Re: [SLUG] SSH Question

From: billt (billt@ifelse.org)
Date: Wed Aug 15 2001 - 10:51:46 EDT


On Wed, Aug 15, 2001 at 10:01:47AM -0400, Russell Hires wrote:
> Okay, I did that. I took the identity.pub from remotebox, put it on localbox,
> did a "cat ~/.ssh/identity.pub >> ~/.ssh/authorized_keys" (as root) and still
> I'm getting the message that the key isn't recognized. Maybe I didn't take
> the key from the right place on remotebox?

Are you asking about how to make password-less authentication work
between two machines, or how to determine the key fingerprint for
the host key while logged into the host machine?

If you want passwordless logins, the you need to add the identity.pub
to the ~/.ssh/authorized_keys on the _remote_ box. Don't do it
as root, do it as the owner of ~, and set the permissions of
authorized_keys to 600, owned by whomever owns ~.

Also consider password protecting the private key (identity) and use
ssh-agent to manage the keys and authentication. Without a password,
if someone can use your account on localbox, they immediately
have access to remotebox and whatever other machines where your
identity.pub might reside. All a cracker needs to do is check your
known_hosts for a list of machines you have visited and start trying.

> On Wednesday 15 August 2001 04:39, you wrote:
> > Append the public key in ~/.ssh/identity.pub on the client station to
> > the file ~/.ssh/authorized_keys on the server station. Then, unless you
> > entered a passphrase when you generated the key with ssh-genkey, it all
> > connects automagically, since the server now has your public key.
> >
> > The home directories on each respective machine belong to 1) who you're
> > logged in as on the client machine and 2) who you are logging in as on
> > the server.

> > Russell Hires wrote:
> > > I can't sleep, so I have a question: I'm wanting to make sure that the
> > > machine I'm logging into for the first time is the one I want. So, when I
> > > ssh me@remotebox, I'm presented with
> > >
> > > The authenticity of host 'painter (199.164.107.21)' can't be established.
> > > RSA1 key fingerprint is c4:07:c6:65:26:58:8c:2a:ea:f0:37:12:d1:8b:e2:88.
> > > Are you sure you want to continue connecting (yes/no)?
> > >
> > > I want to know how to get remotebox to show me the key fingerprint when
> > > I'm physically at the console for that computer. That way I can match the
> > > key fingerprint I'm presented at the very first ssh login with a key
> > > fingerprint I know to be authentic.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:26:46 EDT