ssh-keygen questions (not working)

tekline · August 22, 2007, 2:10pm

I have created the keys and placed the public key in the remote user directory (not the server root).
(remote machine: dwebapp1)
ex: /home/webarch/user_name/.ssh/authorized_keys2

cannot ssh into the remote machine using the following command:
ssh ${dwebapp1}

the manned description gives the following pattern:
[options] host [command]
(one of the options is this:)
Options:
-l user Log in using this user name.

But this is not working form me.
I just want to connect from one machine to the other without keying in the user name and password. Please help. The tutorial seems straight forward but I am having trouble. I am using the following tutorial link:

No Passwd Required - Mt Xia: Technical Consulting Group

Thank you for any help you can provide

tekline · August 22, 2007, 2:17pm

Here is the error I am recieving when typing ssh ${dwebapp1} at the command line of the originating machine:

ssh: $\033[3~{dwebapp1}: no address associated with hostname.

tekline · August 22, 2007, 2:22pm

Also,

I was not able to use 'scp' command. Instead I used a different ftp client to place the key file on the remote machine in the user's .ssh directory.

porter · August 22, 2007, 5:09pm

are you using openssh or ssh2?

tekline · August 22, 2007, 11:53pm

I managed to ssh between servers. I created and installed public keys for both machines so that I can ssh from both servers to each other (from server A to B and from server B to A).

I did discover that if using the ssh command at the command line I don't need to use the ${servername} brackets, etc. simply typing 'ssh servername' is the correct format.

I am not sure why the difference from the tutorial I used but it works.

Also, I managed to use 'scp' command but I could only place the key in the root .ssh directory of the remote server.

I am not sure which version of ssh I am using since I am not the administrator of this box. How do I find out?

joerg · August 23, 2007, 7:17am

ssh -V
shows the Version
Best regards joerg

tekline · August 23, 2007, 9:44am

Thanks Joerg. The version is listed below.

Server 1 (connecting from)
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090605f

Server 2 (connecting to - dwebapp1)
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004

tekline · August 23, 2007, 10:12am

Ok. The program still is not working. It still is asking for a password. The funny thing is when I use 'ssh dwebapp1' at the command line it will show 'source user@remote host'

<<source>>
#!usr/bin/ksh

hostname=dwebapp1
login_name=clport

# password=

if [ -n `ssh $login_name@$hostname 'ls test/testfile.txt 2>/dev/null'` ]; then

 echo file exists

else
echo "file doesn't exist";
fi

<<output>>
$ ksh file_exists.ksh
clport@dwebapp1's password:
file exists

tekline · August 23, 2007, 3:30pm

OK. It does pay to know which ssh you are using.

$ ssh -V
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090605f

this pointed me to the proper syntax for using private/public keys and ssh

public/private passwordless keys using: ksh and OpenSSH

This process allows an ssh connection between 2 servers without command-line authentication and run commands via a program.

From the server you will be connecting from: create a key pair:

ssh-keygen -t rsa #note: I did not use passphrase - just hit �enter'

<<output to screen>>
Generating public/private rsa key pair.
Enter file in which to save the key (/home/WebARCH/ol_inv/.ssh/id_rsa):
Created directory '/home/WebARCH/ol_inv/.ssh'.
Enter passphrase (empty for no passphrase): <press enter key and bypass>
Enter same passphrase again: <press enter key and bypass>
Your identification has been saved in /home/djm/.ssh/id_rsa.
Your public key has been saved in /home/djm/.ssh/id_rsa.pub.
The key fingerprint is:
3c:7e:41:2c:d2:51:f8:0b:ef:78:e7:e3:22:eb:af:6a ol_inv@dpbmdb2

Once you have generated a key pair, you must now install the public key on the server that you wish to log into. The public portion is stored in the file with the extension .pub in an ASCII encoding. Note: it is all one continuous line without line breaks.

Now you need to move that public key to the remote server paying close attention to file permissions. UNIX is very particular when it comes to file permissions. In order for the private key (resides on the source server �.ssh/id_rsa' to be recognized there cannot be any permissions for group or other, just for user:

-rw------- 1 ol_inv whs 883 Aug 23 09:26 id_rsa

To enable public key authentication on a server, you need to append the public portion of the key to the/.ssh/authorized_keys file. This may be accomplished with the following command-line:

ssh dwebapp1 "umask 077; cat >> .ssh/authorized_keys" </.ssh/id_rsa.pub
^^^^^^^^ ^^^^^^^^^^^^
Remote server Source server

The restrictive umask is required because the server will refuse to read/.ssh/authorized_keys files which have loose permissions. Once the public key is installed on the server, you should now be able to authenticate using your private key

Test your keys:

ssh username@host
If you do not see your remote server's splash page and you see the following page:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '/usr/local/ol_inv/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/ol_inv/.ssh/id_rsa
Enter passphrase for key '/usr/local/ol_inv/.ssh/id_rsa':

Then you need to go back and check the permissions on the source server where the private key resides: id_rsa

After you correct your permissions on that file:

chmod 700 id_rsa

Try again:

ssh remoteuser@remoteserver

Note: replace remoteuser with actual user name on remote server
replace remoteserver with actual remote server name

tekline · August 23, 2007, 4:22pm

also if when trying to ssh into the remote server and you are prompted for that server's password then the keys are not set up correctly. When attempting to ssh into the server it should automatically give you the remote server's splash screen.

if you are simply prompted for a password then check the file permissions for authorized_keys on the remote server. Those permissions must be:

chmod 644

jmkraja · September 1, 2008, 9:17pm

Hi Tekline Can you pls help me in making this work? I'm facing the same problem as the server prompts for the password everytime.

Steps in Detail:
--------------
Source Machine: SRC_Machine
Remote Mahcine: RMT_Machine

I logged on to SRC_Machine
ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

and generated a Key as shown below..
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/.ssh/id_rsa): /home/.ssh/id_rsa_test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/.ssh/id_rsa_test.
Your public key has been saved in /home/.ssh/id_rsa_test.pub.
The key fingerprint is:
b6:74:7f:84:6f:21:68:fb:86:5c:2f:03:79:c9:ff:61

Modified the permision of the private key file to
chmod 600 id_rsa_test
-rwx------ 1 951 Sep 2 13:09 id_rsa_test

Then i did to appen the public key to Authorized Keys
ssh RMT_Machine "umask 077; cat >> .ssh/authorized_keys" < /home/.ssh/id_rsa_test.pub

chmod 700 id_rsa_test

Now while i do ssh username@RMT_Machine
it prompts me for the password.

Let me know if i'm missing any steps.