Ssh issues

DOkuwa · May 22, 2017, 7:49am

i have two servers that i have installed ssh but i want to copy the public keys from one server to the other using the ssh-copy-id user@x.x.x.x
i do get a message to put my password for that user and it then comes out with an error message permission denied after imputing my password for this user account

Peasant · May 22, 2017, 10:34am

Can you ssh to host with that user or the same error appears ?

Check out sshd_config on the server, specifically for existence of directives :

DenyUsers
AllowUsers
DenyGroups
AllowGroups

DOkuwa · May 22, 2017, 2:26pm

I dont have that in my sshd_config file do i need to add it and where

Aia · May 22, 2017, 9:57pm

You do not need to have those. Those are possible entries that might prevent you from login in. The default configuration does not have them.

There is nothing special about ssh-copy-id It's a helper shell script that allows you to blindly setup a /home/user/.ssh/authorized_keys file and copy the public key to it. I could say that it is border line dangerous.

Make sure you can login to the node, normally with the password, using just ssh. If you can login on the remote node as the user, do the following:

mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 644 ~/.ssh/authorized_keys

In your local node where the key pair was created:
cat and copy the ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub showing in the screen.
In the remote server:
open the ~/.ssh/authorized_keys and paste the blob that you just copied from the local node. Save the file.

The important part is to have proper credentials to login on the remote server via ssh.

DOkuwa · May 23, 2017, 5:03am

The issue i also have is that i cannot login into the box
with ssh

rbatte1 · May 23, 2017, 7:54am

So, how would you like to authenticate with the server? Should it allow anyone to just create an account and set up keys perhaps?

You need to have a valid account to sign in as first. You must have the ability to sign in, else you have no protection at all. This can be done but, um, you need an account on the box to do it :rolleyes: Would you want just anybody to be able to sign on as anybody?

Surely the answer is no. So, who would grant you access to the the user account that you want to use with an ssk-key?

Robin

DOkuwa · May 23, 2017, 8:26am

I already have an account on both servers and this is not an issue
I run on Ubuntu and if I don't have an account I would not be able to login to box servers

vbe · May 23, 2017, 8:37am

Are you saying you connect ( without problem - no issue ) with say telnet to the other box with your account but cant when trying the same using ssh?

Are you talking about the same user?

apmcd47 · May 23, 2017, 9:03am

Can you ssh from either machine to the other? Can you paste the error message you are getting please?

Andrew

DOkuwa · May 23, 2017, 10:15am

Thanks

I have attached a screenshot of my screen in the attachment below

rbatte1 · May 23, 2017, 11:51am

So, it is saying that you don't have permiission to sign on to 192.168.82.129. You have started the service on your local host so that won't help, but sshd appears to be running on 192.168.82.129 because you get a sensible response for a password rather than a straight refusal.

You need to ask the person who manages 192.168.82.129 to set you a password on it. Then once you can sign on interactively, we can sort out the rest.

Robin