On 10/26/2016 03:51 PM, Rich Shepard wrote: > On Tue, 25 Oct 2016, Rich Shepard wrote: > >> Having new installations of Slackware-14.2 on three hosts now (two more to >> go after I get these three fully functional), I want to change my ssh >> private and public keys using a new passphrase and type. > > Keeping the same thread going, I've read the ssh, sshd, ssh_config, > sshd_config, ssh-keygen, and ssh-agen man pages and searched the web for > usage examples and still have a few unanswered questions. > > On the desktop I generated a new ed25519 key pair. Wanting to set up > communications between this host and the ThinkPad I tried > > scp ~/.ssh/id_ed25519.pub typha:.ssh > > (and a couple of different references to the remote host) but the connection > was refused. > > I copied the public key to a USB thumb drive and manually installed it in > typha: ~/.ssh. > > Then, logged into typha, I tried to scp ~/ from the desktop. Openssh told > me it didn't recognize the remote machine and asked it I wanted to continue. > I responded, "yes," and the public key was added to the ThinkPad's > authorized_hosts file, but the connection was refused. Is the next step to > specify verbotisty levels, e.g., 'ssh -vv <remote_host>'? > > On a related issue, as authorized_hosts holds public keys from remote > hosts, and I'm essentially starting from a clean slate with the portables > and the desktop, can I remove that old file from the desktop's ~/.ssh/ and > start over again when I use ssh/scp from a portable to the desktop? > > On another related OpenSSH issue: ssh-agent. I've not before used it but > it looks useful. If I understand the man page, I run it on hosts that will > remotely connect to the desktop (the portables) so when they boot they'll > have the public key available to all shells and I'll not need to enter my > pass phrase each time I want to establish a secure connection. Is this > correct? Should I also run it on the desktop? > > Rich
Take a gander at the tool ssh-copy-id which is pretty slick way to copy your keys into place. If the key isn't being recognized, you may have a permissions issue, so eyeball the mode for the file and the .ssh directory and make sure it's restrictive enough. Too permissive, and I believe SSH ignores the directory/files for authentication. Using the verbose ssh command should help provide some insight as well. dafr _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
