LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] SSH connectivity
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
Page 3 of 3 12 3
  Search this Thread
Old 08-17-2011, 02:10 PM   #31
metallica1973
Senior Member
Contributing Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190

Original Poster
Rep: Reputation: 60

So in a nutshell:

1 - ssh-keygen -t rsa --> on the ssh server itself or your client machine

This will create your id_rsa (private key) and id_rsa.pub (public key)

2 - Tell the server what your public key is:

I created this stuff on my workstation not the server hosting ssh-server:

user@client>cat .ssh/id_rsa.pub | ssh user@ssh-server "cat >> .ssh/authorized_keys"

3 - Make sure that you have stuff setup correctly in your /etc/ssh/sshd_config

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

4 You should be golden from this point on.

"A private key should never ever leave any machine. When you want to exclude one you would have to give a new private key to the remaining users (besides the option to deny a user in /etc/ssh/sshd_config, but you may forget over time why it’s entered there). And in addition: all users will use the same user account? Instead each user should create a key pair and send you the public part by email or so and you enter it into their account then in case you disabled password authentication.

I also prefer to create one key pair on each machine I use, instead of copying my private key between all of them. If one gets lost for whatever event (maybe the the machine gets stolen), I only have to remove this one entry from the authorized_keys file instead of copying a new private key between the remaining machines." Taken from Reuti

Here are the urls that I used:

https://help.ubuntu.com/community/SSH/OpenSSH/Keys
http://tombuntu.com/index.php/2008/0...ssh-made-easy/
Last edited by metallica1973; 08-18-2011 at 12:58 PM.
 
Old 08-18-2011, 01:36 AM   #32
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
I’m pretty sure that after 6 years this might only serve the case someone is searching for it. But:

Quote:
Originally Posted by metallica1973 View Post
I created this stuff on my workstation not the server hosting ssh-server:

user@client>cat .ssh/id_rsa.pub | ssh user@ssh-server "cat >> .ssh/authorized_keys"
can be shortened to:
Code:
user@client> ssh-copy-id ssh-server
Quote:
Originally Posted by metallica1973 View Post
Now it all about who has your private key to be able to authenticate the "ssh" server. Simply give the machines that

you want to give access to, the private key and they should be able to login into the server.
Here I disagree. A private key should never ever leave any machine. When you want to exclude one you would have to give a new private key to the remaining users (besides the option to deny a user in /etc/ssh/sshd_config, but you may forget over time why it’s entered there). And in addition: all users will use the same user account? Instead each user should create a key pair and send you the public part by email or so and you enter it into their account then in case you disabled password authentication.

I also prefer to create one key pair on each machine I use, instead of copying my private key between all of them. If one gets lost for whatever event (maybe the the machine gets stolen), I only have to remove this one entry from the authorized_keys file instead of copying a new private key between the remaining machines.
 
Old 08-18-2011, 12:48 PM   #33
metallica1973
Senior Member
Contributing Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190

Original Poster
Rep: Reputation: 60
Constructive criticism is always appreciated. I use this forum as my notepad. What you say makes sense. Thanks for the advice.
 
  


Reply
Page 3 of 3 12 3



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 02:50 AM
Limiting SSH connectivity kaplan71 Linux - Networking 2 06-14-2005 08:35 AM
No connectivity trebek Linux - Networking 5 04-30-2005 10:55 PM
connectivity or not connectivity munkie_poo Linux - Newbie 0 05-07-2004 06:47 AM
SSH connectivity issues wvrhlu Linux - Software 11 04-01-2003 08:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:04 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration