hi guys,
i understand the concept of a public and private key for ssh signing and encryption...i just dont get the implementation.
if you have a client and a server and you want two way communication do both have to have each others public keys in the .ssh/authorized_keys files on each respectively?
should you use a password? does it matter if you want to run say rsync from one to the other with a cron job or script?
does anybody just have a breakdown of exactly what you need to do and how it works in different situations...
i found this:
https://www.digitalocean.com/communi...up-ssh-keys--2
seemed to help...but im still not 100% clear...
hi people,
i reinstalled my server with centos 7 to get familiar with it...
i have a laptop that im using cygwin on to ssh into the centos 7 server.
i ran ssh-keygen -t rsa on the server and now in .ssh i have a public and private key created.
i copied the public key from the server to my C:\cygwin64\home\Administrator\.ssh\known_hosts file
now when i input:
ssh userontheserver@serversip
it asks for the passphrase which i created when i did the keygen
on the server
when i put the passphrase in it says permission denied
and returns me to the command line
what am i doing wrong?
do i have the steps correct?
am i right in saying that you need to have the servers public key in your known_hosts file on the client computer to get communication working?
I set up public key authentication between my MacBook and and VPS for added security and convenience when I SFTP things to my VPS.
Now I have some new clients who want me to manage their websites, and I want a similar set up for each client.
Do I need a public/private key pair for each client?
How can I be sure that whatever I do in my SFTP client doesn't put the other accounts - particularly my own VPS - at risk?
Thanks,
Rob
For the last few weeks I've been trying to setup SSH keys from my main Linux server to all of the other Linux servers that I use.
I'm using the HOWTO here
http://unix.stackexchange.com/questi...authentication
It didn't work. It was still asking for a password or the pass phrase.
So...I did my troubleshooting he
http://unix.stackexchange.com/questi...authentication
In the end, I deleted all of the public/private keys and did the following steps:
ssh-keygen (not specifiying a rsa key)
and then to copy over the key I did the following ssh-copy-id username@xx.xx.xx.xx
...and it worked!
I'm wanting to understand why this is working Vs the ways I'm seeing on other websites.
thanks
I have read about GPG-encryption on the German, English and the Dutch wikipedia and I cannot make sense of it.
So can please someone explain the inner workings of GPG. And by that I don't mean how to make a key. The general idea of it.
Something like: there is Bob and John. Bob wants to send a mail to John in a safe way. He uses GPG for it. And then the story about public and private keys etc. As though I am five years old.
I have been asked to setup an SFTP which uses RSA public key authentication.
AS it was already in use I have opted to use CygWin and I can get it to work with passwords fine.
we are going to be hosting the SFTP server with users from the clients office connecting to it. The client has sent me their public key.
Having done LOts of reading and even more attempting to configure the server I just cant get it to work. Most of thetime I get..
ebug1: Host '127.0.0.1' is known and matches the ECDSA host key.
debug1: Found key in /home/ColoniAdmin/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_rsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_dsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ecdsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
I have once managed to get it to the point of asking for a passphrase for the private key but I don't have a private key (that I know of) just the public key the client sent us. and I certainly don't want to have to use passphrases
Their public key is in the authorized_key file on our server within the .ssh folder of their home folder. I have amended paswd and sshd_config to set home location and to allow RSA authentication.
All and any advice is super welcome, I have been doing this for 2 weeks now and i just wont work.
HELP HELP HELP!!!!!! ;-)
Thanks
I have two centos 7 Server machines. "Machine-1" is having two NIC cards, one with public ip and another with private ip address. "Machine-2" is having a one NIC card with a private IP Address. how can i configure NAT on machine-1 to forward all TCP Traffic coming on public ip to the private ip of machine-2.
Pls give me a solve.its give me pain
Following the instructions on the spotify site to install on ubuntu/debian it says:
# 2. If you want to verify the downloaded packages,
# you will need to add our public key
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 94558F59
It's a reputable site so I did it and everything works ok.
Would this be a risky action at a less reputable site or is it more risky not to add the public key?
Hello,
I generated and uploaded a public key through SSH Client software to our dedicated server. It works fine from the computer I have generated.
My laptop windows become corrupt and I downloaded this key from my email that is attached previously.
Now I am trying to import in SSH Client but its throwing error that unable to read this key file
Can I generate public key from our dedicated server and upload as attachment in my email so that whenever I want I can use and access our server from any machine?
Please advise
Thanks in anticipation
Am trying to set up SSH key authentication with my new VPS.
When I use CyberDuck to log in to my VPS, the "fingerprint" is not matching the one that was created when my keys were created and the connection is failing.
I am wondering if the problem is due to the fact that I ran ssh-keygen on my MacBook and then copied and pasted the Public Key into a webform in cPanel?
While my host allows you to generate the key pair on the VPS, it creates a security issue in that I would then have to find a safe way to get my Private Key back to my MacBook.
So, instead, I opted for the opposite approach and chose to create the key pair on my Mac - thus leaving the Private Key untouched on my Mac.
Any idea what is going on?
Rob
Hi guys,
I have a problem using scp within following verbose statements:
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
user@remote_machine1IP's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v httpd_ip_change2.conf. user2@remote_machine2IP:/usr/local/apache/conf
Executing: program /usr/bin/ssh host remote_machine2IP, user user2, command scp -v -t /usr/local/apache/conf
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug1: Connecting to remote_machine2IP [remote_machine2IP] port 44.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/identity type -1
debug1: identity file /home/user1/.ssh/id_rsa type 1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remote_machine2IP' is known and matches the RSA host key.
debug1: Found key in /home/user1/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user1/.ssh/identity
debug1: Offering public key: /home/user1/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic,password).
lost connection
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
I have been trying to copy files between two remote machines. (RHEL 5.7 on Windows by Mremote).
Thank you !