Re: Problems with ssh-keygen

From: Greg Wooledge (wooledg@eeg.ccf.org)
Date: 02/06/03

  • Next message: Sebastian Benner: "Re: Re: ssh via HTTP proxy..."
    Date: Thu, 6 Feb 2003 08:34:00 -0500
    From: Greg Wooledge <wooledg@eeg.ccf.org>
    To: Steve Perron <perronsteve@hotmail.com>
    
    

    On Tue, Feb 04, 2003 at 08:25:24AM -0500, Steve Perron wrote:

    > as some of you suggested I used ssh-keygen to automate my sftp connection
    > but the server side still asking me for a password even if a transfered my
    > public key to it.

    Permissions.

    > I will give you the steps I did for the ssh-keygen installation.
    >
    > 1. ssh-keygen -t dsa (on the openssh client side)
    > 2. put the .ssh/id_dsa.pub into .ssh/authorized_keys (on the openssh server
    > side)

    Check the permissions on $HOME and $HOME/.ssh and $HOME/.ssh/authorized_keys.
    Then check the permissions on every directory leading up to $HOME. I've
    seen cases where someone had $HOME = /foo/bar/u/username and one of the
    directories (e.g. /foo/bar) had group write permission.

    > Someone suggested me that the server side and client side had to have the
    > same username/password. Is it a reality?

    No, it's not.

    > Also, is there a possible miscommunication between two server that are not
    > the same, one HP and one Sun?

    The operating system should not matter. I've used passwordless
    authentication between HP-UX, Linux and OpenBSD. The version of SSH,
    however, might matter, as there is an interoperability issue with the
    key formats used by OpenSSH and commercial SSH.

    Also, if you're using OpenSSH 2.x, you've placed the public key in
    the wrong file (you need to use authorized_keys2 in that version).

    If all else fails, get root on the server, and run

       /path/to/sshd -p 2222 -d

    then connect to the server on port 2222. The server will emit debugging
    information which might help tell you why your authorized_keys file
    isn't being honored. (Client-side debugging, with "ssh -v", tends not
    to be useful in this kind of problem.)



    Relevant Pages

    • Re: Explanation of SSH
      ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
      (comp.security.ssh)
    • Re: Restricting ssh access to selected hosts
      ... Then copy the public key to the target box with: ... >> You can make the ssh server key-only, ... > want to login as "userB" on the server. ...
      (comp.os.linux.security)
    • Explanation of SSH
      ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
      (comp.security.ssh)
    • Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permi
      ... and got stuck setting up the public key login. ... I spent a few hours yesterday trying to get SSH going again. ... Log in using your private key from the server (ie. login to the ...
      (freebsd-questions)
    • Re: write with cURL
      ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
      (alt.php)