RE: SSH with OpenSSH and Putty - Please Help!
From: Jim Conner (jconner_at_lrn.com)
To: "'Armour, Aaron J (BearingPoint)'" <email@example.com>, "'firstname.lastname@example.org'" <email@example.com> Date: Tue, 2 Mar 2004 10:31:33 -0800
(note to all...I hate outlook)
-- OK. I deleted all my keys on the server and locally. I generated a key pair, copied the public key to the files of authorized_keys and authorized_keys2 in a the /.ssh/ directory on my server. I used keys and keys2 because some internet info says to name the file keys and some says keys2. So then I loaded the private key into Pagent and it was running in Pagent and then I tried to connect via Putty and I got the same thing. It will sync up the private keys, but something is not right with the public keys it still appears. After the output says that it likes the private key match, the client then sends their public key to the server and the server does not take it. Maybe it's a user issue. I try to login as me on the server via ssh through Putty, let's say my username is ajarmour, but I don't have anything in my home directory at all on the server. Do I need to? -- new comments Yup. You need to put the authorized_keys in each home directory under the .ssh directory. If you are root, then you need them in the /root/.ssh. If you login as ajarmour then you need them in /home/ajarmour/.ssh (assuming your users' home directory are in /home). You can also make the authorized_keys file a symlink to authorized_keys2. I've found that in times past this hasn't caused me problems. You might also want to force the server to protocol 2 by disabling protocol 1. Thats done with the Protocol directive in the config file. -- stop new comments I am root on this server and I do everything as root, but I don't want to allow root login, so do I need an /.ssh directory in my ajarmour home directory? The authorized_keys files that I have on the server are in the /.ssh/ directory, not the /ajarmour/.ssh/ directory, but should they be? Maybe this is the problem or maybe it's that I need to convert the key with the Export OpenSSH tool in PuttyGen? Here is the putty.log output again: -- new comments You do need to export the key from OpenSSH's key with puttygen. But this is only for the public key that you bring over from the server to the machine which you are using putty. So, to recap: On the server that you are running OpenSSH that you are trying to make a key-based authenticated connection you need a public key properly put into the authorized_keys (meaning authorized_keys and authorized_keys2) files. Those files are placed in $HOME/.ssh/ where $HOME is the home directory that each user logs in under. I usually just cat the id_dsa.pub file to authorized_keys example: $ ssh-keygen -b 1024 -t dsa (follow prompts) $ cd $HOME/.ssh/ $ cat id_dsa.pub >> authorized_keys2 $ ln -s authorized_keys2 authorized_keys Then, you need to have the private key file that was created when you generated your openssh key pair on the server copied over to your windows machine. Then you need to use the puttygen tool to convert that key over to a putty key. My memory is old on the putty part but the documentation for putty in that regard is good so you should be able to do that part pretty easily. On windows: C:\> pscp firstname.lastname@example.org:.ssh/id_dsa c:\ (or ftp or send file to yourself as an attachment from your linux machine) (follow prompts) C:\> puttygen (switches to convert key to putty key). You might need both the private key and the public key to do the conversion but I doubt it. I just don't remember. After that, it should work. If I missed anything please let me know. - Jim