Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Igor Pokrovsky
On Wed, Aug 13, 2008 at 05:35:29PM -0700, Gavin Spomer wrote:
 I hope this isn't an invalid topic for this list. I'm on so many lists and I 
 hate to join another one just to get help on one thing. Apologies if it's not.
 
 I am able to use ssh-keygen to generate keys so that I can ssh from my Mac to 
 any of my SuSE systems or ssh from my Mac to any of my FreeBSD systems, 
 without having to enter my password. When I try the same thing from a SuSE 
 system to a FreeBSD system, (I.E. I run ssh-keygen -t rsa on the SuSE 
 system, then copy the id_rsa.pub to my ~/.ssh/authorized_keys file on the 
 FreeBSD system) I get the following message when ssh-ing to the FreeBSD 
 system:
 
Enter passphrase for key '/home/myusername/.ssh/id_rsa':
 
 ... and I have to enter my password. I've Googled, but can't seem to find the 
 answer to my dilemma. Is it generally kind of a pain to do this between 
 platforms? I'm finally very comfortable on FreeBSD and am starting to really 
 get annoyed with SuSE. :(

You can generate keys with empty pass phrase, so it won't be asked ;-)

-ip
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 Lyndon Nerenberg [EMAIL PROTECTED] 08/13/08 7:10 PM 
 You need to start an ssh-agent on the machine you're connecting from and 
 populate it with your keychain:
 
   eval `ssh-agent`
   ssh-add
 
 Add the above to your .profile, or check the Linux PAM implementation to 
 see if it has ssh session support.
 
 --lyndon

Thanks.

That made it possible for me to ssh from SuSE server to FreeBSD server, but now 
when I ssh from my Mac to SuSE server it wants a password now:

   Enter passphrase for /home/myusername/.ssh/id_rsa:

I read the FreeBSD handbook section 14.11.7 ssh-agent and ssh-add and don't 
have anything much more intelligent to say but I don't understand. ;)

Questions:

   1. If the ssh-agent and ssh-add utilities load the keys into memory, they'd 
be wiped if I rebooted?

   2. Is #1 why I'd add it to my ~/.profile?

   3. How am I able to ssh (without a password) from my Mac to SuSE server or 
Mac to FreeBSD server when I don't have
   eval `ssh-agent` and ssh-add in my .profile on my Mac?


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Paul Schmehl [EMAIL PROTECTED] 08/13/08 7:18 PM 
 --On August 13, 2008 5:35:29 PM -0700 Gavin Spomer [EMAIL PROTECTED] wrote:
  I am able to use ssh-keygen to generate keys so that I can ssh from my
  Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD
  systems, without having to enter my password. When I try the same thing
  from a SuSE system to a FreeBSD system, (I.E. I run ssh-keygen -t rsa
  on the SuSE system, then copy the id_rsa.pub to my
  ~/.ssh/authorized_keys file on the FreeBSD system) I get the following
  message when ssh-ing to the FreeBSD system:
 
 Enter passphrase for key '/home/myusername/.ssh/id_rsa':
 
 Just to be clearyou're saying that your key pass*phrase* doesn't work 
 and you have to type your pass*word* in instead?  Or did you make all your 
 previous keys passphrase-less and add a passphrase to this one?
 
 Paul Schmehl

Uh, not sure. Head spinning now. ;)

1. I have a Mac, SuSE server and a FreeBSD server.
2. I can ssh from my Mac to SuSE server without having to type in my password.
3. I can ssh from my Mac to FreeBSD server without having to type in my 
password.
4. I can do #2 and #3 above because I ran ssh-keygen -t rsa on my Mac and 
copied the id_rsa.pub to my ~/.ssh/authorized_keys files on the SuSE and 
FreeBSD servers.
5. I ran the same ssh-keygen -t rsa on the SuSE server and copied the 
id_rsa.pub to the FreeBSD.
6. I canNOT ssh from the SuSE server to the FreeBSD server withOUT typing in my 
password.
7. When I ssh from SuSE server to FreeBSD server, I get prompted:
  Enter passphrase for key '/home/myusername/.ssh/id_rsa':
8. I want to be able to ssh from SuSE server to FreeBSD server because I want 
to run scp via a cron job.

I noticed you made a distinction between password and passphrase. Could you 
please explain the difference?

- Gavin
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 It's not asking for your password. It's asking for your passphrase to
 decrypt your private key. Are you running an ssh-agent on the Suse
 system? 
 -- 
 R. Kevin Oberman

Aha! Thanks, Kevin. Things are clicking in my brain and I grok now. I just 
remembered that when I did ssh-keygen on my mac and then ssh'd to my servers, 
it stored the passPHRASE (right?) in my Mac's Keychain too.

Thanks everyone.

For further reference, can anyone clearly define what topics are valid for this 
list?

- Gavin


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Igor Pokrovsky [EMAIL PROTECTED] 08/14/08 8:22 AM 
  ... and I have to enter my password. I've Googled, but can't seem to find 
  the answer to my dilemma. Is it generally kind of a pain to do this between 
  platforms? I'm finally very comfortable on FreeBSD and am starting to 
  really get annoyed with SuSE. :(
 
 You can generate keys with empty pass phrase, so it won't be asked ;-)
 
 -ip

Yes, this works. Any security concerns with doing this?

- Gavin
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Pollywog
On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote:
  Lyndon Nerenberg [EMAIL PROTECTED] 08/13/08 7:10 PM 
 
  You need to start an ssh-agent on the machine you're connecting from and
  populate it with your keychain:
 
  eval `ssh-agent`
  ssh-add
 
  Add the above to your .profile, or check the Linux PAM implementation to
  see if it has ssh session support.
 
  --lyndon

 Thanks.

 That made it possible for me to ssh from SuSE server to FreeBSD server, but
 now when I ssh from my Mac to SuSE server it wants a password now:

Enter passphrase for /home/myusername/.ssh/id_rsa:

 I read the FreeBSD handbook section 14.11.7 ssh-agent and ssh-add and
 don't have anything much more intelligent to say but I don't understand.
 ;)

 Questions:

1. If the ssh-agent and ssh-add utilities load the keys into memory,
 they'd be wiped if I rebooted?

Yes, rebooting will take the keys out of memory and you would need to 
use 'ssh-add' on the command line to put the keys and passphrase in memory.
The 'ssh-add -D' command removes the keys when you are done but are not 
logging out.


2. Is #1 why I'd add it to my ~/.profile?

This is so that ssh-agent is set when you login at a console.  I don't know 
about Mac but some Linux distributions have session scripts so that this is 
done for you when you start a KDE session.  I don't believe ~/.profile will 
be read unless you login at a console or xterm or similar.

When you add stuff to your ~/.profile, I recommend doing it on a separate 
account first.  I once added those lines on a Linux system and was locked out 
on that account but I was able to get in with another account, su to root, 
and remove the lines in the affected user ~/.profile and then I was no longer 
locked out.

3. How am I able to ssh (without a password) from my Mac to SuSE server
 or Mac to FreeBSD server when I don't have eval `ssh-agent` and ssh-add
 in my .profile on my Mac?

You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until 
you have generated your SSH keys with:

ssh-keygen -t rsa -b 1024
or
ssh-keygen -t dsa -b 1024

or similar.  Until you do that, you have to use your login password and cannot 
use a passphrase since you have not set one.  Setting the passphrase is part 
of the process of generating your SSH keys.

BTW I do not know if you are using the keychain utility.  Be very careful 
with it.  It can be confusing.  I found it inconvenient to use and no longer 
use it.

There are some fine SSH tutorials online, I believe OnLamp has some.  Just 
make sure they are not more than about 3 yrs old.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Marian Hettwer
Hi Gavin,

On Thu, 14 Aug 2008 08:30:47 -0700, Gavin Spomer [EMAIL PROTECTED] wrote:
 
 
 Uh, not sure. Head spinning now. ;)
 
 1. I have a Mac, SuSE server and a FreeBSD server.
 2. I can ssh from my Mac to SuSE server without having to type in my
 password.
 3. I can ssh from my Mac to FreeBSD server without having to type in my
 password.
 4. I can do #2 and #3 above because I ran ssh-keygen -t rsa on my Mac
 and copied the id_rsa.pub to my ~/.ssh/authorized_keys files on the SuSE
 and FreeBSD servers.
 5. I ran the same ssh-keygen -t rsa on the SuSE server and copied the
 id_rsa.pub to the FreeBSD.
 6. I canNOT ssh from the SuSE server to the FreeBSD server withOUT typing
 in my password.
 7. When I ssh from SuSE server to FreeBSD server, I get prompted:
   Enter passphrase for key '/home/myusername/.ssh/id_rsa':
From your Suse, try to run the ssh commando with -v or even -vv or -vvv
to get debugging output.
If you can't figure out what the debugging output wants to tell you, send
it to the list.
But complete, copy 'n' paste please :)

I'm not quite sure right now why you're using rsa keys. I'm always using
dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for
ssh version 1, while dsa keys are for ssh version 2.
But I could be wrong here ;)
No man ssh handy right now, sorry.

 8. I want to be able to ssh from SuSE server to FreeBSD server because I
 want to run scp via a cron job.

understood.
 
 I noticed you made a distinction between password and passphrase. Could
 you please explain the difference?

Well, when you generate a rsa or dsa key, you get asked to enter a
passphrase for that key.
So a passphrase is basically the password to your ssh key.
While the password is the real password of the local user you're trying to
be. Like ssh [EMAIL PROTECTED], the password would be the password of the user 
foo at
host bar.
And since everybody likes to know wether someone is talking about the
password of a ssh key or the password of a local user, you say passphrase
to keys and password to local users.
That's how I would explain it :))

Cheers,
Marian

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Pollywog [EMAIL PROTECTED] 08/14/08 9:32 AM 
 On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote:
   Lyndon Nerenberg [EMAIL PROTECTED] 08/13/08 7:10 PM 
  
   You need to start an ssh-agent on the machine you're connecting from and
   populate it with your keychain:
  
 eval `ssh-agent`
 ssh-add
  
   Add the above to your .profile, or check the Linux PAM implementation to
   see if it has ssh session support.
  
   --lyndon
 
  Thanks.
 
  That made it possible for me to ssh from SuSE server to FreeBSD server, but
  now when I ssh from my Mac to SuSE server it wants a password now:
 
 Enter passphrase for /home/myusername/.ssh/id_rsa:
 
  I read the FreeBSD handbook section 14.11.7 ssh-agent and ssh-add and
  don't have anything much more intelligent to say but I don't understand.
  ;)
 
  Questions:
 
 1. If the ssh-agent and ssh-add utilities load the keys into memory,
  they'd be wiped if I rebooted?
 
 Yes, rebooting will take the keys out of memory and you would need to 
 use 'ssh-add' on the command line to put the keys and passphrase in memory.
 The 'ssh-add -D' command removes the keys when you are done but are not 
 logging out.
 
 
 2. Is #1 why I'd add it to my ~/.profile?
 
 This is so that ssh-agent is set when you login at a console.  I don't know 
 about Mac but some Linux distributions have session scripts so that this is 
 done for you when you start a KDE session.  I don't believe ~/.profile will 
 be read unless you login at a console or xterm or similar.
 
 When you add stuff to your ~/.profile, I recommend doing it on a separate 
 account first.  I once added those lines on a Linux system and was locked out 
 on that account but I was able to get in with another account, su to root, 
 and remove the lines in the affected user ~/.profile and then I was no longer 
 locked out.
 
 3. How am I able to ssh (without a password) from my Mac to SuSE server
  or Mac to FreeBSD server when I don't have eval `ssh-agent` and ssh-add
  in my .profile on my Mac?
 
 You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work 
 until 
 you have generated your SSH keys with:
 
 ssh-keygen -t rsa -b 1024
 or
 ssh-keygen -t dsa -b 1024
 
 or similar.  Until you do that, you have to use your login password and 
 cannot 
 use a passphrase since you have not set one.  Setting the passphrase is part 
 of the process of generating your SSH keys.
 
 BTW I do not know if you are using the keychain utility.  Be very careful 
 with it.  It can be confusing.  I found it inconvenient to use and no longer 
 use it.
 
 There are some fine SSH tutorials online, I believe OnLamp has some.  Just 
 make sure they are not more than about 3 yrs old.

All good information. Thanks. I will save this for future reference. :)
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Paul Saab [EMAIL PROTECTED] 08/14/08 9:41 AM 
 look at your permissions in ~/.ssh on the freebsd box.  Make sure your home
 directory does not have insecure permissions and .ssh + all the files in
 there are not writable by anyone else.

No worries there. Thanks. 
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Lyndon Nerenberg
That made it possible for me to ssh from SuSE server to FreeBSD server, 
but now when I ssh from my Mac to SuSE server it wants a password now:


ssh-agent holds your keys in memory for you, and provides them to remote 
systems when needed. You need to run it on each system you log in to.


If you have a single workstation you normally use, start ssh-agent there 
and set your ssh client to forward keys to remote systems.


DOn't you have a local IT helpdesk? This is pretty basic stuff that they 
should have documentation for.

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Marian Hettwer [EMAIL PROTECTED] 08/14/08 9:43 AM 
 Hi Gavin,
 From your Suse, try to run the ssh commando with -v or even -vv or -vvv
 to get debugging output.
 If you can't figure out what the debugging output wants to tell you, send
 it to the list.
 But complete, copy 'n' paste please :)

Sure, no problem: (edited)

[EMAIL PROTECTED]:~ ssh -v [EMAIL PROTECTED]
OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to freebsdserver [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/myusername/.ssh/id_rsa type -1
debug1: identity file /home/myusername/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 
FreeBSD-20061110
debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server-client aes128-cbc hmac-md5 none
debug1: kex: client-server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'freebsdserver' is known and matches the DSA host key.
debug1: Found key in /home/myusername/.ssh/known_hosts:6
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/myusername/.ssh/id_rsa
debug1: Trying private key: /home/myusername/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Thu Aug 14 10:08:12 2008 from suseserver
 .
[snip]
 .
Welcome to FreeBSD!
 .
[snip]
 .
[EMAIL PROTECTED] ~]$

 I'm not quite sure right now why you're using rsa keys. I'm always using
 dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for
 ssh version 1, while dsa keys are for ssh version 2.
 But I could be wrong here ;)
 No man ssh handy right now, sorry.

If that's true, then I believe I will start using the dsa ones! I think I chose 
rsa because the FreeBSD manual indicated I could use either and I could only 
find settings for enabling rsa in sshd_config on the remote servers, but I'll 
look again...

  I noticed you made a distinction between password and passphrase. Could
  you please explain the difference?
 
 Well, when you generate a rsa or dsa key, you get asked to enter a
 passphrase for that key.
 So a passphrase is basically the password to your ssh key.
 While the password is the real password of the local user you're trying to
 be. Like ssh [EMAIL PROTECTED], the password would be the password of the 
 user foo at
 host bar.
 And since everybody likes to know wether someone is talking about the
 password of a ssh key or the password of a local user, you say passphrase
 to keys and password to local users.
 That's how I would explain it :))

Good explanation. I grok, I grok. :D

 Cheers,
 Marian
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Lyndon Nerenberg [EMAIL PROTECTED] 08/14/08 9:47 AM 
 DOn't you have a local IT helpdesk? This is pretty basic stuff that they 
 should have documentation for.

Well, I admit I still have more things to learn, even though I've been the 
admin of my own Linux servers for 3 years and FreeBSD for... can't remember, 
but not quite as long, but I'm not gonna pester my colleagues for something 
like this, about my own servers! ;)

My background is more in programming as I have a CS degree in software design. 
Still learning in that area too! We are all, always learning. (hopefully)

Genuine thanks for the suggestion though.

- Gavin
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Ronald Klop

On Thu, 14 Aug 2008 19:25:09 +0200, Gavin Spomer [EMAIL PROTECTED] wrote:

[snip]


I'm not quite sure right now why you're using rsa keys. I'm always using
dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for
ssh version 1, while dsa keys are for ssh version 2.
But I could be wrong here ;)
No man ssh handy right now, sorry.


If that's true, then I believe I will start using the dsa ones! I think  
I chose rsa because the FreeBSD manual indicated I could use either and  
I could only find settings for enabling rsa in sshd_config on the remote  
servers, but I'll look again...


This story about rsa and dsa is not true.
Rsa wasn't free (patents or something else) until a few years ago. So  
everybody used dsa. But since quite some time it doesn't matter what you  
use. I don't know about advantages of one above the other. In daily use  
they are the same.


Ronald.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Ronald Klop

On Thu, 14 Aug 2008 19:31:12 +0200, Gavin Spomer [EMAIL PROTECTED] wrote:




Lyndon Nerenberg [EMAIL PROTECTED] 08/14/08 9:47 AM 

DOn't you have a local IT helpdesk? This is pretty basic stuff that they
should have documentation for.


Well, I admit I still have more things to learn, even though I've been  
the admin of my own Linux servers for 3 years and FreeBSD for... can't  
remember, but not quite as long, but I'm not gonna pester my colleagues  
for something like this, about my own servers! ;)


My background is more in programming as I have a CS degree in software  
design. Still learning in that area too! We are all, always learning.  
(hopefully)


Genuine thanks for the suggestion though.

- Gavin


Funny, you don't 'pester' your colleagues but do e-mail a couple of  
thousand people on this mailinglist. Communication is a weird thing. :-)


Ronald.

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Ronald Klop [EMAIL PROTECTED] 08/14/08 10:34 AM 
  I'm not quite sure right now why you're using rsa keys. I'm always using
  dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for
  ssh version 1, while dsa keys are for ssh version 2.
  But I could be wrong here ;)
  No man ssh handy right now, sorry.
 
  If that's true, then I believe I will start using the dsa ones! I think  
  I chose rsa because the FreeBSD manual indicated I could use either and  
  I could only find settings for enabling rsa in sshd_config on the remote  
  servers, but I'll look again...
 
 This story about rsa and dsa is not true.
 Rsa wasn't free (patents or something else) until a few years ago. So  
 everybody used dsa. But since quite some time it doesn't matter what you  
 use. I don't know about advantages of one above the other. In daily use  
 they are the same.
 
 Ronald.

Thanks for more info. Maybe some people think that because of the following 
lines in sshd.config?

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

Although the 2nd line *doesn't* read #HostKey /etc/ssh/ssh_host_rsa_key, 
maybe people are associating dsa with protocol 2 because of the 3rd and 4th 
lines?
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-14 Thread Gavin Spomer
 
 Ronald Klop [EMAIL PROTECTED] 08/14/08 10:36 AM 
  Well, I admit I still have more things to learn, even though I've been  
  the admin of my own Linux servers for 3 years and FreeBSD for... can't  
  remember, but not quite as long, but I'm not gonna pester my colleagues  
  for something like this, about my own servers! ;)
 
  My background is more in programming as I have a CS degree in software  
  design. Still learning in that area too! We are all, always learning.  
  (hopefully)
 
  Genuine thanks for the suggestion though.
 
  - Gavin
 
 Funny, you don't 'pester' your colleagues but do e-mail a couple of  
 thousand people on this mailinglist. Communication is a weird thing. :-)
 
 Ronald.

LOL! Okay, fair enough. I concede, you got me there. :)

(I LOVE pestering y'all though!)


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: ssh-keygen between SuSE and FreeBSD

2008-08-13 Thread Paul Schmehl

--On August 13, 2008 5:35:29 PM -0700 Gavin Spomer [EMAIL PROTECTED] wrote:


I hope this isn't an invalid topic for this list. I'm on so many lists
and I hate to join another one just to get help on one thing. Apologies
if it's not.

I am able to use ssh-keygen to generate keys so that I can ssh from my
Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD
systems, without having to enter my password. When I try the same thing
from a SuSE system to a FreeBSD system, (I.E. I run ssh-keygen -t rsa
on the SuSE system, then copy the id_rsa.pub to my
~/.ssh/authorized_keys file on the FreeBSD system) I get the following
message when ssh-ing to the FreeBSD system:

   Enter passphrase for key '/home/myusername/.ssh/id_rsa':

... and I have to enter my password. I've Googled, but can't seem to
find the answer to my dilemma. Is it generally kind of a pain to do this
between platforms? I'm finally very comfortable on FreeBSD and am
starting to really get annoyed with SuSE. :(



Just to be clearyou're saying that your key pass*phrase* doesn't work 
and you have to type your pass*word* in instead?  Or did you make all your 
previous keys passphrase-less and add a passphrase to this one?


Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
**
WARNING: Check the headers before replying


Re: ssh-keygen between SuSE and FreeBSD

2008-08-13 Thread Kevin Oberman
Format recovered. A newline every 72-75 characters would be more polite.

 Date: Wed, 13 Aug 2008 17:35:29 -0700
 From: Gavin Spomer [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]
 
 I hope this isn't an invalid topic for this list. I'm on so many lists
 and I hate to join another one just to get help on one
 thing. Apologies if it's not.
 
 I am able to use ssh-keygen to generate keys so that I can ssh from my
 Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD
 systems, without having to enter my password. When I try the same
 thing from a SuSE system to a FreeBSD system, (I.E. I run ssh-keygen
 -t rsa on the SuSE system, then copy the id_rsa.pub to my
 ~/.ssh/authorized_keys file on the FreeBSD system) I get the following
 message when ssh-ing to the FreeBSD system:
 
Enter passphrase for key '/home/myusername/.ssh/id_rsa':
 
 ... and I have to enter my password. I've Googled, but can't seem to
 find the answer to my dilemma. Is it generally kind of a pain to do
 this between platforms? I'm finally very comfortable on FreeBSD and am
 starting to really get annoyed with SuSE. :(

It's not asking for your password. It's asking for your passphrase to
decrypt your private key. Are you running an ssh-agent on the Suse
system? 

If this does not point you in the right direction, try running ssh
-v. This MAY give us an idea of the problem, though the debug data from
the server would be better.

MacOS X uses the FreeBSD user environment, so it should work the same
under FreeBSD as it does on the Mac.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED]   Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751


pgpPCPdF6DUcq.pgp
Description: PGP signature