Managing Keys For Multiple Hosts?

I set up public key authentication between my MacBook and and VPS for added security and convenience when I SFTP things to my VPS.

Now I have some new clients who want me to manage their websites, and I want a similar set up for each client.

Do I need a public/private key pair for each client?

How can I be sure that whatever I do in my SFTP client doesn't put the other accounts - particularly my own VPS - at risk?

Thanks,


Rob


Similar Content



Need Help With SSHD

I have been asked to setup an SFTP which uses RSA public key authentication.

AS it was already in use I have opted to use CygWin and I can get it to work with passwords fine.

we are going to be hosting the SFTP server with users from the clients office connecting to it. The client has sent me their public key.

Having done LOts of reading and even more attempting to configure the server I just cant get it to work. Most of thetime I get..
ebug1: Host '127.0.0.1' is known and matches the ECDSA host key.
debug1: Found key in /home/ColoniAdmin/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_rsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_dsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ecdsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

I have once managed to get it to the point of asking for a passphrase for the private key but I don't have a private key (that I know of) just the public key the client sent us. and I certainly don't want to have to use passphrases

Their public key is in the authorized_key file on our server within the .ssh folder of their home folder. I have amended paswd and sshd_config to set home location and to allow RSA authentication.

All and any advice is super welcome, I have been doing this for 2 weeks now and i just wont work.

HELP HELP HELP!!!!!! ;-)
Thanks

Problem With Key Authentication

Am trying to set up SSH key authentication with my new VPS.

When I use CyberDuck to log in to my VPS, the "fingerprint" is not matching the one that was created when my keys were created and the connection is failing.

I am wondering if the problem is due to the fact that I ran ssh-keygen on my MacBook and then copied and pasted the Public Key into a webform in cPanel?

While my host allows you to generate the key pair on the VPS, it creates a security issue in that I would then have to find a safe way to get my Private Key back to my MacBook.

So, instead, I opted for the opposite approach and chose to create the key pair on my Mac - thus leaving the Private Key untouched on my Mac.

Any idea what is going on?


Rob

Ssh Public And Private Keys...

hi guys,

i understand the concept of a public and private key for ssh signing and encryption...i just dont get the implementation.

if you have a client and a server and you want two way communication do both have to have each others public keys in the .ssh/authorized_keys files on each respectively?

should you use a password? does it matter if you want to run say rsync from one to the other with a cron job or script?

does anybody just have a breakdown of exactly what you need to do and how it works in different situations...

i found this:

https://www.digitalocean.com/communi...up-ssh-keys--2

seemed to help...but im still not 100% clear...

Centos 7 Public And Private Keys...

hi people,

i reinstalled my server with centos 7 to get familiar with it...

i have a laptop that im using cygwin on to ssh into the centos 7 server.

i ran ssh-keygen -t rsa on the server and now in .ssh i have a public and private key created.

i copied the public key from the server to my C:\cygwin64\home\Administrator\.ssh\known_hosts file

now when i input:
ssh userontheserver@serversip

it asks for the passphrase which i created when i did the keygen
on the server

when i put the passphrase in it says permission denied
and returns me to the command line

what am i doing wrong?

do i have the steps correct?

am i right in saying that you need to have the servers public key in your known_hosts file on the client computer to get communication working?

Generating Private Key On Server To Download And Access From Any Machine

Hello,

I generated and uploaded a public key through SSH Client software to our dedicated server. It works fine from the computer I have generated.

My laptop windows become corrupt and I downloaded this key from my email that is attached previously.

Now I am trying to import in SSH Client but its throwing error that unable to read this key file

Can I generate public key from our dedicated server and upload as attachment in my email so that whenever I want I can use and access our server from any machine?

Please advise

Thanks in anticipation

Finally Got SSH Keys To Work, Had To Use A Different Command...WHY?

For the last few weeks I've been trying to setup SSH keys from my main Linux server to all of the other Linux servers that I use.

I'm using the HOWTO here

http://unix.stackexchange.com/questi...authentication

It didn't work. It was still asking for a password or the pass phrase.

So...I did my troubleshooting he

http://unix.stackexchange.com/questi...authentication

In the end, I deleted all of the public/private keys and did the following steps:

ssh-keygen (not specifiying a rsa key)

and then to copy over the key I did the following ssh-copy-id username@xx.xx.xx.xx

...and it worked!

I'm wanting to understand why this is working Vs the ways I'm seeing on other websites.

thanks

ProFTPD Logs STRANGE

proftpd is running in port 2222. Vendor user "ABC" logs in successfully. When I check the /var/log/proftpd/sftpd.log file I see strange things, time stamp changes from 11:xx to 10:xx during user ABC login..!

Mar 17 11:44:34 mod_sftp/0.9.7[49192]: sending acceptable userauth methods: keyboard-interactive,password
Mar 17 10:44:34 mod_sftp/0.9.7[49192]: sending userauth success
Mar 17 10:44:34 mod_sftp/0.9.7[49192]: user 'ABC' authenticated via 'keyboard-interactive' method
Mar 17 11:44:35 mod_sftp/0.9.7[49193]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Mar 17 11:44:35 mod_sftp/0.9.7[49193]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Mar 17 11:44:35 mod_sftp/0.9.7[49193]: disconnecting client (received EOF)
Mar 17 10:44:35 mod_sftp/0.9.7[49192]: 'subsystem' channel request for 'sftp' subsystem
Mar 17 10:44:35 mod_sftp/0.9.7[49192]: using SFTP protocol version 3 for this session (channel ID 0)
Mar 17 10:44:35 mod_sftp/0.9.7[49192]: client set permissions on '/12345_FULL' to 0666



Any thougs on this?

SFTP Configuration For Single Directory Per User

Dear Members,

I am trying to configure sftp on my Server (Redhat). But I am facing following issue.

Link used: https://www.linode.com/docs/tools-re...ian-and-ubuntu

These are the parameters added to /etc/ssh/sshd_config file :

Quote:
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Permission home Directories are as follows :

Quote:
ls -ld /home/test1/
drwxr-xr-x 7 root root 4096 May 14 09:49 /home/test1/

ls -l /home/test1/
total 12
drwxr-xr-x 2 root root 4096 May 14 09:49 docs
drwxr-xr-x 2 root root 4096 May 13 11:43 nitish
drwxr-xr-x 2 root root 4096 May 14 09:49 public_html

Debug Command : sftp -vvv test1@Ipaddress

Code:
debug1: Next authentication method: password
test1@IP-address's password:
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1421
debug1: Authentication succeeded (password).
debug2: fd 4 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 128 bytes for a total of 1549
debug3: Wrote -1 bytes for a total of 1549
Write failed: Broken pipe
Couldn't read packet: Connection reset by peer

I need the user can't access/see the other directories other than it's own directory

Waiting for your response.

Thank you

Redhat-Keeda

Downloading With SSH

So I was able to successfully install CyberDuck on my MacBook and configure it with my VPS using SSH Authentication Keys and a Passphrase on my Private Key.

It seems to be working well, and I feel like I can trust it when uploading files to my VPS.

But what about downloading?

This may sound dumb, but I am not entirely sure how to securely download things (e.g. Server Backups) from my VPS to my MacBook using CyberDuck...

Sincerely,


Rob

Unable To Access Ssh Anywhere On Port 22

Hi I'am newbie here,can somebody help me to fix accessing port 22 using ssh anywhere. Please see the sshd_config below:

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility LOCAL3
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
AllowUsers root

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes