On Fri, Feb 24, 2017 at 2:53 PM, King Beowulf <[email protected]> wrote:
> On 02/24/2017 02:16 PM, Rich Shepard wrote: > > On Fri, 24 Feb 2017, King Beowulf wrote: > > > >> for ssh or scp (cp over ssh), you only need one pub key for the > >> connection to work. NOT the ones in /etc/ssh. One of the ones in > ~/.ssh > > > > Ed, > > > > Here's what I've done; there's still something left for me to do. > > > > On laptop: > > > > 1) ssh-keygen (using same passphrase as on other hosts). > > 2) ssh-add > > 3) tried ssh-copy-id to desktop but was denied. > > 4) copied ~/.ssh/id_ed25519.pub to thumb drive. > > 5) added desktop's ~/.ssh/id_25519.pub to laptop's ~/.ssh/known_hosts. > > > No, not in "known_hosts", forget "known_hosts". That file is NOT used > to authenticate user login. > > > On desktop: > > > > 1) added laptop's ~/.ssh/id_ed25519.pub to ~/.ssh/known_hosts. > > > No. See above. Doing this can prevent you from accessing the computers > remotely > > > >> cat laptop_key.pub > ~/.ssh/authorized_keys > > > > Now I'm confused about what should be in each host's > > ~/.ssh/authorized_keys and ~/.ssh/known_hosts. > > 1. take the LAPTOP id_ed25519.pub key and put it in DESKTOP > ~/.ssh/authorized_keys > > 2. take the DESKTOP *.pub key and put it in LAPTOP ~/.ssh/authorized_keys > > Note that even if you use the same passphrase, the private keys for each > computer are unique. also, you need to generate the keys as a USER not > ROOT! > > Is there any reason why the public and private keys need to be different on the different computers? (Purely out of curiosity about the technical implementation.) It seems like you could create them on one computer and copy paste to the relevant files to make them both the same. I don't see any benefit to doing this, and some possible security risks, depending on the situation, but I'm just curious. I have had a couple instances where I actually needed to create the keys as root as well. I was using rsync with sudo, (and the files were owned by a different user for Owncloud) so I had to have root create the keys, since that was what would be running the ssh transfer. Well, there might have been other options, I really don't know, but setting it up that way took care of it for me. Once I got it working I stopped looking for other ways to do it. :) > now just from laptop > > ssh -i id_ed25519 rshepard@desktop > > > > > > Do the id_ed25519.pub files from one host belong in the > authorized_keys > > files on other hoste? If so, what goes in the known_hosts file in each > host? > known_hosts is just used to say you TRUST the remote computer. > authorized_keys tells the host what remote user is allowed to login. > > > > > Getting there, > > > > Rich > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
