On Tue, 8 Nov 2016, Tom wrote: > First of all, you only modified .ssh content on remote hosts: > 1. when connecting to remote host the only thing which matters is > that your local public key (id_ed25519.pub) line is in the appropriate > remote authorized_keys file; AND you have the equivalent private key > file (id_ed25519) in your local .ssh/; AND you know the correct > passphrase.
Tom, I thought copying authorized_keys would put the remote's public key back on itself. I'll fix that. > This is most likely not your problem, but: If your client (ssh) or remote > server (sshd) do not use id_ed25519*, only id_dsa --> check if id_ed25519 > is not disabled in ~/.ssh/sshd_config or on remote side in > /etc/ssh/ssh_config No. No. No. I created keys using only id_ed25519. That's why I don't understand where ssh is finding id_dsa since it does not exist on either host. > About your password and seed conundrum - ssh uses challenge response > protocol for authentication. Your passwords or keys are not transmitted > - which means that, if you like chaos, you could have different > passwords for the same private key files on different hosts. The > password is only used to unlock your private key, so that you can > decrypt the challenge from the remote host on your local machine and > prove that you can decrypt the challenge to the remote host by sending > it back encrypted by remote machine's public key. I hope that this > explanation makes sense and it is not circular. I see I'm still not clearly communicating. Let me try again. The server (salmo) has id_ed25519 and id_ed25519.pub generated by locally ssh-keygen. The authorized_keys file contains my public key from the portable (typha). I can successfully connect from salmo to typha via ssh after entering my passphrase. (Haven't added it to typha's ssh-agent yet.) The portable (typha) has id_ed25519 and id_ed25519.pub copied from the server (salmo) and authorized_keys has my public key from the server (salmo). When I try to connect from here to the server I get the rejection message, "Connection refused (publickey)." With extra verbosity on the command line I get the output included in the earlier message. I hope this is more succinct. Thanks, Rich _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
