Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: HOWTO: SSH & Public Keys

  1. #21
    Join Date
    Oct 2005
    Location
    Quito, Ecuador
    Beans
    49
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HOWTO: SSH & Public Keys

    Quote Originally Posted by msr7x57
    For those of you who are thinking that ".ssh/authothized_keys" is ssh1 and ".ssh/authothized_key2" is ssh2
    I am actually using the authorized_keys file and not the authorized_keys2. If you want to use authorized_keys2 You'll have to change the following line in the sshd_config file.

    AuthorizedKeysFile %h/.ssh/authorized_keys

    change it to:

    AuthorizedKeysFile %h/.ssh/authorized_keys2

    Greetings,
    Felipe

  2. #22
    Join Date
    Nov 2005
    Beans
    2

    Re: HOWTO: SSH & Public Keys

    Hey, just wanted to post the solution to a problem I was having on both suse and ubuntu.

    After following instructions similar to this HOWTO, I was successful in loggin into my server using public key authentication, using an rsa key (I have read that there are security issues using dsa).

    However, when I set up additional user accounts the server would refuse to use pubkey authentication and would either prompt for a password or give me an error (if I had disabled password auth).

    It was frustrating -- I had identical permissions on my authorized_keys file, and even identical content (I was using the same private key for both).

    I tried a lot of things, including cp'ing vs >>'ing to create the file; tried authorized_keys2 vs authorized_keys ... played with group membership; no luck.

    Finally after reading this thread I did a man ssh-copy-id and learned that you can't have group write access on either your home, your ~/.ssh directory, or the authorized_keys file.

    chmod g-w on each of these, and it worked!

    This seems strange, since Ubuntu seems to follow the UPG scheme, similar to redhat, where users have private groups. I had changed my umask to 002 to enable my users to access subversion repositories as themselves, and this is why my new user accounts had the wrong permissions for SSH.

    Hope this helps someone else!

  3. #23
    Join Date
    Feb 2006
    Beans
    3

    Re: HOWTO: SSH & Public Keys

    I've spent a lot of time trying to get ssh keys to work and this thread was real helpful. The post by grugnog and the advice that StrictModes should be 'no' worked for me. Overall, there is a lot of great advice here. I'm new to the Ubuntu community. Will all of this helpful information get funnelled into the incomplete howto/wiki? I imagine that wasn't incomplete at one point (or on a certain system maybe)... but there are a lot of settings that should be mentioned to insure a successful setup and increase security.

    Thanks everyone!

    http://ubuntuforums.org/images/smilies/icon_wink.gif

  4. #24
    Join Date
    Nov 2006
    Location
    Denmark
    Beans
    83

    Re: HOWTO: SSH & Public Keys

    Quote Originally Posted by dashersey View Post
    This seems strange, since Ubuntu seems to follow the UPG scheme, similar to redhat, where users have private groups. I had changed my umask to 002 to enable my users to access subversion repositories as themselves, and this is why my new user accounts had the wrong permissions for SSH.

    Hope this helps someone else!
    Wooohoooooo. Just helped to me. Thank you!

  5. #25
    Join Date
    May 2007
    Beans
    17

    Re: HOWTO: SSH & Public Keys

    Quote Originally Posted by dmccarney View Post
    Also, the PUTTY docs hint to a possible weakness in the DSA key for use with the SSH-2 protocol and recommends using RSA for SSH-2 instead so I modified your how-to to do that. Its all the same steps except for a different argument when you generate the key-pairs and of course point all of the other steps to the correct RSA keys.

    The changed line in the howto at the start is

    Code:
    ssh-keygen -t dsa
    changed to:

    Code:
    ssh-keygen -t rsa
    Make sure you change all the subsequent lines to point to the RSA files and not a DSA file.
    I just looked into RSA vs. DSA key strength and security. Lots of googling yielded two good technical references in
    http://en.wikipedia.org/wiki/Rsa
    and
    http://en.wikipedia.org/wiki/Digital...ture_Algorithm

    It was finally "man ssh-keygen" that cinched it for me:

    -b bits
    Specifies the number of bits in the key to create. For RSA keys,
    * the minimum size is 768 bits and the default is 2048 bits. Genâ
    * erally, 2048 bits is considered sufficient. DSA keys must be
    exactly 1024 bits as specified by FIPS 186-2.
    As a federal standard, DSA is somewhat hamstrung in its evolution. On the other hand keystrength of RSA is adjustable, and defaults to "twice" the keystrength of DSA.

    Now that the U.S. RSA patent is expired, I see ssh-keygen's default key choice of RSA,2048bit as a perfectly reasonable choice.

  6. #26
    Join Date
    Aug 2007
    Location
    Between here and there
    Beans
    8
    Distro
    Ubuntu 7.04 Feisty Fawn

    Re: HOWTO: SSH & Public Keys

    OK I need some help, you listed in here to upload the keys to the server ie::

    Code:
    username@ubuntu:~$ scp id_dsa.pub serverusername@192.168.1.40:./id_dsa.pub
    
    id_dsa.pub    100% |*****************************************************|  
     614  00:00
    What server are you talking about? The only computer in my house on linux is the one I am working with. I want to log into it from my other windows boxes through putty or secureCRT or something.

    Does my windows need the public key and if so where do i put it? What would be the file format and how would a program such as putty read it?

  7. #27
    Join Date
    Nov 2006
    Beans
    66

    Re: HOWTO: SSH & Public Keys

    Thanks man

  8. #28
    Join Date
    Jun 2007
    Location
    Dallas/Ft. Worth, TX
    Beans
    7
    Distro
    Ubuntu 8.10 Intrepid Ibex

    Re: HOWTO: SSH & Public Keys

    I have a question on this - I have set up my Ubuntu PC as "server1" to be accessed remotely. This works fine. I have another machine that I've also set up as "serve2r" and generated a key. How do I add my key from server2 to server1 so that server1 can be a client to server2? I can't just copy the key over as it would overwrite my existing key. Does this make any sense???

  9. #29
    Join Date
    Apr 2005
    Beans
    13

    Re: HOWTO: SSH & Public Keys

    ok thanks very helpfull post
    Thyrth
    -1840- Belgica

  10. #30
    Join Date
    May 2007
    Location
    Pittsburgh/Indiana, PA
    Beans
    15
    Distro
    Kubuntu 7.04 Feisty Fawn

    Re: HOWTO: SSH & Public Keys

    Quote Originally Posted by Beernut View Post
    At the "Enter passphrase" prompt enter a strong password. This password is needed to use the key so this adds some security in case your private key ever gets stolen. Your private key needs to be protected.
    I pretty much only use SSH for one program (Amarok), so I want to be able to just put a launcher on my desktop with a command like "ssh -X user@192.168.2.10 amarok" and not have to open a terminal and type in a password.My 2 *buntu boxes are on a WEP protected wireless network and my router only forwards a couple hi-end ports for Ktorrent. Is there really a need for me to passphrase-protect my key if i'm only planning on SSHing from my local network?

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •