SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm an inexperienced user experimenting with ssh and am having some difficulties that i havent been able to resolve. I'm trying from mac os x to a slackware box. After reading ssh tutorials and the man pages and such, when i try to connect to a machine on my local network I receive the following
$> ssh -v 192.168.x.x
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 192.168.x.x [192.168.x.x] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /var/root/.ssh/id_rsa type -1
debug1: identity file /var/root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.x.x' is known and matches the RSA host key.
debug1: Found key in /var/root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /var/root/.ssh/id_rsa
debug1: Trying private key: /var/root/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,password).
and there Im stuck. I dont understand the debug messages and dont know what i need to fix in order to make it work.
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
This looks like you did not create keys for each user -- did you log in as "you" and run ssh-keygen? That creates the directory .ssh in your home directory with the public and private keys for your unique user ID on that unique machine (and, no, you cannot simply copy those to another box -- the keys are specific to user and machine). You can make your life a little easier if, when you run ssh-keygen, you simply hit the carriage return when you're prompted for a passphrase (otherwise you'll have to type it when you connect; just let SSH handle the secure connection).
I did run keygen on the mac and made sure that the slackbox had the same private and public keys, but being rather noobish I must have done something wrong in the process. Ill read up and dig back into those files to see where I went wrong.
Any ideas what the SSH2_MSG_NEWKEYS messages are about? Doesnt seem like we should be trying to get new keys but rather using the ones generated, but I really have no idea what those messages mean.
The site suggested doesnt work, the site is down or something because following the link or trying to get to sial and I get a "Service temporarily overloaded" message.
I'm curious as to how the authentication is supposed to be configured in sshd_config. I would like to use RSA (not sure what the difference is between dsa and rsa) I think, so does that mean that I need to have all the other auth types other than rsa set to 'no' in the config file? I thought I understood how this form of authentication works but Im obviously missing some very important concepts. Any elucidation would definitely be appreciated. Ill read up on it in the mean time.
Thank you akiku. Your reply reminded me that I had changed around my sshd_config file disabling password authentication, I was trying to go straight for the rsa authenticating, and as a result was unable to establish an initial connection. Without that initial connection afforded by password auth, you cant copy public keys from one machine to another which ofcourse renders the key authentication impossible.
So Im now able to ssh from a mac running leopard to a slackware box, but am still having trouble going in the opposite direction with mac as the server instead of the client. Ive posted in some mac forums to try and resolve it. Ill post some links in case anyone can use them.
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
There are a couple of tricks you can do with SSH that may make your life a little more pleasant.
You probably know that you can copy a user's public key on machine A to the user's account on machine B (and vice-versa) so the user can connect without a password -- you copy the public key on machine A to ~/.ssh/authorized_keys on machine B (and the public key on machine B to ~/.ssh/authorized_keys on machine A). You can "enhance" the process by creating a ~/.ssh/config file (on both machines) with entries (in machine A's ~/.ssh/config file) like this
Code:
Host machineB
ForwardX11 yes
Compression yes
Protocol 2,1
User user_name_on_B
Host *
ForwardX11 no
You do the same on machine B, entering information for the user on machine A -- when you do this, things like scp, sftp and just plain old terminal use work for you with no fiddling around with passwords (and that's kind of the idea, eh?).
Another thing -- it looks like you might be using fixed IP addresses? If so, be sure and add the address and name to /etc/hosts which will make things a little easier. The form is
Code:
192.168.x.x name.domain name
(use the actual node numbers, not x's and the name and domain that appear in /etc/HOSTNAME)
If you have your ssh keys loaded (via ssh-agent) you can also just use "ssh-copy-id user@otherhost" to copy your public key into place and have the permissions set correctly.
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Rep:
Quote:
Originally Posted by jerf
The site suggested doesnt work, the site is down or something because following the link or trying to get to sial and I get a "Service temporarily overloaded" message.
I'm not sure what was up with their site. It was like that for a day or two. Denial of service attack? Anyway, the site is working now. You should check it out. I've used it for a couple of years whenever I have to remind myself of details for ssl certs or ssh keys.
Anybody here good with mac os x? For some stupid reason I still cannot ssh into my mac from the slackbox. Its driving me nuts, and the only response Ive gotten from mac forums so far is "you have to allow remote login". Well I checked the little box and it aint workin. Seems like sshd isnt running because,
Quote:
$> ssh -v -l people 192.168.x.x
OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.x.x [192.168.x.x] port x.
debug1: connect to address 192.168.x.x port x: Connection refused
ssh: connect to host 192.168.x.x port x: Connection refused
but Ive tried
Quote:
/sbin/services ssh start
and allowing remote login under sharing preferences, but I'm not gettin anywhere.
I'm super happy I can finally ssh into my slackbox though. I couldnt figure it out myself for a long time. Me = hehe
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Rep:
Mac -- it partly depends on whether you are running Tiger or Leopard, because the arrangement of preferences and stuff changed between those two -- the firewall in particular.
In Leopard (I don't have a Tiger setup to check anymore), there are two places to check. In preferences, sharing, click on the check box to allow remote login. Make sure you allow all users or specify what account you will be logging in as. Then, in preferences, security, select the firewall tab and make sure you allow incoming connections. Make sure you also know what the short version of your user name is. While the Mac login will only show you the full name, if you pull up a terminal window, your prompt or home directory will show you what the short name is. That would be what you ssh in as.
If you've been messing around on the command line, then you could get yourself tangled up. I have edited the /etc/hosts.deny and /etc/hosts.allow; but, otherwise, after a stint of messing with the root account a couple of years ago, I have left off messing with that. You can use sudo just like you would in ubuntu. Your admin accounts are set up just like root in /etc/sudoers, with "%admin ALL=(ALL) ALL".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.