Find the answer to your Linux question:
Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By alf55
Hello, I am trying to set up two computers, a server and a client. The more I read from different sites the more confused I get. On the server, in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2006
    Posts
    31

    Post Please help me understand SSH


    Hello, I am trying to set up two computers, a server and a client. The more I read from different sites the more confused I get.

    On the server, in the .ssh directory I created id_rsa and id_rsa.pub key pair. Then I made a copy of the public key saved it to authorized_keys file. So now I have three files id_rsa, id_rsa.pub and authorized_keys on the server.

    On the client, I copied the authorized_keys from the server to the client's .ssh directory

    Now the first time I ssh from the client to the server, it gives the usually verbose output -blah,blah, blah... so I typed yes,
    then it asks me for password. Later on I came back to the client to ssh, the verbose blah, blah, blah is gone but it still ask me for password.

    I thought the purpose of using key auth is not to have to enter password every time. Is that right?

    Also is it correct that the server should have all three files- id_rsa, id_rsa.pub and authorized_keys and
    the client only needs the id_rsa.pub and authorized_keys.

    And then one last thing, do both server and client need to have known_host file?

    Phew, long post!

    I will really appreciate if someone can explain this to me to help me understand how it works. Thanks in advance.
    Last edited by MacPC; 02-19-2013 at 01:22 AM.

  2. #2
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    627
    First of all, the use of
    Code:
    ssh-keygen
    create a public/private key for the user running the command. This is done on the source end of a connection (i.e. where you start a ssh session not the machine to which you connect. You only generate one public/private key for that user regardless of the number of computers that you ssh to. Then you run the command
    Code:
    ssh-copy-id  userid@hostnameoripaddredd
    and enter the password for the user "root" on "hostnameoripaddredd". This command copies your public key to the remote system for the specified userid. At this point, you should be able to connect to the remote machine without using the password (but it depends on the configuration of the ssh server on the machine that you are attempting to connect to).

    If you have access to a second computer, simply used the "ssh-copy-id" command again.

    If your "private" key gets compromised, then you need to generate a new key pair and update all the computers (revoking the old key and adding the new key). Without revoking the old key, the breached key will allow access.

    Then you need to also look at "scp", "sftp", "ssh-agent", "ssh-add" commands.
    elija likes this.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,408
    You may also need to edit the /etc/ssh/sshd_config file - see the man page for that for details that are not clear from comments in the file: man sshd_config
    As for known_hosts, that is populated as you connect to the server.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  4. #4
    Just Joined!
    Join Date
    Oct 2006
    Posts
    31
    I see what my problem was now, I kept mistaken that the public key needs to be on the client, turn out it was the opposite. I got it to work perfectly.
    @Rubberman I didn't have to do anything with config file either.
    @alf for some reason there isn't "ssh-copy-id" on my system.
    Now I understand much better, Thank you everyone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •