192.168.0.111] port 22.
debug1: Connection established.
debug1: identity file /home/trichard/.ssh/identity type -1
debug1: identity file /home/trichard/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/trichard/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ftpserv111' is known and matches the RSA host key.
debug1: Found key in /home/trichard/.ssh/known_hosts:1
debug2: bits set: 1592/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/trichard/.ssh/identity
debug1: Trying private key: /home/trichard/.ssh/id_rsa
debug1: Offering public key: /home/trichard/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
trichard@ftpserv111's password:
I have checked and the ~/.ssh/authorized_keys" exists on the server and contains a line the same as "~/.ssh/id_dsa.pub"

Any one know how to solve this,

Thanks
Troy
,,,,,,,,,,,,,,,,

i think that you have to make the remote host
ssh protocol to be set to version 2

vi /etc/sshd/sshd_config
change protocol to 2 instead of 1

& retry to connect again ,
hope this fix the problem
 
Old 08-10-2010, 05:55 AM   #30
Yoyoda
LQ Newbie
 
Registered: Aug 2010
Posts: 1

Rep: Reputation: 0
SSH doesn't like it if your home directory has group write access, change to 750.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public key authentication teacup Linux - Networking 4 11-28-2011 12:27 AM
ssh public key authentication problem flgal3 Linux - Software 21 02-06-2009 12:15 PM
SSH - Problem with Public Key Authentication HaPagan Linux - Security 5 11-29-2005 12:27 AM
ssh public key authentication to different remote home directory shawn_t Linux - Networking 2 03-20-2005 04:39 PM
SSH public/private key authentication with GnuPG keys? thinksincode Linux - Security 1 02-25-2005 03:33 PM


All times are GMT -5. The time now is 11:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration