openSUSE Public_Key_Authentication

Vahis · External Since: May 19, 2007 Posts: 79

I have tried to figure this out after looong time not having to do this:
http://en.opensuse.org/Public_Key_Authentication

Quote:

Preparing the server

1. Log in to the remote server using the normal ssh password
authentication.

2. Make sure the ~/.ssh directory exists.

3. Make sure permissions on the ~/.ssh directory are 700.

4. Now from the client machine copy the .pub key you generated to ~/.ssh
on the server. You can do this with this command from the client
machine:

cat ~/.ssh/id_rsa.pub | ssh user_name_here@server_here "cat - >>
~/.ssh/authorized_keys"

End of quote

Now what is that last thing there (4)?

Do I remember this right: On the client side one generates

/home/username/.ssh/id_rsa.pub

Then on the server side there should be

/home/username/.ssh/authorized_keys

and the client's id_rsa.pub needs to be appended to that file?

This can be also all wrong.

Vahis
--
"Sunrise 4:52am (EEST), sunset 9:59pm (EEST) at Espoo, Finland (17:06 hours daylight)"
http://waxborg.servepics.com
Linux 2.6.25.20-0.4-default #1 SMP 2009-06-01 09:57:12 +0200 x86_64
7:34pm up 44 days 4:08, 14 users, load average: 0.02, 0.11, 0.13

Mark Draheim · External Since: Jul 28, 2009 Posts: 3

Vahis wrote:

> Do I remember this right: On the client side one generates
>
> /home/username/.ssh/id_rsa.pub
>
> Then on the server side there should be
>
> /home/username/.ssh/authorized_keys
>
> and the client's id_rsa.pub needs to be appended to that file?
>
> This can be also all wrong.

looks okay to me. But if authorized_keys does not exist or is empty,
you can simply

scp .ssh/id_???.pub user@host:.ssh/authorized_keys

check perms and then try connecting with ssh -v

cheers

Mark

Mark Draheim · External Since: Jul 28, 2009 Posts: 3

Mark Draheim wrote:

> scp .ssh/id_???.pub user@host:.ssh/authorized_keys

sorry, scrap that, I always get confused with the shortcomings of scp.
Copy your pub and then move it on the server to authorized_keys or, if
that is not empty, cat it to the file

cheers

Mark

Vahis · External Since: May 19, 2007 Posts: 79

On 2009-07-28, Mark Draheim <rickcafe.casablanca.TakeThisOut@gmx.net> wrote:
> Vahis wrote:
>
>
>> Do I remember this right: On the client side one generates
>>
>> /home/username/.ssh/id_rsa.pub
>>
>> Then on the server side there should be
>>
>> /home/username/.ssh/authorized_keys
>>
>> and the client's id_rsa.pub needs to be appended to that file?
>>
>> This can be also all wrong.
>
> looks okay to me. But if authorized_keys does not exist or is empty,
> you can simply
>
> scp .ssh/id_???.pub user@host:.ssh/authorized_keys
>
> check perms and then try connecting with ssh -v
>

I've done this now _really_ many times, checking and double checking.

It works one way, from the server to the client, like this:

1. On the server I run
ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa

This generates the files, out of which I put on the client
id_rsa.pub, and rename it to authorized_keys

I connect > I'm in.

Exactly the same steps do not work the other way around.

I have checked various ways resulting to what I think I want:
the contens of the id_rsa.pub gets to be or appended to authorized_keys

Whatever I've tried, it works one way, not the other.

I'm also UID 1000 on both machines

/var/log messages says Failed publickey

ssh -vv -l user hostname:
we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive

Next I'll try to run sshd as a user in another port to check

Vahis
--
"Sunrise 4:52am (EEST), sunset 9:59pm (EEST) at Espoo, Finland (17:06 hours daylight)"
http://waxborg.servepics.com
Linux 2.6.25.20-0.4-default #1 SMP 2009-06-01 09:57:12 +0200 x86_64
10:47pm up 44 days 7:21, 14 users, load average: 0.09, 0.07, 0.07

J G Miller · External Since: Dec 08, 2004 Posts: 34

On Tue, 28 Jul 2009 20:04:10 +0000, Vahis wrote:

> Whatever I've tried, it works one way, not the other.

Do not forget to check that

1) connection to sshd (if compiled with tcp wrappers support) is
permitted in /etc/hosts.allow on the machine to which you are
trying to ssh

2) firewall between machine A and B (or ones even on A or B)
are not blocking port 22

From your verbose output message, I think that (1) is most probable
cause of the problem.

Vahis · External Since: May 19, 2007 Posts: 79

On 2009-07-28, J G Miller <miller RemoveThis @yoyo.ORG> wrote:
> On Tue, 28 Jul 2009 20:04:10 +0000, Vahis wrote:
>
> > Whatever I've tried, it works one way, not the other.
>
> Do not forget to check that
>
> 1) connection to sshd (if compiled with tcp wrappers support) is
> permitted in /etc/hosts.allow on the machine to which you are
> trying to ssh
>
> 2) firewall between machine A and B (or ones even on A or B)
> are not blocking port 22
>
> From your verbose output message, I think that (1) is most probable
> cause of the problem.

Funny, but at one stage I took /etc/hosts.allow from the machine that
lets me in.

I'm suspecting now that "blockhosts" may have to do with this.

I stopped it but all I got so far was the log/messages getting very lively.

http://www.aczoom.com/cms/blockhosts

I'm getting too tired, I'll go on tomorrow...

Vahis
--
"Sunrise 4:52am (EEST), sunset 9:59pm (EEST) at Espoo, Finland (17:06 hours daylight)"
http://waxborg.servepics.com
Linux 2.6.25.20-0.4-default #1 SMP 2009-06-01 09:57:12 +0200 x86_64
11:27pm up 44 days 8:01, 14 users, load average: 0.12, 0.14, 0.10