Re: [PLUG] Transferring public key shows error
If you are using public key authentication (which you want), you need that turned on, not commented out. This stuff pretty much works out of the box, but it seems like you've figured out a way to screw it up. Generally speaking, putting it in a blender and pressing the puree button isn't the best way of figuring out how it works. On Thu, Apr 20, 2023 at 10:09 AM Rich Shepard wrote: > On Thu, 20 Apr 2023, Rich Shepard wrote: > > > Since the only two external servers to which I connect have my public > key, I > > don't need it locally. Yes? > > Not so. > > I commented out #PubkeyAuthentication yes on both salmo and caddis; > rebooted > both. > > From salmo: > $ ssh caddis > ssh: connect to host caddis port n: Connection refused > > From caddis: > $ ssh salmo > rshepard@salmo: Permission denied (public key) > > I'm totally stymied. > > Rich >
Re: [PLUG] Transferring public key shows error
On Thu, 20 Apr 2023, Rich Shepard wrote: Since the only two external servers to which I connect have my public key, I don't need it locally. Yes? Not so. I commented out #PubkeyAuthentication yes on both salmo and caddis; rebooted both. From salmo: $ ssh caddis ssh: connect to host caddis port n: Connection refused From caddis: $ ssh salmo rshepard@salmo: Permission denied (public key) I'm totally stymied. Rich
Re: [PLUG] Transferring public key shows error
On Thu, 20 Apr 2023, Russell Senior wrote: Without looking it up, passphrase is the encryption that protects the private key on the client system, so that the super user (or others able to read files) can't just read/copy your private key. Russell, Since the only two external servers to which I connect have my public key, I don't need it locally. Yes? If in the future I'm away from my office and need to check mail or get a file from my server (salmo) my risk of using my password rather than my passphrase should be low. The advice suggested by the internet is to check /var/log/auth.log on the server side (caddis) to see why it's rejecting your connection. Slackware has no auth.log since it's not on salmo or caddis. I'll disable password authentification on both hosts and try to connect between the two hosts. Thanks, Rich
Re: [PLUG] Transferring public key shows error
Without looking it up, passphrase is the encryption that protects the private key on the client system, so that the super user (or others able to read files) can't just read/copy your private key. The passphrase never leaves your machine, or the ssh process that is used to authenticate to the server. The advice suggested by the internet is to check /var/log/auth.log on the server side (caddis) to see why it's rejecting your connection. On Thu, Apr 20, 2023 at 9:31 AM Rich Shepard wrote: > On Thu, 20 Apr 2023, Russell Senior wrote: > > > "debug2: we did not send a packet, disable method" > > That seems relevant. > > Russell, > > To me, too. But, does that mean disable passphrase authentification in > /etc/ssh/sshd_config on both machines? > > If I do that what does it mean when I login to github or my website host, > both of which ask for, and accept, my passphrase. Are these two different > from intra-LAN ssh? > > Thanks, > > Rich > >
Re: [PLUG] Transferring public key shows error
On Thu, 20 Apr 2023, Russell Senior wrote: "debug2: we did not send a packet, disable method" That seems relevant. Russell, To me, too. But, does that mean disable passphrase authentification in /etc/ssh/sshd_config on both machines? If I do that what does it mean when I login to github or my website host, both of which ask for, and accept, my passphrase. Are these two different from intra-LAN ssh? Thanks, Rich
Re: [PLUG] Transferring public key shows error
"debug2: we did not send a packet, disable method" That seems relevant. On Thu, Apr 20, 2023, 06:57 Rich Shepard wrote: > On Wed, 19 Apr 2023, Russell Senior wrote: > > > I find it is pretty helpful to read the messages. If the messages are too > > terse, add verbose or debug flags. Then read what it says. > > Is there anything listening on caddis's port n? > > Russell, > > My apologies; I completely forgot to use the -v option to ssh. > > Looking at the output of 'ssh -vvv salmo' (because it has more details than > 1 or 2 vs) shows everything working until a public key packet is sent and > received, yet there's no reason I see why it quits then: > > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug3: receive packet: type 21 > debug1: SSH2_MSG_NEWKEYS received > debug2: set_newkeys: mode 0 > debug1: rekey in after 134217728 blocks > debug1: Will attempt key: /home/rshepard/.ssh/id_ed25519 ED25519 > SHA256:hYzUmycAbseyYetGxTEN+LN56sffyLVysiwVB7S3ZKQ > debug2: pubkey_prepare: done > debug3: send packet: type 5 > debug3: receive packet: type 7 > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: > server-sig-algs= > debug3: receive packet: type 6 > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug3: send packet: type 50 > debug3: receive packet: type 51 > debug1: Authentications that can continue: publickey > debug3: start over, passed a different list publickey > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering public key: /home/rshepard/.ssh/id_ed25519 ED25519 > SHA256:hYzUmycAbseyYetGxTEN+LN56sffyLVysiwVB7S3ZKQ > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > debug3: receive packet: type 51 > debug1: Authentications that can continue: publickey > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > rshepard@salmo: Permission denied (publickey). > [rshepard@caddis ~]$ > > Caddis' public key is in salmo's authorized_keys, and vice-versa. > > Rich >
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Russell Senior wrote: I find it is pretty helpful to read the messages. If the messages are too terse, add verbose or debug flags. Then read what it says. Is there anything listening on caddis's port n? Russell, My apologies; I completely forgot to use the -v option to ssh. Looking at the output of 'ssh -vvv salmo' (because it has more details than 1 or 2 vs) shows everything working until a public key packet is sent and received, yet there's no reason I see why it quits then: debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Will attempt key: /home/rshepard/.ssh/id_ed25519 ED25519 SHA256:hYzUmycAbseyYetGxTEN+LN56sffyLVysiwVB7S3ZKQ debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/rshepard/.ssh/id_ed25519 ED25519 SHA256:hYzUmycAbseyYetGxTEN+LN56sffyLVysiwVB7S3ZKQ debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. rshepard@salmo: Permission denied (publickey). [rshepard@caddis ~]$ Caddis' public key is in salmo's authorized_keys, and vice-versa. Rich
Re: [PLUG] Transferring public key shows error
I find it is pretty helpful to read the messages. If the messages are too terse, add verbose or debug flags. Then read what it says. Is there anything listening on caddis's port n? On Wed, Apr 19, 2023 at 2:56 PM Rich Shepard wrote: > On Wed, 19 Apr 2023, Russell Senior wrote: > > > So, you can use an editor to remove the offending line 2, and you'll be > > asked to accept the new hostkey the next time to connect. > > Russell, > > The authorized_keys on both hosts each contains the public key of the > other. > > The known_hosts on the laptop (caddis) contains only a key for salmo > created > at 14:42, when I tried to ssh from caddis to salmo. I could not: > > $ ssh salmo > The authenticity of host '[salmo]:n ([192.168.55.1]:n)' can't be > established. > ED25519 key fingerprint is > SHA256:/RInRdtcIMbpPu3LZmpg5wfAWi9ozQwgKLPnTQEDcxg. > This key is not known by any other names > Are you sure you want to continue connecting (yes/no/[fingerprint])? yes > Warning: Permanently added '[salmo]:n' (ED25519) to the list of known > hosts. > rshepard@salmo: Permission denied (publickey) > > Going the other way, from salmo to caddis (where salmo's known_hosts has > only caddis as an entry) also fails: > > $ ssh caddis > ssh: connect to host caddis port n: Connection refused > > With only two hosts on the network it shouldn't be this difficult to get > them to communicate. > > What am I still missing? > > Rich >
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Russell Senior wrote: So, you can use an editor to remove the offending line 2, and you'll be asked to accept the new hostkey the next time to connect. Russell, The authorized_keys on both hosts each contains the public key of the other. The known_hosts on the laptop (caddis) contains only a key for salmo created at 14:42, when I tried to ssh from caddis to salmo. I could not: $ ssh salmo The authenticity of host '[salmo]:n ([192.168.55.1]:n)' can't be established. ED25519 key fingerprint is SHA256:/RInRdtcIMbpPu3LZmpg5wfAWi9ozQwgKLPnTQEDcxg. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[salmo]:n' (ED25519) to the list of known hosts. rshepard@salmo: Permission denied (publickey) Going the other way, from salmo to caddis (where salmo's known_hosts has only caddis as an entry) also fails: $ ssh caddis ssh: connect to host caddis port n: Connection refused With only two hosts on the network it shouldn't be this difficult to get them to communicate. What am I still missing? Rich
Re: [PLUG] Transferring public key shows error
IMO it is best to use ssh-copy-id to transfer your public key. I have begun using: ssh-keygen -f "/home//.ssh/known_hosts" -R "" to remove ID's from my local .ssh/known_hosts file. The advantage of the first is that you don't accidentally copy your private key. The advantage of the second is that you don't accidentally remove a key that you didn't want gone. On Wed, Apr 19, 2023 at 2:39 PM Rich Shepard wrote: > On Wed, 19 Apr 2023, Russell Senior wrote: > > > Your client is complaining about the new host key. You need to remove the > > old hostkey from your *CLIENT'S* known_hosts file. The message is telling > > you what it doesn't like "Offending ED25519 key in > > /home/rshepard/.ssh/known_hosts:2". > > Russell, > > That's what I learned reading more about openssh. > > > So, you can use an editor to remove the offending line 2, and you'll be > > asked to accept the new hostkey the next time to connect. > > This answers the question I was about to ask: how to add a new host to > caddis' know_hosts file. I didn't know it was done automatically when I > connected to salmo. > > Thanks very much, > > Rich >
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Russell Senior wrote: Your client is complaining about the new host key. You need to remove the old hostkey from your *CLIENT'S* known_hosts file. The message is telling you what it doesn't like "Offending ED25519 key in /home/rshepard/.ssh/known_hosts:2". Russell, That's what I learned reading more about openssh. So, you can use an editor to remove the offending line 2, and you'll be asked to accept the new hostkey the next time to connect. This answers the question I was about to ask: how to add a new host to caddis' know_hosts file. I didn't know it was done automatically when I connected to salmo. Thanks very much, Rich
Re: [PLUG] Transferring public key shows error
Your client is complaining about the new host key. You need to remove the old hostkey from your *CLIENT'S* known_hosts file. The message is telling you what it doesn't like "Offending ED25519 key in /home/rshepard/.ssh/known_hosts:2". So, you can use an editor to remove the offending line 2, and you'll be asked to accept the new hostkey the next time to connect. -- Russell On Wed, Apr 19, 2023 at 2:23 PM Rich Shepard wrote: > On Wed, 19 Apr 2023, Rich Shepard wrote: > > > Should salmo's id_ed25519.pub be in caddis' .ssh/authorized_keys? > > I think that I found the problem: salmo's id_ed25519.pub has only one line > and it's for a host no longer on the LAN. > > So, I'll generate a new keypair for salmo, using the same passphrase, then > copy that public key to caddis. > > Well, when I somehow, unintentionally, FUBAR a host I don't do it halfway. > Sigh. > > More when I make these changes. > > Rich >
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Rich Shepard wrote: Should salmo's id_ed25519.pub be in caddis' .ssh/authorized_keys? I think that I found the problem: salmo's id_ed25519.pub has only one line and it's for a host no longer on the LAN. So, I'll generate a new keypair for salmo, using the same passphrase, then copy that public key to caddis. Well, when I somehow, unintentionally, FUBAR a host I don't do it halfway. Sigh. More when I make these changes. Rich
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Russell Senior wrote: There is also a config for the server: sshd_config Oy! I forgot about that. The sshd_config files in both salmo and caddis are the same and do require passphrase authentification. On caddis my ssh attempt still fails and I am not certain about which file on salmo needs correcting: rshepard@caddis ~]$ ssh salmo @@@ @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:/RInRdtcIMbpPu3LZmpg5wfAWi9ozQwgKLPnTQEDcxg. Please contact your system administrator. Add correct host key in /home/rshepard/.ssh/known_hosts to get rid of this message. Offending ED25519 key in /home/rshepard/.ssh/known_hosts:2 Host key for [salmo]:14982 has changed and you have requested strict checking. Host key verification failed. Should salmo's id_ed25519.pub be in caddis' .ssh/authorized_keys? Thanks, Rich
Re: [PLUG] Transferring public key shows error
There is also a config for the server: sshd_config On Wed, Apr 19, 2023, 13:14 Rich Shepard wrote: > On Wed, 19 Apr 2023, Paul Heinlein wrote: > > > It looks to me like sshd on salmo is configured to accept only public key > > authentication. It won't take your password. > > Paul, > > I was wrong. When I ssh into github or my website host I need to use my > passphrase. > > But, in both salmo's and caddis' /etc/ssh/ssh_config only > PasswordAuthentication yes > is set. I'm still getting that error. > > Regards, > > Rich >
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Paul Heinlein wrote: It looks to me like sshd on salmo is configured to accept only public key authentication. It won't take your password. Paul, I was wrong. When I ssh into github or my website host I need to use my passphrase. But, in both salmo's and caddis' /etc/ssh/ssh_config only PasswordAuthentication yes is set. I'm still getting that error. Regards, Rich
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Paul Heinlein wrote: It looks to me like sshd on salmo is configured to accept only public key authentication. It won't take your password. Paul, I know that, but I'm not offered a prompt for the passphrase and entering it instead of my password won't work. If you don't have local access to an SSH key already in your .ssh/authorized_keys file on salmo, well, you've locked yourself out. This is the first time I've tried to put another host's public key in salmo's .ssh/authorized_keys using scp. I'll go back to moving a copy across in a thumb drive. Thanks, Rich
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Rich Shepard wrote: Generated a key pair and, following the Slackware OpenSSH instructions tried to use scp to put the laptop's public key on the desktop: $ scp id_ed25519.pub rshep...@salmo.appl-ecosys.com:/home/rshepard/.ssh/authorized_keys The authenticity of host '[salmo.appl-ecosys.com]: ([192.168.55.1]:ED25519 key fingerprint is SHA256:/RInRdtcIMbpPu3LZmpg5wfAWi9ozQwgKLPnTQEDcxg. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[salmo.appl-ecosys.com]:14982' (ED25519) to the list of known hosts. rshep...@salmo.appl-ecosys.com: Permission denied (publickey). lost connection What have I done incorrectly here? It looks to me like sshd on salmo is configured to accept only public key authentication. It won't take your password. If you don't have local access to an SSH key already in your .ssh/authorized_keys file on salmo, well, you've locked yourself out. If you do have access to an SSH recognized by salmo, you'll need to load it locally before attempted the scp operation. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Transferring public key shows error
In that case you have a few options. 1. Enable password authentication on the desktop. 2. Move the key another way (email pubkey, pastebin, etc) 3. On your desktop, copy the key from your laptop. Using either password auth, or by adding an existing key to your laptop's authorised keys file. If you use GitHub you can see any public keys you've added to your account like so: https://github.com/borcean.keys Replacing 'borcean' with your username. On Wed, Apr 19, 2023 at 12:08 PM Rich Shepard wrote: > > On Wed, 19 Apr 2023, Jeffrey Borcean wrote: > > > Are you able to ssh into your desktop from the laptop? > > Jeffrey, > > Nope. That's what I'm trying to do. > > > It looks like the desktop is configured to use keys for > > authentication, but you don't have any trusted keys on the laptop. So > > you can't connect. > > I just used ssh-keygen to produce a new pair of ED25519 keys and a > passphrase. > > > If you have another key that is already autorised you can specify the > > key with: -i identiy_file > > This is a new installation on the laptop. > > Thanks, > > Rich
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Jeffrey Borcean wrote: Are you able to ssh into your desktop from the laptop? Jeffrey, Nope. That's what I'm trying to do. It looks like the desktop is configured to use keys for authentication, but you don't have any trusted keys on the laptop. So you can't connect. I just used ssh-keygen to produce a new pair of ED25519 keys and a passphrase. If you have another key that is already autorised you can specify the key with: -i identiy_file This is a new installation on the laptop. Thanks, Rich
Re: [PLUG] Transferring public key shows error
> rshep...@salmo.appl-ecosys.com: Permission denied (publickey). Are you able to ssh into your desktop from the laptop? It looks like the desktop is configured to use keys for authentication, but you don't have any trusted keys on the laptop. So you can't connect. If you have another key that is already autorised you can specify the key with: -i identiy_file
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Russell Senior wrote: What was your goal in copying the public key? Russell, Adding it to the desktop's authorized_keys file. Rich
Re: [PLUG] Transferring public key shows error
What was your goal in copying the public key? -- Russell Senior russ...@personaltelco.net On Wed, Apr 19, 2023, 11:05 Rich Shepard wrote: > Generated a key pair and, following the Slackware OpenSSH instructions > tried to use scp to put the laptop's public key on the desktop: > > $ scp id_ed25519.pub rshep...@salmo.appl-ecosys.com: > /home/rshepard/.ssh/authorized_keys > The authenticity of host '[salmo.appl-ecosys.com]: > ([192.168.55.1]: ED25519 key fingerprint is > SHA256:/RInRdtcIMbpPu3LZmpg5wfAWi9ozQwgKLPnTQEDcxg. > This key is not known by any other names > Are you sure you want to continue connecting (yes/no/[fingerprint])? yes > Warning: Permanently added '[salmo.appl-ecosys.com]:14982' (ED25519) to > the list of known hosts. > rshep...@salmo.appl-ecosys.com: Permission denied (publickey). > lost connection > > What have I done incorrectly here? > > TIA, > > Rich >
[PLUG] Transferring public key shows error
Generated a key pair and, following the Slackware OpenSSH instructions tried to use scp to put the laptop's public key on the desktop: $ scp id_ed25519.pub rshep...@salmo.appl-ecosys.com:/home/rshepard/.ssh/authorized_keys The authenticity of host '[salmo.appl-ecosys.com]: ([192.168.55.1]:
