Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
it seems that I must have made some typo errors earlier when tried to connect to ssh sever (locally) on box B. I dont think it was disabled after all. I suspected this when i saw you naming the key 'ed25519' (on browsing through /etc/ssh_config i did see already a key/file with the same name; in fact, I deleted the key pair that I had created manually earlier with the ssh-keygen utility on box B and, it still connects to box C.
So now, I have the ed25519 file/key and I need to copy it in box A (work computer) although something tells me that I might already have those key/files on box A (work pc) already (like I had it on box C hence connected with no issues); however, if not and, forgive my ignorance, how can i transfer anything between the two computers if they are not connected beforehand?
Quote:
PasswordAuthentication no
Done! and everything double and triple checked, box B and box C (on same LAN) are still connecting, though before reloading the ssh service.
Something else interesting happen when i try to reload the ssh service.
The keys located in /etc/ssh are the host keys used to authenticate the computer itself and to prevent man in the middle attacks. They are also stored in the client computer's users /home/username/.ssh/known_hosts file but are not used to login to the server.
The public key i.e xxx.pub is stored in the server's i.e. destination computer users i.e /home/username/.ssh/authorized_keys file. The private key stays on the client computer /home/username/.ssh/ directory.
It is common to transfer keys using password authentication then once you know you can use keys it is disabled. You say you can still connect successfully. Are you being prompted for a password?
To restart the ssh server run the command.
/etc/rc.d/rc.sshd restart
I understood that the advantage of ssh key pair logging/authentication was to avoid password input.
Am i supposed to have this password on? or off? What am i missing?
You can add debug messages by using the -v option to the ssh command, adding more vs increases verbosity with max=3. That might help diagnose the problem.
I assume box B still has buth the public and public keys still in your .ssh directory. You should be able to login via keys on the same box via the command
You can add debug messages by using the -v option to the ssh command, adding more vs increases verbosity with max=3. That might help diagnose the problem.
I assume box B still has buth the public and public keys still in your .ssh directory. You should be able to login via keys on the same box via the command
ssh localhost.
yes I still have both keys in ~/.ssh and this is what happen
Code:
ash-5.0$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is xxx123:enegngnrwnrwnyRWTHWRHWerhwrYHXOnbVIJCxr7A.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
darkstar@localhost: Permission denied (publickey,keyboard-interactive).
bash-5.0$
Code:
bash-5.0$ ssh darkstar@192.168.0.xxx -v
OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.0.xxx [192.168.0.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/darkstar/.ssh/id_rsa type -1
debug1: identity file /home/darkstar/.ssh/id_rsa-cert type -1
debug1: identity file /home/darkstar/.ssh/id_dsa type -1
debug1: identity file /home/darkstar/.ssh/id_dsa-cert type -1
debug1: identity file /home/darkstar/.ssh/id_ecdsa type -1
debug1: identity file /home/darkstar/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/darkstar/.ssh/id_ed25519 type -1
debug1: identity file /home/darkstar/.ssh/id_ed25519-cert type -1
debug1: identity file /home/darkstar/.ssh/id_xmss type -1
debug1: identity file /home/darkstar/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.xxx:22 as 'darkstar'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qaefQHENHEHeabnqttttb+oM0wVhMSset3N0o2KHg
debug1: Host '192.168.0.xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/darkstar/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /home/darkstar/.ssh/id_rsa
debug1: Will attempt key: /home/darkstar/.ssh/id_dsa
debug1: Will attempt key: /home/darkstar/.ssh/id_ecdsa
debug1: Will attempt key: /home/darkstar/.ssh/id_ed25519
debug1: Will attempt key: /home/darkstar/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/darkstar/.ssh/id_rsa
debug1: Trying private key: /home/darkstar/.ssh/id_dsa
debug1: Trying private key: /home/darkstar/.ssh/id_ecdsa
debug1: Trying private key: /home/darkstar/.ssh/id_ed25519
debug1: Trying private key: /home/darkstar/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
darkstar@192.168.0.xxx: Permission denied (publickey,keyboard-interactive).
bash-5.0$
interestingly, when I i noticed that an 'authorized_keys' file was added to ~/.ssh on box C.
Then the key transfer worked and you should be able to connect as michaelk suggests in #28 above.
Then modify the ~/.ssh/config file on the machine you are connecting from, if you would like to save typing in the future.
interestingly, when I i noticed that an 'authorized_keys' file was added to ~/.ssh on box C.
Correct. the ssh-copy-id does a few things.
1. copies the rsa.pub file to the remote system.
2. creates or appends the authorized_keys file with your public RSA key
3. only works if you can ssh into the remote system and authenticate via some other means other than ssh keys.
All can be done without the ssh-copy-id, but that tends to make things simpler when it is available to the user.
check my links again and note the troubleshooting section for things to look into.
Your issues sound like a combination of issues from permissions to files not being updated. There are both issues and howto steps for troubleshooting as well as steps to resolve common issues in those links.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
