LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-22-2018, 11:46 PM   #1
sampy12345
LQ Newbie
 
Registered: Jul 2017
Posts: 12

Rep: Reputation: Disabled
SSH Key related concern


In linux i am creating a ssh key using below command and a file is created with name authorized_keys
ssh-keygen -b 4048 -t rsa -C "root@sourceIP"

After above step i am running below command authorized_keys file is getting created in .ssh/ and whenever i am trying to connect the destination ip from source it is not prompting me for any password .

ssh-copy-id root@destinationIP

My query : If i remove the authorized_keys file from my destination file will there be any impact( like will there be any application issue(as i am using ansible to install a application that is the reason for creating a ssh key))
 
Old 08-23-2018, 12:25 AM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,173
Blog Entries: 3

Rep: Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064
It is the authorized_key file on the destination machine which shows which key pairs can be used to authenticate. If you delete that file, then you will not be able to log in using any keys at all for that one account. However, you can move the file instead if you don't want it there where it is currently. Just set it to a new location in sshd_config using the AuthorizedKeysFile directive and then reload the configuration in sshd.

Either way, if you really are using root for remote access, remember to turn off password authentication for either everybody or just root by setting PasswordAuthentication to "no" or else PermitRootLogin to "prohibit-password" or "forced-commands-only" (they are the same in function)

See "man sshd_config" for information about moving the authorized_keys file.

See also "man sshd" and scroll down to the section on authorized keys file format for more.

Last edited by Turbocapitalist; 08-23-2018 at 12:27 AM. Reason: added manual pages
 
Old 08-23-2018, 12:57 AM   #3
sampy12345
LQ Newbie
 
Registered: Jul 2017
Posts: 12

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
It is the authorized_key file on the destination machine which shows which key pairs can be used to authenticate. If you delete that file, then you will not be able to log in using any keys at all for that one account. However, you can move the file instead if you don't want it there where it is currently. Just set it to a new location in sshd_config using the AuthorizedKeysFile directive and then reload the configuration in sshd.

Either way, if you really are using root for remote access, remember to turn off password authentication for either everybody or just root by setting PasswordAuthentication to "no" or else PermitRootLogin to "prohibit-password" or "forced-commands-only" (they are the same in function)

See "man sshd_config" for information about moving the authorized_keys file.

See also "man sshd" and scroll down to the section on authorized keys file format for more.
Actually i have removed the file and i was able to login with credentials. Just i want to know whether there will be any application related issues
 
Old 08-23-2018, 01:04 AM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,173
Blog Entries: 3

Rep: Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064
Which machine are you referring to?

In the default arrangement for sshd, you must have an authorized_keys file on the destination machine in order to log in using keys. You do not need to have it on the source machine and there are no repercussions for removing it from the source machine.
 
Old 08-23-2018, 05:56 AM   #5
sampy12345
LQ Newbie
 
Registered: Jul 2017
Posts: 12

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Turbocapitalist View Post
Which machine are you referring to?

In the default arrangement for sshd, you must have an authorized_keys file on the destination machine in order to log in using keys. You do not need to have it on the source machine and there are no repercussions for removing it from the source machine.
I am referring to the destination machine
 
Old 08-23-2018, 06:08 AM   #6
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,173
Blog Entries: 3

Rep: Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064
Then, if you are using keys, and if you have not changed the location for the authorized_keys file, then you have an authorized_keys file in /root/.ssh/authorized_keys in order to be able to use keys to log in. If have some other user and are not logging into that other account then that other accounts' ~/.ssh/authorized_keys file is also needed. Otherwise, it is not needed.
 
Old 08-23-2018, 11:36 AM   #7
Rickkkk
Senior Member
 
Registered: Dec 2014
Location: Montreal, Quebec, CANADA
Distribution: Arch
Posts: 1,113

Rep: Reputation: 421Reputation: 421Reputation: 421Reputation: 421Reputation: 421
Quote:
Originally Posted by sampy12345 View Post
Actually i have removed the file and i was able to login with credentials. Just i want to know whether there will be any application related issues
The sshd_config file on your destination machine is therefore configured to fall back on password authentification if ssh key authentication is impossible. This is not as secure, but gives you 2 options to connect.

Either way, you're connected, and any application problems are unlikely to be related to the authentication method you used to connect.

Cheers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Concern with ssh public keys MaverickApollo Linux - Security 3 04-25-2018 03:36 AM
LXer: What is SSH Key? How To Generate SSH Key in Linux? LXer Syndicated Linux News 0 04-30-2017 07:42 AM
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 08:33 AM
Query related to ssh private-public key authentication saagar Linux - Newbie 3 03-23-2010 10:59 AM
ssh secuirty concern? NuxIT Linux - Security 4 07-13-2006 06:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration