LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-30-2013, 12:05 AM   #1
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
two HOWTO guides for your consideration


The first HOWTO is to address something that is fairly common request on this site and I'm sure around the internet as well. This is to create ssh keys for password-less authentication.

Code:
###### DIRECTIONS FOR CREATING RSA KEY################

	Directions for creating the rsa key and making the two
	servers talk to each other without password.  Unless otherwise specified all of these tasks
	are performed on server A.

	1st change directory into .ssh and check what files are there.

 		[user@user ~]$ cd .ssh
		[user@user .ssh]$ ls -l
		total 4
		-rw-r--r-- 1 user group 2980 Jun 13 12:02 known_hosts

	*note*  If the .ssh directory is not to be found in your /home/user directory you have two choices.
			1:  create it...
				[user@user ~]$ mkdir -p .ssh
			2:  ssh into some other system.  This to me is the better option.  Not only will
				it create the ~/.ssh directory, but it will populate it with known_hosts file
				with the correct permissions.

	2nd create the rsa key.

		[user@user .ssh]$ ssh-keygen -t rsa -b 4096
		Generating public/private rsa key pair.
		Enter file in which to save the key (/home/user/.ssh/id_rsa):
		Enter passphrase (empty for no passphrase):
		Enter same passphrase again:
		Your identification has been saved in /home/user/.ssh/id_rsa.
		Your public key has been saved in /home/user/.ssh/id_rsa.pub.
		The key fingerprint is:
		cb:b0:40:c6:e9:f4:9e:f5:71:fc:c3:00:c0:f7:c6:75 user@user.localdomain

		*note*  The -t flag is for the TYPE of key to generate, in this case rsa, you can also use the 
			older dsa key, but that is not as secure.

			The -b 4096 is the byte size of the encrypted key.  4096 is military grade encryption
			and basically impossible to crack without spending far more money then it would be worth.

			As this key is to be used in scripts there is no passphrase.  This is less secure, but
			allows for unattended access to the remote system.  Ideal for scripting.

	3rd check that there are two new files with the following permissions

		[user@user .ssh]$ ls -l
		total 12
		-rw------- 1 user group 3243 Jun 22 15:50 id_rsa
		-rw-r--r-- 1 user group  743 Jun 22 15:50 id_rsa.pub
		-rw-r--r-- 1 user group 2980 Jun 13 12:02 known_hosts
	
	4th change directory back to the users $HOME

		[user@user .ssh]$ cd

	5th copy the key to the remote server

		[user@user ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@<IP_SERVER_B>
		25
		user@<IP_SERVER_B>'s password:
		Now try logging into the machine, with "ssh 'user@<IP_SERVER_B>'", and check in:

		.ssh/authorized_keys

		to make sure we haven't added extra keys that you weren't expecting.

=========================================================================================================
	5a:  If ssh-copy-id failes you can manually perform the same basic task as follows:

		[user@user ~]$ scp ~/.ssh/id_rsa.pub user@<IP_SERVER_B>:/home/user/.ssh/
		user@<IP_SERVER_B>'s password:
		[user@user ~]$ ssh user@<IP_SERVER_B>
		[user@user ~]$ cd .ssh
		[user@user ~]$ cat id_rsa.pub >> authorized_keys
		[user@user ~]$ ls -laF
		total 88
		drwx------   11 user  group         374 Mar 14 19:32 ./
		drwxrwxr-x+ 101 user  group	   3434 Mar 22 17:11 ../
		-rw-------    1 user  group        4424 Jan  5 21:17 authorized_keys
		-rw-r--r--    1 user  group         175 Jan  5 21:28 config
		-r--------    1 user  group        3239 Jul 21  2012 id_rsa
		-rw-r--r--    1 user  group         752 Jul 21  2012 id_rsa.pub
		-rw-r--r--    1 user  group        5657 Mar 14 19:32 known_hosts

		*note* You might need to change the permissions of the above files.  The key files that 
			must be correct are: authorized_keys, id_rsa.pub, and known_hosts.  If those 
			have the wrong permissions your ssh key will fail and you will be prompted for 
			a password for each ssh connection attempt.  

		*note*  Also be mindful of the permissions for the ~/.ssh directory.  It must be:

		drwx------.  2 user  group      4096 Mar 14 15:23 .ssh/

			If the permissions are not restrictive enough ssh will not trust the keys and will
			ignore them.
=========================================================================================================

	6th, follow directions on the screen.

		[user@user ~]$ ssh user@<IP_SERVER_B>
		Last login: Fri Jun 22 14:12:08 2012 from 10.10.4.77
		[user@user ~]$ exit
		logout
		Connection to <IP_SERVER_B> closed.

###### END OF DIRECTIONS FOR CREATING RSA KEY################

It might be a good idea to perform this both ways all depending on your needs.
The second is a bit more obscure, but still very useful for ssh configuration. All of the servers I have personal control over and access to use non-standard ports for SSH, but creating a ssh config file I can save myself a bit of trouble in connecting to them especially when combined with my ssh keys.

Code:
########## HOWTO CREATE config FOR SSH PRE-DEFINED INFORMATION ##########

	The config file is located in your ~/.ssh directory and hold specific 
	veriables for your ssh connections.  One example is ssh into a non-standard
	port, or to always attempt to use -X for X11 forwarding.

	The basic layout of the config file is as follows:

==========================================================================

Host	ANY_URL
	Port		22222

Host	<IP_ANY_URL>
	Port		22222

Host	*
	Protocol	2
	ForwardAgent	yes
	ForwardX11	yes
	ServeraliveInterval	30
	ServerAliveCountMax	5
	TCPKeepAlive	yes

==========================================================================

The first "Host" is the fully qualified domain name ie: google.com.  For this connection
we are defining port 22222 as the standard port for this connection.  Now instead of typing:

	[user@server ~]$ ssh -p 22222 user@ANY_URL

You can now just type:

	[user@server ~]$ ssh user@ANY_URL

This is real handy for scp and other options like ssh-copy-id that can be a royal pain for 
non-standard ports.

The second "Host" is the IP address of the fully qualified domain name of the first "Host".
Always better safe then sorry.  It is not required, but if for some reason your DNS is not
working 100%, this will be a way around said issue.  Great in LANs as well as WWW connections.

The third "Host" in the above example is for all connections.  We are stating use protocol vs. 2
over 1.  Always attempt to use X11 forwarding.

Once you have created this file you will need to verify the permissions and that it is locaed
in the correct directory.

	[user@server ~]$ ls -laF .ssh
	total 48
	drwx------.  2 user user 4096 Mar 14 15:23 ./
	drwx------. 17 user user 4096 Mar 29 19:40 ../
	-rw-------.  1 user user 4466 Mar 12 10:30 authorized_keys
	-rw-r--r--.  1 user user  175 Jan  5 12:23 config
	-r--------.  1 user user 3243 Jan  5 12:14 id_rsa
	-rw-r--r--.  1 user user  741 Jan  5 12:14 id_rsa.pub
	-rw-r--r--.  1 user user 1447 Mar 14 15:23 known_hosts

Without these permissions your config file will fail.  This will work in both Linux and OSx.

########## END HOWTO CREATE config FOR SSH PRE-DEFINED INFORMATION ##########
Enjoy, mods if you think these are worthy please add them to the Tutorials section of this site.

If you like and these help you, please click the "Yes" for:

Did you find this post helpful? Yes

Thank you.
 
Old 03-30-2013, 07:15 PM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
thank you for the bump. Please feel free to comment if these are good, need work, add details, etc...
 
Old 03-31-2013, 09:57 PM   #3
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,871
Blog Entries: 18

Rep: Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340Reputation: 3340
Have you considered submitting these to the LQ wiki?
 
Old 06-24-2013, 09:54 PM   #4
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
i would love to, but when i follow that link i am not able to find a way to create an account. the login page is supposed to also show create account, but there is no link for a new user.
 
Old 06-25-2013, 12:30 AM   #5
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 841

Rep: Reputation: 165Reputation: 165
Thanks for the useful config file info, lleb. I wasn't aware that one could do that.
 
Old 06-25-2013, 08:23 AM   #6
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2
Posts: 7,653
Blog Entries: 56

Rep: Reputation: Disabled
If you can't get it on the LQ Wiki, start an LQ blog and put it there.
 
Old 06-25-2013, 08:57 AM   #7
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 12,899
Blog Entries: 27

Rep: Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186Reputation: 2186
Member Response

Hi,

Quote:
Originally Posted by lleb View Post
i would love to, but when i follow that link i am not able to find a way to create an account. the login page is supposed to also show create account, but there is no link for a new user.
The LQ Wiki register page from How to create a user account ;
Quote:
To edit a page in the LinuxQuestions.org Wiki you must register for an account and be logged in. While your username does not have to be the same as it is in the forums, it will help other members recognize you. You can set up a user account by following the Log in link. To register you will need to select a username and a password. You can optionally give an email address, which will allow you to track page changes and get password reminders. We will *never* give your email address out to any third parties for any reason. Once you have an account setup you can go to the Preferences page to customize your account options.
I have not created a new account in a long time. If you are having problems then post to a new thread in LQ Suggestions & Feedback with your issue(s) and I am sure jeremy or someone will help.

HTH!
 
1 members found this post helpful.
Old 06-25-2013, 02:54 PM   #8
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
yeah had to post on the LQ feedback forum, it still does not like me. i put in the requested info, and them im told i dont exist and it puts me back to the login ONLY screen. still no option to create new.
Attached Thumbnails
Click image for larger version

Name:	error.png
Views:	13
Size:	183.2 KB
ID:	12791  
 
Old 06-27-2013, 05:15 PM   #9
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
jeremy resolved the issue with the creation of accounts on the wiki page. Ill be adding these 2 guides when i can sneak it in between writing notes for my test tomorrow.
 
Old 06-28-2013, 04:39 PM   #10
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
uploading them to the wiki now.
 
Old 06-28-2013, 04:44 PM   #11
Janus_Hyperion
Member
 
Registered: Mar 2011
Location: /
Distribution: Fedora (typically latest release or development release)
Posts: 372

Rep: Reputation: Disabled
The instructions are very clear!

This is something I already use and know how convenient it is! Thanks for taking the time to write the instructions.
 
Old 06-28-2013, 05:28 PM   #12
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
they can be found at the following wiki links:

http://wiki.linuxquestions.org/wiki/...reate_ssh_keys

&

http://wiki.linuxquestions.org/wiki/...SH_Config_file

hope they help. Enjoy.
 
3 members found this post helpful.
Old 06-29-2013, 05:21 PM   #13
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
Quote:
Originally Posted by nonamedotc View Post
The instructions are very clear!

This is something I already use and know how convenient it is! Thanks for taking the time to write the instructions.
thank you. i try. I got tired of the hashed up HOWTO guides out there for creating the ssh keys and how to use them. Not one of them had all of the info to include trouble shooting steps for permissions. This is why I put all of that info into one little guide.

next ill work on some basic rsycn HOWTO guides to match with these two guides.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Valgrind takes into consideration of freed memory? MichelleL Linux - General 1 11-01-2012 11:27 PM
Security consideration to access 3 networks from same PC logicalfuzz Linux - Security 2 06-17-2008 02:11 PM
Is PATH statement a security consideration? ksclps Linux - Security 2 10-16-2007 01:08 PM
Add/remove function idea<serious consideration> Digital Surgeon Linux - General 1 11-24-2006 08:38 PM
HOWTO Guides - A Quick Question Sadie Newlinux Linux - Newbie 5 04-24-2003 09:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration