Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On 02/24/2017 06:41 PM, Erik Lane wrote: snip- >> >> > Is there any reason why the public and private keys need to be different on > the different computers? (Purely out of curiosity about the technical > implementation.) It seems like you could create them on one computer and > copy paste to the relevant files to make them both the same. I don't see > any benefit to doing this, and some possible security risks, depending on > the situation, but I'm just curious. Best practice is to have each host have its own key pair. If ssh stays on your internal network and is not connected to the internet, you can get by with a common set. With a unique set you can track logs to see if anyone tries to get in... > > I have had a couple instances where I actually needed to create the keys as > root as well. I was using rsync with sudo, (and the files were owned by a > different user for Owncloud) so I had to have root create the keys, since > that was what would be running the ssh transfer. Well, there might have > been other options, I really don't know, but setting it up that way took > care of it for me. Once I got it working I stopped looking for other ways > to do it. :) > having root do anything on the "cloud" (esp the way some distros configure sudo) is absolutely insane. Nuts. Bonkers. As computer users, we all need to be more proactive regarding security. Just look at the news (No, not about Trump: the REAL news!) to notice all the network security breaches of late. After all, we don't leave the house unlocked, do we? In the 21st Century locking down your computer is just as important, nay, more so. Your personal data is very valuable. More valuable than that new 4K TV or fancy stereo rig. Enough ranting for a Friday night! Have fun -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
I apologize for contributing to further confusion. I have not realized that you had two different email threads with different subjects going on the same topic. I should have staid out of it with so many messages in flight. Maybe, it would help to re-read the man page for ssh and make some notes for the next time... That is what I do with confusing and infrequent issues... Perhaps even automate the setup, so that you can easily reset the configuration. Tomas On Fri, 2017-02-24 at 14:46 -0800, Rich Shepard wrote: > On Fri, 24 Feb 2017, Tom wrote: > > > a) Yes it will wipe all existing entries from known_hosts file, but > > they will be all recreated when you login to those hosts again in > > the > > future. > > Tom, > >I thought this is the case when I moved the public key files to > authorized_keys and found instant connection from the laptop to the > desktop > with ssh. Whew! I thought I had this all configured when I replaced > the hard > drive on the laptop with a 500G SSD and installed Slackware > -14.2/x86_64 on > it. Obviously, I did not set up ssh keys at that time. > > Much appreciated, > > Rich > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
Hi Denis, Need to run to remove unused old versions of kernels and other packages? Run: sudo apt autoremove --purge That should fix that for you automagically. If you want to prevent the problem happening in the future without remembering the command, you can configure it by following this guide: http://ubuntuhandbook.org/index.php/2016/05/remove-old-kernels-ubuntu-1 6-04/ I just run the "autoremove" command whenever I remember, one a year maybe. Hope it helps, Tomas On Fri, 2017-02-24 at 07:57 -0800, Denis Heidtmann wrote: > The last time this happened Tomas told me what to do, but I did not > write > it down and my mind is a sieve. What is the solution? There are 9 > archived images. How do I safely throw out the older ones? > > Thanks, > -Denis > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On Fri, Feb 24, 2017 at 2:53 PM, King Beowulfwrote: > On 02/24/2017 02:16 PM, Rich Shepard wrote: > > On Fri, 24 Feb 2017, King Beowulf wrote: > > > >> for ssh or scp (cp over ssh), you only need one pub key for the > >> connection to work. NOT the ones in /etc/ssh. One of the ones in > ~/.ssh > > > > Ed, > > > >Here's what I've done; there's still something left for me to do. > > > >On laptop: > > > >1) ssh-keygen (using same passphrase as on other hosts). > >2) ssh-add > >3) tried ssh-copy-id to desktop but was denied. > >4) copied ~/.ssh/id_ed25519.pub to thumb drive. > >5) added desktop's ~/.ssh/id_25519.pub to laptop's ~/.ssh/known_hosts. > > > No, not in "known_hosts", forget "known_hosts". That file is NOT used > to authenticate user login. > > >On desktop: > > > >1) added laptop's ~/.ssh/id_ed25519.pub to ~/.ssh/known_hosts. > > > No. See above. Doing this can prevent you from accessing the computers > remotely > > > >> cat laptop_key.pub > ~/.ssh/authorized_keys > > > >Now I'm confused about what should be in each host's > > ~/.ssh/authorized_keys and ~/.ssh/known_hosts. > > 1. take the LAPTOP id_ed25519.pub key and put it in DESKTOP > ~/.ssh/authorized_keys > > 2. take the DESKTOP *.pub key and put it in LAPTOP ~/.ssh/authorized_keys > > Note that even if you use the same passphrase, the private keys for each > computer are unique. also, you need to generate the keys as a USER not > ROOT! > > Is there any reason why the public and private keys need to be different on the different computers? (Purely out of curiosity about the technical implementation.) It seems like you could create them on one computer and copy paste to the relevant files to make them both the same. I don't see any benefit to doing this, and some possible security risks, depending on the situation, but I'm just curious. I have had a couple instances where I actually needed to create the keys as root as well. I was using rsync with sudo, (and the files were owned by a different user for Owncloud) so I had to have root create the keys, since that was what would be running the ssh transfer. Well, there might have been other options, I really don't know, but setting it up that way took care of it for me. Once I got it working I stopped looking for other ways to do it. :) > now just from laptop > > ssh -i id_ed25519 rshepard@desktop > > > > > >Do the id_ed25519.pub files from one host belong in the > authorized_keys > > files on other hoste? If so, what goes in the known_hosts file in each > host? > known_hosts is just used to say you TRUST the remote computer. > authorized_keys tells the host what remote user is allowed to login. > > > > > Getting there, > > > > Rich > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Looking for Recruiter Recommendations
Have to give it some thought... I recall applying for a field service job servicing automatic barriers, like those used in secure facilities and embassies. The ones that pop up out of the ground. I submitted my resume on line, two minutes go by and I get a call, "can you come to our office in Clearwater, (FL) tomorrow?" I told them yes as I lived in Tampa at that time and it was just a drive across the bay. Went to the interview the next day everyone wanted to talk to me from the owner down. They made me an offer that matched what I was making at the old place of employment (which had got rid of all of the USA and EU FSE's because they were hiring them out of SE. Asia at wicked cheap rates). They told me I was the guy they needed, and that they just had to go through the act if interviewing, I got a couple of calls over the next 3 days that all was going well and I would be back in there the next week to do paper work. Then they went dark. I let a week go by and called. They told me that they had found a guy to do the job for $35K/year and had hired him. Turns out right after they hired him they shipped him off to Iraq to work on automated barriers there. FOR $35K/year. Glad I did NOT get it because they would have had to pay me a LOT more than that to go to Iraq... That technology had all kinds of electronics and PLC's associated with it, there were cameras and image recognition, neat stuff. On Fri, Feb 24, 2017 at 3:50 PM, Jonas Augustowrote: > Write it all, please. I am curious > > On 24 Feb 2017 15:46, "Chuck Hast" wrote: > > > Ha! I lost my job back at the end of Sept. I have been doing all of the > > usual > > stuff too. No joy! I think that most of them want entry level people and > > when > > they see my resume they know that I will probably not stay around long be > > cause they are not paying enough, so they do not even worry, or I get the > > usual "we have looked at your resume you are very good but we have > decided > > to go with another party". > > > > Another one I am running into is the "We are sorry to inform you that we > > lost > > the funding for the position" so we will not be hiring anyone... Why did > > you offer > > in the first place? > > > > I am a field service guy used to heavy travel, have a passport and global > > access, I have been shot at, (Nicaragua, Bahamas) Bombed (airport in > > Managua > > Nicaragua) and walked away from 3 airplane crashes, and other disasters, > > but > > still love field service. Maybe I should try to write a book and > retire... > > Naw people > > who retire die... > > > > > > On Fri, Feb 24, 2017 at 3:31 PM, c wrote: > > > > > I am trying to find work in Portland from out of town. I have some > > friends > > > in town, but no-one that has gotten their jobs through an agency or > > > recruiter. > > > > > > Can anyone recommend anyone that they have worked with as being > > reasonably > > > decent? > > > > > > Thanks, > > > Purcell > > > > > > p.s. Yes I am doing the standard searching for jobs on linkedin and > > > craigslist too. > > > ___ > > > PLUG mailing list > > > PLUG@lists.pdxlinux.org > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > > > > > > -- > > > > Chuck Hast -- KP4DJT -- > > Glass, five thousand years of history and getting better. > > The only container material that the USDA gives blanket approval on. > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Chuck Hast -- KP4DJT -- Glass, five thousand years of history and getting better. The only container material that the USDA gives blanket approval on. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Looking for Recruiter Recommendations
I have been looking for some headhunter or agency that specializes in field service work, but so far no real luck. Most of them shotgun you with a lot of useless stuff like killing bugs and rodents... (under field service) On Fri, Feb 24, 2017 at 3:38 PM, chris (fool) mccrawwrote: > I've had stellar success as a job hunter with Edgelink : > http://www.edgelink.com. They are more about "let us figure out what > you're good at and filter jobs for you" than "throw you at everything > available and see what sticks". They'll interview you before suggesting > anything. They found me two kickass jobs in a period of a couple of years > and that's it - never sent another opportunity my way other than the 2 that > I took. Batting 1.000 for a recruiting agency feels amazing to me (since > just about every other recruiter experience I had before them was crappy), > so I recommend them over and over again. > > Even before I look on craigslist and linkedin (and indeed, I'm assuming?) I > check out this job board: https://jobs.siliconflorist.com/ > > > > On Fri, Feb 24, 2017 at 3:31 PM, c wrote: > > > I am trying to find work in Portland from out of town. I have some > friends > > in town, but no-one that has gotten their jobs through an agency or > > recruiter. > > > > Can anyone recommend anyone that they have worked with as being > reasonably > > decent? > > > > Thanks, > > Purcell > > > > p.s. Yes I am doing the standard searching for jobs on linkedin and > > craigslist too. > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Chuck Hast -- KP4DJT -- Glass, five thousand years of history and getting better. The only container material that the USDA gives blanket approval on. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Looking for Recruiter Recommendations
Write it all, please. I am curious On 24 Feb 2017 15:46, "Chuck Hast"wrote: > Ha! I lost my job back at the end of Sept. I have been doing all of the > usual > stuff too. No joy! I think that most of them want entry level people and > when > they see my resume they know that I will probably not stay around long be > cause they are not paying enough, so they do not even worry, or I get the > usual "we have looked at your resume you are very good but we have decided > to go with another party". > > Another one I am running into is the "We are sorry to inform you that we > lost > the funding for the position" so we will not be hiring anyone... Why did > you offer > in the first place? > > I am a field service guy used to heavy travel, have a passport and global > access, I have been shot at, (Nicaragua, Bahamas) Bombed (airport in > Managua > Nicaragua) and walked away from 3 airplane crashes, and other disasters, > but > still love field service. Maybe I should try to write a book and retire... > Naw people > who retire die... > > > On Fri, Feb 24, 2017 at 3:31 PM, c wrote: > > > I am trying to find work in Portland from out of town. I have some > friends > > in town, but no-one that has gotten their jobs through an agency or > > recruiter. > > > > Can anyone recommend anyone that they have worked with as being > reasonably > > decent? > > > > Thanks, > > Purcell > > > > p.s. Yes I am doing the standard searching for jobs on linkedin and > > craigslist too. > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > -- > > Chuck Hast -- KP4DJT -- > Glass, five thousand years of history and getting better. > The only container material that the USDA gives blanket approval on. > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Looking for Recruiter Recommendations
Ha! I lost my job back at the end of Sept. I have been doing all of the usual stuff too. No joy! I think that most of them want entry level people and when they see my resume they know that I will probably not stay around long be cause they are not paying enough, so they do not even worry, or I get the usual "we have looked at your resume you are very good but we have decided to go with another party". Another one I am running into is the "We are sorry to inform you that we lost the funding for the position" so we will not be hiring anyone... Why did you offer in the first place? I am a field service guy used to heavy travel, have a passport and global access, I have been shot at, (Nicaragua, Bahamas) Bombed (airport in Managua Nicaragua) and walked away from 3 airplane crashes, and other disasters, but still love field service. Maybe I should try to write a book and retire... Naw people who retire die... On Fri, Feb 24, 2017 at 3:31 PM, cwrote: > I am trying to find work in Portland from out of town. I have some friends > in town, but no-one that has gotten their jobs through an agency or > recruiter. > > Can anyone recommend anyone that they have worked with as being reasonably > decent? > > Thanks, > Purcell > > p.s. Yes I am doing the standard searching for jobs on linkedin and > craigslist too. > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Chuck Hast -- KP4DJT -- Glass, five thousand years of history and getting better. The only container material that the USDA gives blanket approval on. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Looking for Recruiter Recommendations
I've had stellar success as a job hunter with Edgelink : http://www.edgelink.com. They are more about "let us figure out what you're good at and filter jobs for you" than "throw you at everything available and see what sticks". They'll interview you before suggesting anything. They found me two kickass jobs in a period of a couple of years and that's it - never sent another opportunity my way other than the 2 that I took. Batting 1.000 for a recruiting agency feels amazing to me (since just about every other recruiter experience I had before them was crappy), so I recommend them over and over again. Even before I look on craigslist and linkedin (and indeed, I'm assuming?) I check out this job board: https://jobs.siliconflorist.com/ On Fri, Feb 24, 2017 at 3:31 PM, cwrote: > I am trying to find work in Portland from out of town. I have some friends > in town, but no-one that has gotten their jobs through an agency or > recruiter. > > Can anyone recommend anyone that they have worked with as being reasonably > decent? > > Thanks, > Purcell > > p.s. Yes I am doing the standard searching for jobs on linkedin and > craigslist too. > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Looking for Recruiter Recommendations
I am trying to find work in Portland from out of town. I have some friends in town, but no-one that has gotten their jobs through an agency or recruiter. Can anyone recommend anyone that they have worked with as being reasonably decent? Thanks, Purcell p.s. Yes I am doing the standard searching for jobs on linkedin and craigslist too. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On 02/24/2017 02:16 PM, Rich Shepard wrote: > On Fri, 24 Feb 2017, King Beowulf wrote: > >> for ssh or scp (cp over ssh), you only need one pub key for the >> connection to work. NOT the ones in /etc/ssh. One of the ones in ~/.ssh > > Ed, > >Here's what I've done; there's still something left for me to do. > >On laptop: > >1) ssh-keygen (using same passphrase as on other hosts). >2) ssh-add >3) tried ssh-copy-id to desktop but was denied. >4) copied ~/.ssh/id_ed25519.pub to thumb drive. >5) added desktop's ~/.ssh/id_25519.pub to laptop's ~/.ssh/known_hosts. > No, not in "known_hosts", forget "known_hosts". That file is NOT used to authenticate user login. >On desktop: > >1) added laptop's ~/.ssh/id_ed25519.pub to ~/.ssh/known_hosts. > No. See above. Doing this can prevent you from accessing the computers remotely >> cat laptop_key.pub > ~/.ssh/authorized_keys > >Now I'm confused about what should be in each host's > ~/.ssh/authorized_keys and ~/.ssh/known_hosts. 1. take the LAPTOP id_ed25519.pub key and put it in DESKTOP ~/.ssh/authorized_keys 2. take the DESKTOP *.pub key and put it in LAPTOP ~/.ssh/authorized_keys Note that even if you use the same passphrase, the private keys for each computer are unique. also, you need to generate the keys as a USER not ROOT! now just from laptop ssh -i id_ed25519 rshepard@desktop > >Do the id_ed25519.pub files from one host belong in the authorized_keys > files on other hoste? If so, what goes in the known_hosts file in each host? known_hosts is just used to say you TRUST the remote computer. authorized_keys tells the host what remote user is allowed to login. > > Getting there, > > Rich > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On Fri, 24 Feb 2017, Tom wrote: > a) Yes it will wipe all existing entries from known_hosts file, but > they will be all recreated when you login to those hosts again in the > future. Tom, I thought this is the case when I moved the public key files to authorized_keys and found instant connection from the laptop to the desktop with ssh. Whew! I thought I had this all configured when I replaced the hard drive on the laptop with a 500G SSD and installed Slackware-14.2/x86_64 on it. Obviously, I did not set up ssh keys at that time. Much appreciated, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [RESOLVED]
On Fri, 24 Feb 2017, Rich Shepard wrote: > Now I'm confused about what should be in each host's > ~/.ssh/authorized_keys and ~/.ssh/known_hosts. > Do the id_ed25519.pub files from one host belong in the authorized_keys > files on other hosts? Yes, they do. I suspect that known_hosts is populated when a connection to a remote host is made. Moving the id_ed25519.pub files to authorized_keys did the job. My thanks to all of you (especially Ed) for your patient help. Carpe weekend, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
You have two choices here Rich: a) Yes it will wipe all existing entries from known_hosts file, but they will be all recreated when you login to those hosts again in the future. b) delete only the line in known_hosts file corresponding to the host you have difficulties to login to. When you do this, do nothing else ssh to your remote machine and answer yes to the question about adding the host to known_hosts file. After that, things should be as you are used to. Hope it helps, Tomas On Fri, 2017-02-24 at 13:55 -0800, Rich Shepard wrote: > On Fri, 24 Feb 2017, King Beowulf wrote: > > > Just delete ~/.ssh/known_hosts and it will regenerate from what's > > in > > /etc/ssh > > Ed, > >This would wipe out the existing portable in known_host. > >I think the problem is more basic. While the laptop has ed25519 > and ecdsa > private/public keys in /etc/ssh/, it does not have the private and > public > id_ed25519 in ~/.ssh/. > >I believe that I need to run ssh-keygen on the laptop (with the > same > passphrase as used on the server and other laptop), then run ssh-copy > -id to > copy the public key on the server. > >Stand by for results ... > > Thanks, > > Rich > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On Fri, 24 Feb 2017, King Beowulf wrote: > for ssh or scp (cp over ssh), you only need one pub key for the > connection to work. NOT the ones in /etc/ssh. One of the ones in ~/.ssh Ed, Here's what I've done; there's still something left for me to do. On laptop: 1) ssh-keygen (using same passphrase as on other hosts). 2) ssh-add 3) tried ssh-copy-id to desktop but was denied. 4) copied ~/.ssh/id_ed25519.pub to thumb drive. 5) added desktop's ~/.ssh/id_25519.pub to laptop's ~/.ssh/known_hosts. On desktop: 1) added laptop's ~/.ssh/id_ed25519.pub to ~/.ssh/known_hosts. > cat laptop_key.pub > ~/.ssh/authorized_keys Now I'm confused about what should be in each host's ~/.ssh/authorized_keys and ~/.ssh/known_hosts. Do the id_ed25519.pub files from one host belong in the authorized_keys files on other hoste? If so, what goes in the known_hosts file in each host? Getting there, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On 02/24/2017 01:06 PM, Rich Shepard wrote: > On Fri, 24 Feb 2017, King Beowulf wrote: > >> 3. The public key in autheorized-keys (DESTINATION) does not match the >> PRIVATE KEY (SOURCE) > > Ed, > >I just found this to be the case and posted that in the updated message. > Since the private and public keys on each host are in /etc/ssh/ I need to > re-learn how to copy the SOURCE's public key to DESTINATION so the user > appended to that string is me, not root. > > Thanks for providing the pointer to the problem, > Remember that the keys in /etc/ssh/ are NOT the ones you use to log in. you need user level keys stored in ~/.ssh. 2 computers do not log in to each other: a USER on "computer A" logs into a user account on "computer B". ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On Fri, 24 Feb 2017, King Beowulf wrote: > Just delete ~/.ssh/known_hosts and it will regenerate from what's in > /etc/ssh Ed, This would wipe out the existing portable in known_host. I think the problem is more basic. While the laptop has ed25519 and ecdsa private/public keys in /etc/ssh/, it does not have the private and public id_ed25519 in ~/.ssh/. I believe that I need to run ssh-keygen on the laptop (with the same passphrase as used on the server and other laptop), then run ssh-copy-id to copy the public key on the server. Stand by for results ... Thanks, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On 02/24/2017 01:01 PM, Rich Shepard wrote: > On Fri, 24 Feb 2017, King Beowulf wrote: > >> On DESTINATION computer: delete ~/.ssh/authorized_keys > > Ed, > >That's the problem: there's no public key for this laptop in > ~/.ssh/authorized keys! > >If I copy the laptop's /etc/ssh/ssh_host_ed25519_key.pub to a thumb drive > and from there to the desktop's ~/.ssh/authorized_keys it is associated with > root@. The existing public key in authorized_keys is > associated with rshepard@. > >How do I transfer the laptop's ed25519_key.pub to the desktop with > assignment to me as the authorized user? > > Rich > ___ for ssh or scp (cp over ssh), you only need one pub key for the connection to work. NOT the ones in /etc/ssh. One of the ones in ~/.ssh take the laptop's *.pub to the desktop, and do the same for the desktop. pick whatever algorithm you want - I use the 4069-bit rsa. cat laptop_key.pub > ~/.ssh/authorized_keys That should do it as long as you know the passphrase. You can cache the passphrase with ssh-add if you have ssh-agent running. My server has 2 keys in ~/.ssh/authorized_keys: one that allows local ssh on my network, another for remote ssh from "outside" and since its "headless" none of its pub keys exist anywhere else. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On 02/24/2017 01:15 PM, Rich Shepard wrote: > On Fri, 24 Feb 2017, Rich Shepard wrote: > >> That's the problem: there's no public key for this laptop in >> ~/.ssh/authorized keys! > >And, there's no public key for this laptop in the desktop's > ~/.ssh/known_hosts. > Just delete ~/.ssh/known_hosts and it will regenerate from what's in /etc/ssh -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On Fri, 24 Feb 2017, Rich Shepard wrote: > That's the problem: there's no public key for this laptop in > ~/.ssh/authorized keys! And, there's no public key for this laptop in the desktop's ~/.ssh/known_hosts. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, a...@clueserver.org wrote: > What are the permissions on your local .ssh directory and files? 700 Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, King Beowulf wrote: > 3. The public key in autheorized-keys (DESTINATION) does not match the > PRIVATE KEY (SOURCE) Ed, I just found this to be the case and posted that in the updated message. Since the private and public keys on each host are in /etc/ssh/ I need to re-learn how to copy the SOURCE's public key to DESTINATION so the user appended to that string is me, not root. Thanks for providing the pointer to the problem, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification [UPDATED]
On Fri, 24 Feb 2017, King Beowulf wrote: > On DESTINATION computer: delete ~/.ssh/authorized_keys Ed, That's the problem: there's no public key for this laptop in ~/.ssh/authorized keys! If I copy the laptop's /etc/ssh/ssh_host_ed25519_key.pub to a thumb drive and from there to the desktop's ~/.ssh/authorized_keys it is associated with root@. The existing public key in authorized_keys is associated with rshepard@. How do I transfer the laptop's ed25519_key.pub to the desktop with assignment to me as the authorized user? Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
> On Fri, 24 Feb 2017, Rich Shepard wrote: > >> debug1: Connecting to salmo [192.168.55.1] port <>. >> debug1: Connection established. > >The two hosts can communicate. > >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_rsa type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_rsa-cert type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_dsa type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_dsa-cert type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_ecdsa type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_ecdsa-cert type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_ed25519 type -1 >> debug1: key_load_public: No such file or directory > >Not finding the public key. > >> debug1: Host '[salmo]:21498' is known and matches the ED25519 host key. >> debug1: Found key in /home/rshepard/.ssh/known_hosts:1 > >Found the public key. > >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> debug1: Authentications that can continue: publickey >> debug1: Next authentication method: publickey >> debug1: Trying private key: /home/rshepard/.ssh/id_rsa >> debug1: Trying private key: /home/rshepard/.ssh/id_dsa >> debug1: Trying private key: /home/rshepard/.ssh/id_ecdsa >> debug1: Trying private key: /home/rshepard/.ssh/id_ed25519 >> debug1: No more authentication methods to try. >> Permission denied (publickey). > >Not finding the public key. > >I'm confused. What are the permissions on your local .ssh directory and files? perl -pe 's/^\s+//g' *.py ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On 02/24/2017 12:29 PM, Rich Shepard wrote: > On Fri, 24 Feb 2017, King Beowulf wrote: > > >To repeat, I do not remotely login via ssh with a username and password, I > use the passphrase (which is not the same as a password since it contains > multiple words and punctuation.) > > Rich 1. ~/.ssh/* permissions problem on one or both computers 2. the passphrase for PRIVATE KEY is wrong (SOURCE) 3. The public key in autheorized-keys (DESTINATION) does not match the PRIVATE KEY (SOURCE) 4. you upgraded openssh on DESTINATION and over wrote your /etc/ssh/sshd.config -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, Ken Stephens wrote: > Permissions on my .ssh directory are: > [kens@neptune ~]$ ls -ahl .ssh > total 24K > drwx--. 2 kens kens 4.0K Nov 22 20:24 . > drwx--. 80 kens kens 4.0K Feb 24 08:41 .. > -rw---. 1 kens kens 2.4K Dec 24 15:15 authorized_keys > -rw---. 1 kens kens 1.7K Sep 23 12:51 id_rsa > -rw-r--r--. 1 kens kens 394 Sep 23 12:51 id_rsa.pub > -rw-r--r--. 1 kens kens 1.1K Jan 18 12:44 known_hosts > > It might be a permissions problem. Ken, On my desktop I again changed authorized_keys from 644 to 600 and restarted sshd. The laptop still is denied access. Thanks, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, King Beowulf wrote: > (remember: the default Slackware install of sshd does not use keys at all. > You login via normal username/password. See explanation on the other list > thread.) From the desktop's sshd_config: # Authentication: #StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification
On 02/24/2017 12:06 PM, Rich Shepard wrote: > On Fri, 24 Feb 2017, King Beowulf wrote: > >> In that case, the only entries that you care about are in "known_hosts" >> unless sshd is stopped. As root: >> /etc/rc.d/rc.sshd restart > > Ed, > >Did this. > >> $ ssh susan@glaurung > >It generates the new known_hosts file then denies the connection. > >> Since you have an authorized keys file did you try >> $ ssh -i private-key-file username@host > >ssh on the laptop tells me that id_ed25519.pub on the desktop is not > accessible so the connection's denied. The perms on > salmo/.ssh/id_ed25519.pub are 644 so it _should_ be readable by others. > The username, password, public key and/or passphrase is wrong. To login in you MUST have a user set up to log into the DESTINATION computer. On DESTINATION computer: delete ~/.ssh/authorized_keys On DESTINATION computer: 1. to use username/password (no keys or passphrase), check /etc/ssh/sshd_config lines: PermitRootLogin no PubkeyAuthentication no These are the defaults. I also have "AllowUsers" as a further restriction. 2. /etc/rc.d/rc.sshd restart now pick ANY existing user on the DESTINATION and some_user@SOURCE$ ssh a_user@DESTINATION a_user@DESTINATION's password: ... a_user@DESTINATION$ _ 3. Once this works, on SOURCE computer: ssh-copy-id -i ~/.ssh/id_rsa.pub a_user@DESTINATION (to use the default key). If you created id_rsa (etc) with passphrase, you will need that AND a_user's password. This will create a new ~/.ssh/authorized_keys on DESTINATION. 4. you should now be able to login in: $ ssh a_user@DESTINATION or $ ssh -i id_rsa.pub a_user@DESTINATION (id_rsa is the default, use -i for if you create different key) 5. "PubkeyAuthentication yes" to disable user/password and use ONLY keys. Clear as mud? I hope! -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, King Beowulf wrote: > (remember: the default Slackware install of sshd does not use keys at all. > You login via normal username/password. See explanation on the other list > thread.) Having setup ssh/sshd on Slackware in 2003, and having it work with this laptop up through 14.1 and with 14.2 a month or so ago, I need to understand why it's now broken. To repeat, I do not remotely login via ssh with a username and password, I use the passphrase (which is not the same as a password since it contains multiple words and punctuation.) Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
King Beowulf wrote: > On 02/24/2017 10:50 AM, Rich Shepard wrote: >> On Fri, 24 Feb 2017, Rich Shepard wrote: >> >>> debug1: Connecting to salmo [192.168.55.1] port <>. >>> debug1: Connection established. >> The two hosts can communicate. >> >>> debug1: key_load_public: No such file or directory >>> debug1: identity file /home/rshepard/.ssh/id_rsa type -1 >>> debug1: key_load_public: No such file or directory >>> debug1: identity file /home/rshepard/.ssh/id_rsa-cert type -1 >>> debug1: key_load_public: No such file or directory >>> debug1: identity file /home/rshepard/.ssh/id_dsa type -1 >>> debug1: key_load_public: No such file or directory >>> debug1: identity file /home/rshepard/.ssh/id_dsa-cert type -1 >>> debug1: key_load_public: No such file or directory >>> debug1: identity file /home/rshepard/.ssh/id_ecdsa type -1 >>> debug1: key_load_public: No such file or directory >>> debug1: identity file /home/rshepard/.ssh/id_ecdsa-cert type -1 >>> debug1: key_load_public: No such file or directory >>> debug1: identity file /home/rshepard/.ssh/id_ed25519 type -1 >>> debug1: key_load_public: No such file or directory >> Not finding the public key. >> >>> debug1: Host '[salmo]:21498' is known and matches the ED25519 host key. >>> debug1: Found key in /home/rshepard/.ssh/known_hosts:1 >> Found the public key. >> > That's the HOST (/etc/ssh) key to allow the 2 computers to connect. ssh > only allows connections to TRUSTED hosts which it checks in file > "known_hosts" This is NOT the key that allows login user authentication. > > >>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>> debug1: Authentications that can continue: publickey >>> debug1: Next authentication method: publickey >>> debug1: Trying private key: /home/rshepard/.ssh/id_rsa >>> debug1: Trying private key: /home/rshepard/.ssh/id_dsa >>> debug1: Trying private key: /home/rshepard/.ssh/id_ecdsa >>> debug1: Trying private key: /home/rshepard/.ssh/id_ed25519 >>> debug1: No more authentication methods to try. >>> Permission denied (publickey). >> Not finding the public key. > that's the USER login authentication key. The public key listed in > DESTINATION authorized_keys does not match the PUBLIC key on the SOURCE > computer. Either that, or you have /etc/ssh/sshd_config setup > incorrectly for pub/private key authentication. > > (remember: the default Slackware install of sshd does not use keys at > all. You login via normal username/password. See explanation on the > other list thread.) > > http://docs.slackware.com/howtos:security:sshkeys > http://docs.slackware.com/howtos:security:ssh > > -Ed > Rich, Permissions on my .ssh directory are: [kens@neptune ~]$ ls -ahl .ssh total 24K drwx--. 2 kens kens 4.0K Nov 22 20:24 . drwx--. 80 kens kens 4.0K Feb 24 08:41 .. -rw---. 1 kens kens 2.4K Dec 24 15:15 authorized_keys -rw---. 1 kens kens 1.7K Sep 23 12:51 id_rsa -rw-r--r--. 1 kens kens 394 Sep 23 12:51 id_rsa.pub -rw-r--r--. 1 kens kens 1.1K Jan 18 12:44 known_hosts It might be a permissions problem. Ken ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On 02/24/2017 10:50 AM, Rich Shepard wrote: > On Fri, 24 Feb 2017, Rich Shepard wrote: > >> debug1: Connecting to salmo [192.168.55.1] port <>. >> debug1: Connection established. > >The two hosts can communicate. > >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_rsa type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_rsa-cert type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_dsa type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_dsa-cert type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_ecdsa type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_ecdsa-cert type -1 >> debug1: key_load_public: No such file or directory >> debug1: identity file /home/rshepard/.ssh/id_ed25519 type -1 >> debug1: key_load_public: No such file or directory > >Not finding the public key. > >> debug1: Host '[salmo]:21498' is known and matches the ED25519 host key. >> debug1: Found key in /home/rshepard/.ssh/known_hosts:1 > >Found the public key. > That's the HOST (/etc/ssh) key to allow the 2 computers to connect. ssh only allows connections to TRUSTED hosts which it checks in file "known_hosts" This is NOT the key that allows login user authentication. >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> debug1: Authentications that can continue: publickey >> debug1: Next authentication method: publickey >> debug1: Trying private key: /home/rshepard/.ssh/id_rsa >> debug1: Trying private key: /home/rshepard/.ssh/id_dsa >> debug1: Trying private key: /home/rshepard/.ssh/id_ecdsa >> debug1: Trying private key: /home/rshepard/.ssh/id_ed25519 >> debug1: No more authentication methods to try. >> Permission denied (publickey). > >Not finding the public key. that's the USER login authentication key. The public key listed in DESTINATION authorized_keys does not match the PUBLIC key on the SOURCE computer. Either that, or you have /etc/ssh/sshd_config setup incorrectly for pub/private key authentication. (remember: the default Slackware install of sshd does not use keys at all. You login via normal username/password. See explanation on the other list thread.) http://docs.slackware.com/howtos:security:sshkeys http://docs.slackware.com/howtos:security:ssh -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification
On Fri, 24 Feb 2017, King Beowulf wrote: > In that case, the only entries that you care about are in "known_hosts" > unless sshd is stopped. As root: > /etc/rc.d/rc.sshd restart Ed, Did this. > $ ssh susan@glaurung It generates the new known_hosts file then denies the connection. > Since you have an authorized keys file did you try > $ ssh -i private-key-file username@host ssh on the laptop tells me that id_ed25519.pub on the desktop is not accessible so the connection's denied. The perms on salmo/.ssh/id_ed25519.pub are 644 so it _should_ be readable by others. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification
On 02/24/2017 10:25 AM, Rich Shepard wrote: > On Fri, 24 Feb 2017, King Beowulf wrote: > >> Are you logging in via username/password or ssh key? > > Ed, > >I log into the laptop using username and password. To ssh from one to the > other (today's experience is from a laptop to the desktop) I should be asked > for my passphrase, not denied the connection. > In that case, the only entries that you care about are in "known_hosts" unless sshd is stopped. As root: /etc/rc.d/rc.sshd restart It can happen, esp. when you reinstall a linux OS, that new host keys are generated (see also /etc/ssh). In that case simply deleting known_hosts file and then: = $ ssh susan@glaurung The authenticity of host 'glaurung (192.168.1.27)' can't be established. ECDSA key fingerprint is SHA256:6/ezoaMfN/zBE5XZoHVl1y7rBZ4vqUDbGaHci8YyQRk. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'glaurung,192.168.1.27' (ECDSA) to the list of known hosts. susan@glaurung's password: Last login: Fri Feb 24 11:43:30 2017 from 192.168.1.3 Linux 4.4.38. susan@glaurung:~$ === NOTE: password != passphrase. using username/password means you have to an account on the host or know the hosts user/password to use. in the above example, if I try: == $ ssh glaurung beowulf@glaurung's password: Permission denied, please try again. beowulf@glaurung's password: === Failure since user "beowulf" does not exist on "glaurung" Since you have an authorized keys file did you try $ ssh -i private-key-file username@host without the "i" the default is ~/.ssh/id_rsa.pub -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
On Fri, Feb 24, 2017 at 10:56 AM, Bruce Kilpatrickwrote: > > > On 02/24/2017 07:57 AM, Denis Heidtmann wrote: > >> The last time this happened Tomas told me what to do, but I did not > write > >> it down and my mind is a sieve. What is the solution? There are 9 > >> archived images. How do I safely throw out the older ones? > > > If you are running Ubuntu (or something similar) sudo apt-get autoremove > will uninstall anything the system no longer relies on and update Grub > for you. > > Bruce I chose this solution ("autoremove" sounded good). Seems to have done the trick. Thanks for all the replies. -Denis ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
> On Feb 24, 2017, at 10:19 AM, Tony Schlemmerwrote: > > On Fri, 2017-02-24 at 09:36 -0800, David wrote: >> On 02/24/2017 07:57 AM, Denis Heidtmann wrote: >>> >>> The last time this happened Tomas told me what to do, but I did not >>> write >>> it down and my mind is a sieve. What is the solution? There are 9 >>> archived images. How do I safely throw out the older ones? >>> >>> Thanks, >>> -Denis >> Howdy. >> >> You don't provide quite enough information, but I can get you close >> enough that you should be able to figure it out from there. >> >> If you have a RH based system, you will want to use yum to remove the >> oldest one or two kernel RPMs. I'd suggest starting with find out >> your current kernel release, and then listing which kernel images are >> installed: >> >> $ uname -r # so you know what you can't remove >> $ rpm -qa | grep kernel-[2-4] >> $ sudo yum remove ${package name from above} >> >> If you are using a Debian based system, it's similar: >> >> $ uname -r # so you know what you can't remove >> $ dpkg -l linux-image* | grep ^i >> $ sudo apt-get remove ${package name from above} >> >> You just want to be sure to leave your current running kernel and the >> next youngest version (IMO), and the rest can be removed to free up >> space in /boot. >> >> dafr > > I made the mistake one time of removing the active kernel under Ubuntu > so I had to create a DVD recovery disk. With Ubuntu I use the Synaptic > Package manager to uninstall old kernel images since I had a limited > about of space in my boot partition. I have a new laptop that I bought > in October so I have not had to delete any Kernels right now. I've had the exact same problem, in the past. So, I wrote a fix... https://github.com/dafydd2277/systemAdmin/blob/master/scripting/52_removeOldKernels.sh Cheers! dafydd -- David - Offbeat http://pgp.mit.edu/ dafydd - Online 0xda3f18449337d6b5 51525354555657-- Dr. Viktor Frankenstein entered into a body building competition only to find he has seriously misunderstood the objective. signature.asc Description: Message signed with OpenPGP using GPGMail ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
On 02/24/2017 08:36 AM, Dick Steffens wrote: > On 02/24/2017 07:57 AM, Denis Heidtmann wrote: >> The last time this happened Tomas told me what to do, but I did not write >> it down and my mind is a sieve. What is the solution? There are 9 >> archived images. How do I safely throw out the older ones? > > While I don't have an answer to your question, I do recall that there is > a way to search for it in the archives. This involves using Google > Advanced Search to search a "site or domain". I put pdxlinux.org in the > "site or domain" line, but my search foo probably isn't what you need. I > tried "linux remove old images from boot" (without quotes), but the > first page didn't seem like what you are looking for. Maybe your foo > would work better for you. > If you are running Ubuntu (or something similar) sudo apt-get autoremove will uninstall anything the system no longer relies on and update Grub for you. Bruce ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, Rich Shepard wrote: > debug1: Connecting to salmo [192.168.55.1] port <>. > debug1: Connection established. The two hosts can communicate. > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory Not finding the public key. > debug1: Host '[salmo]:21498' is known and matches the ED25519 host key. > debug1: Found key in /home/rshepard/.ssh/known_hosts:1 Found the public key. > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/rshepard/.ssh/id_rsa > debug1: Trying private key: /home/rshepard/.ssh/id_dsa > debug1: Trying private key: /home/rshepard/.ssh/id_ecdsa > debug1: Trying private key: /home/rshepard/.ssh/id_ed25519 > debug1: No more authentication methods to try. > Permission denied (publickey). Not finding the public key. I'm confused. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, bro...@netgate.net wrote: > Now you just need the correct public key. Use the -v flag to scp for more > output. $ scp -v salmo:projects . Executing: program /usr/bin/ssh host salmo, user (unspecified), command scp -v -f projects OpenSSH_7.4p1, OpenSSL 1.0.2k 26 Jan 2017 debug1: Reading configuration data /home/rshepard/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to salmo [127.0.0.1] port <>. debug1: connect to address 127.0.0.1 port <>: Connection refused debug1: Connecting to salmo [192.168.55.1] port <>. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x0400 debug1: Authenticating to salmo:21498 as 'rshepard' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:9T1sRfIPmzJvODsTIOexYiBawQAJp6fN9GS1S9zGewg debug1: Host '[salmo]:21498' is known and matches the ED25519 host key. debug1: Found key in /home/rshepard/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/rshepard/.ssh/id_rsa debug1: Trying private key: /home/rshepard/.ssh/id_dsa debug1: Trying private key: /home/rshepard/.ssh/id_ecdsa debug1: Trying private key: /home/rshepard/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey). $ scp -v salmo:projects . Executing: program /usr/bin/ssh host salmo, user (unspecified), command scp -v -f projects OpenSSH_7.4p1, OpenSSL 1.0.2k 26 Jan 2017 debug1: Reading configuration data /home/rshepard/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to salmo [127.0.0.1] port 21498. debug1: connect to address 127.0.0.1 port 21498: Connection refused debug1: Connecting to salmo [192.168.55.1] port 21498. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/rshepard/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x0400 debug1: Authenticating to salmo:21498 as 'rshepard' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1:
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, Roderick Anderson wrote: > Check permissions on .SSH and the files in it. Rod, On the desktop: $ ll .ssh total 20 -rw-r--r-- 1 rshepard users 100 Nov 9 08:43 authorized_keys -rw-r--r-- 1 rshepard users 11 Feb 7 2015 config -rw--- 1 rshepard users 464 Oct 30 12:42 id_ed25519 -rw-r--r-- 1 rshepard users 96 Oct 30 12:42 id_ed25519.pub -rw-r--r-- 1 rshepard users 116 Nov 7 12:54 known_hosts On the laptop the only two files in ~/.ssh are config and known_hosts, and both have the same 544 permissions as on the desktop. Shouldn't the laptop also have authorized_keys and the two public keys for itself? Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification
On Fri, 24 Feb 2017, King Beowulf wrote: > Are you logging in via username/password or ssh key? Ed, I log into the laptop using username and password. To ssh from one to the other (today's experience is from a laptop to the desktop) I should be asked for my passphrase, not denied the connection. > If it exists are you using ~/.ssh/id_rsa_pub or a key from ~/.gnupg? Did > you set a passphrase for these keys and then forget? $ ls .ssh/ authorized_keys config id_ed25519 id_ed25519.pub known_hosts Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
On Fri, 2017-02-24 at 09:36 -0800, David wrote: > On 02/24/2017 07:57 AM, Denis Heidtmann wrote: > > > > The last time this happened Tomas told me what to do, but I did not > > write > > it down and my mind is a sieve. What is the solution? There are 9 > > archived images. How do I safely throw out the older ones? > > > > Thanks, > > -Denis > Howdy. > > You don't provide quite enough information, but I can get you close > enough that you should be able to figure it out from there. > > If you have a RH based system, you will want to use yum to remove the > oldest one or two kernel RPMs. I'd suggest starting with find out > your current kernel release, and then listing which kernel images are > installed: > > $ uname -r # so you know what you can't remove > $ rpm -qa | grep kernel-[2-4] > $ sudo yum remove ${package name from above} > > If you are using a Debian based system, it's similar: > > $ uname -r # so you know what you can't remove > $ dpkg -l linux-image* | grep ^i > $ sudo apt-get remove ${package name from above} > > You just want to be sure to leave your current running kernel and the > next youngest version (IMO), and the rest can be removed to free up > space in /boot. > > dafr > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug I made the mistake one time of removing the active kernel under Ubuntu so I had to create a DVD recovery disk. With Ubuntu I use the Synaptic Package manager to uninstall old kernel images since I had a limited about of space in my boot partition. I have a new laptop that I bought in October so I have not had to delete any Kernels right now. Tony ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
This works for me: http://ubuntuhandbook.org/index.php/2016/05/remove-old-kernels-ubuntu-16-04/ On Fri, Feb 24, 2017 at 9:36 AM, Davidwrote: > On 02/24/2017 07:57 AM, Denis Heidtmann wrote: > > The last time this happened Tomas told me what to do, but I did not write > > it down and my mind is a sieve. What is the solution? There are 9 > > archived images. How do I safely throw out the older ones? > > > > Thanks, > > -Denis > > Howdy. > > You don't provide quite enough information, but I can get you close > enough that you should be able to figure it out from there. > > If you have a RH based system, you will want to use yum to remove the > oldest one or two kernel RPMs. I'd suggest starting with find out your > current kernel release, and then listing which kernel images are installed: > > $ uname -r # so you know what you can't remove > $ rpm -qa | grep kernel-[2-4] > $ sudo yum remove ${package name from above} > > If you are using a Debian based system, it's similar: > > $ uname -r # so you know what you can't remove > $ dpkg -l linux-image* | grep ^i > $ sudo apt-get remove ${package name from above} > > You just want to be sure to leave your current running kernel and the > next youngest version (IMO), and the rest can be removed to free up > space in /boot. > > dafr > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Chuck Hast -- KP4DJT -- Glass, five thousand years of history and getting better. The only container material that the USDA gives blanket approval on. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
On 02/24/2017 07:57 AM, Denis Heidtmann wrote: > The last time this happened Tomas told me what to do, but I did not write > it down and my mind is a sieve. What is the solution? There are 9 > archived images. How do I safely throw out the older ones? > > Thanks, > -Denis Howdy. You don't provide quite enough information, but I can get you close enough that you should be able to figure it out from there. If you have a RH based system, you will want to use yum to remove the oldest one or two kernel RPMs. I'd suggest starting with find out your current kernel release, and then listing which kernel images are installed: $ uname -r # so you know what you can't remove $ rpm -qa | grep kernel-[2-4] $ sudo yum remove ${package name from above} If you are using a Debian based system, it's similar: $ uname -r # so you know what you can't remove $ dpkg -l linux-image* | grep ^i $ sudo apt-get remove ${package name from above} You just want to be sure to leave your current running kernel and the next youngest version (IMO), and the rest can be removed to free up space in /boot. dafr ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification
On 02/24/2017 07:33 AM, Rich Shepard wrote: >An attempt to scp directories to a laptop from the workstation failed > because ssh saw a changed public key in known_hosts. How this happened I've > no idea, but it needs fixing, perhaps by copying the correct ecdsa public > key from the workstation to the laptop. > >On stackexchange I read that ecdsa is for key exchange and ed25519 for > data transfers, so I assume that I need to copy both public keys from the > workstation to the laptop. Is this correct? > >Reading man ssh-keyscan suggests that running this (specifying the > workstation host name) will do the job. However, While this adds several > lines to the laptop's ~/.ssh/known_hosts it does not allow me to scp from > the workstation. > >Advice on finding the reason ssh became FUBAR and fixing the problem is > needed. > > Rich Are you logging in via username/password or ssh key? If so, then just clearing both ~./ssh/known_hosts and then using ssh to log into each box from each box will reset the entries. If you are using ssh key based authentication you will need to check if ~./ssh/authorized_keys still exists on the box you are going to ssh or scp into. If it exists are you using ~/.ssh/id_rsa_pub or a key from ~/.gnupg? Did you set a passphrase for these keys and then forget? I am by no means an expert on this, but if you have the standard rsa keys pairs automatically generated when you installed slackware, via "ssh-keygen -t rsa" you do not need ecdsa vs ed2559 worries. ssh and scp works by default with username/password as long as you keep ~./ssh/known_hosts clean of stale entries. -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
If you use ubuntu, you could use something like ubuntu-tweak or synaptic to let you select the kernels in a gui and delete them. If you are not on ubuntu, or prefer command line you can get the name of your current kernel uname -r list all kernels except what you are currently using dpkg -l | tail -n +6 | grep -E 'linux-image-[0-9]+' | grep -Fv $(uname -r) remove listed packages sudo dpkg --purge #NAME GOES HERE# http://askubuntu.com/questions/2793/how-do-i-remove-old-kernel-versions-to-clean-up-the-boot-menu https://help.ubuntu.com/community/RemoveOldKernels Purcell On Fri, Feb 24, 2017 at 9:57 AM, Denis Heidtmannwrote: > The last time this happened Tomas told me what to do, but I did not write > it down and my mind is a sieve. What is the solution? There are 9 > archived images. How do I safely throw out the older ones? > > Thanks, > -Denis > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Darkness spoons with you. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
Check permissions on .SSH and the files in it. Not at a system I can check to say what they should be. Some one else may be able to. Rod -- On February 24, 2017 08:39:42 Rich Shepardwrote: > On Fri, 24 Feb 2017, bro...@netgate.net wrote: > >> Just delete the entry from the known_hosts file. Should do the trick. > >Deleted ~/.ssh/known_hosts and tried to scp: > > $ scp salmo:projects . > The authenticity of host '[salmo]: ([192.168.55.1]:21498)' can't be > established. > ED25519 key fingerprint is SHA256:9T1sRfIPmzJvODsTIOexYiBawQAJp6fN9GS1S9zGewg. > Are you sure you want to continue connecting (yes/no)? yes > Warning: Permanently added '[salmo]:,[192.168.55.1]:21498' (ED25519) > to the list of known hosts. > Permission denied (publickey). > >This is the result regardless of what I try. Needs a much more experienced > sysadmin than I to understand. > > Thanks, > > Rich > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
Now you just need the correct public key. Use the -v flag to scp for more output. On Fri, 24 Feb 2017, Rich Shepard wrote: > On Fri, 24 Feb 2017, bro...@netgate.net wrote: > >> Just delete the entry from the known_hosts file. Should do the trick. > > Deleted ~/.ssh/known_hosts and tried to scp: > > $ scp salmo:projects . > The authenticity of host '[salmo]: ([192.168.55.1]:21498)' can't be > established. > ED25519 key fingerprint is SHA256:9T1sRfIPmzJvODsTIOexYiBawQAJp6fN9GS1S9zGewg. > Are you sure you want to continue connecting (yes/no)? yes > Warning: Permanently added '[salmo]:,[192.168.55.1]:21498' (ED25519) to > the list of known hosts. > Permission denied (publickey). > > This is the result regardless of what I try. Needs a much more experienced > sysadmin than I to understand. > > Thanks, > > Rich > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] scp issue
On Fri, 24 Feb 2017, bro...@netgate.net wrote: > Just delete the entry from the known_hosts file. Should do the trick. Deleted ~/.ssh/known_hosts and tried to scp: $ scp salmo:projects . The authenticity of host '[salmo]: ([192.168.55.1]:21498)' can't be established. ED25519 key fingerprint is SHA256:9T1sRfIPmzJvODsTIOexYiBawQAJp6fN9GS1S9zGewg. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[salmo]:,[192.168.55.1]:21498' (ED25519) to the list of known hosts. Permission denied (publickey). This is the result regardless of what I try. Needs a much more experienced sysadmin than I to understand. Thanks, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] boot filled
On 02/24/2017 07:57 AM, Denis Heidtmann wrote: > The last time this happened Tomas told me what to do, but I did not write > it down and my mind is a sieve. What is the solution? There are 9 > archived images. How do I safely throw out the older ones? While I don't have an answer to your question, I do recall that there is a way to search for it in the archives. This involves using Google Advanced Search to search a "site or domain". I put pdxlinux.org in the "site or domain" line, but my search foo probably isn't what you need. I tried "linux remove old images from boot" (without quotes), but the first page didn't seem like what you are looking for. Maybe your foo would work better for you. -- Regards, Dick Steffens ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] boot filled
The last time this happened Tomas told me what to do, but I did not write it down and my mind is a sieve. What is the solution? There are 9 archived images. How do I safely throw out the older ones? Thanks, -Denis ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Remote host lost ssh key verification
On Fri, 24 Feb 2017, Rich Shepard wrote: > Advice on finding the reason ssh became FUBAR and fixing the problem is > needed. The situation is more confusing. I copied the two public keys from the workstation to the laptop. Initially, scp asked if I wanted to trust the connection and I responded, 'yes.' Then scp denied the connection. When I look at the contents of the workstation's ~/.ssh/config I see one line with the port number. When I look at the laptop's ~/.ssh/config I see what appears to be several public keys and a list of the same port number, one for each time I run 'less config.' However, when I open config in an editor I see only the one line with the port number. Looks like today will be spent fixing this problem. Do I need to start from scratch configuring ssh on the laptop? Sigh, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Remote host lost ssh key verification
An attempt to scp directories to a laptop from the workstation failed because ssh saw a changed public key in known_hosts. How this happened I've no idea, but it needs fixing, perhaps by copying the correct ecdsa public key from the workstation to the laptop. On stackexchange I read that ecdsa is for key exchange and ed25519 for data transfers, so I assume that I need to copy both public keys from the workstation to the laptop. Is this correct? Reading man ssh-keyscan suggests that running this (specifying the workstation host name) will do the job. However, While this adds several lines to the laptop's ~/.ssh/known_hosts it does not allow me to scp from the workstation. Advice on finding the reason ssh became FUBAR and fixing the problem is needed. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Running a Python application in the background
On Fri, 24 Feb 2017, King Beowulf wrote: > Screen stable tag v4.5.0 2016-12-07 > http://git.savannah.gnu.org/cgit/screen.git > > Tmux v2.3 Sep 29, 2016 > https://github.com/tmux/tmux/releases > > Tmux and Screen have very similar functionality and most differences are a > matter of subjective taste. See each FAQ. Kind of like the hoopla over > what the best editor is! Ed, Ooo! Fuel for a new flame war? Haven't seen one of those in years. :-) Thanks, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Running a Python application in the background
On Thu, 23 Feb 2017, Thomas Groman wrote: > If your going to learn a new terminal multiplexer; make it TMUX. TMUX is > like screen but is a little more featured, less conflicting key sequences, > multi-user support, and more actively developed. Thanks, Tom. I now see I need to look carefully at nohup, screen, and TMUX. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Running a Python application in the background
On Thu, 23 Feb 2017, Tom wrote: > I'd second the use of screen as that will allow you to reconnect with the > shell where you started the command should you need it. Another > alternative to nohup I often use: at -f commandToRun now The dependency is > to start atd.service > The advantages to nohup that is that you will get the command's output by > email, so that you can check the success/failure and what happened. > Another good thing is that you can start your command with delay or at > certain time/date if needed. Tomas, Thanks. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Running a Python application in the background
On Thu, 23 Feb 2017, Galen Seitz wrote: > Traditionally this was done using nohup, but screen is probably a better > choice. Galen, I saw a reference to nohup but didn't pursue i. I forgot about screen. Thanks, Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Running a Python application in the background
On 02/23/2017 08:16 PM, Thomas Groman wrote: > If your going to learn a new terminal multiplexer; make it TMUX. TMUX is > like screen but is a little more featured, less conflicting key > sequences, multi-user support, and more actively developed. > This must be one of them there "alternative facts" Screen stable tag v4.5.0 2016-12-07 http://git.savannah.gnu.org/cgit/screen.git Tmux v2.3 Sep 29, 2016 https://github.com/tmux/tmux/releases Tmux and Screen have very similar functionality and most differences are a matter of subjective taste. See each FAQ. Kind of like the hoopla over what the best editor is! -Ed ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug