[PLUG] Enabling bi-directional ssh
Rich Shepard
rshepard at appl-ecosys.com
Tue Nov 8 21:28:29 UTC 2016
On Tue, 8 Nov 2016, Tom wrote:
> First of all, you only modified .ssh content on remote hosts:
> 1. when connecting to remote host the only thing which matters is
> that your local public key (id_ed25519.pub) line is in the appropriate
> remote authorized_keys file; AND you have the equivalent private key
> file (id_ed25519) in your local .ssh/; AND you know the correct
> passphrase.
Tom,
I thought copying authorized_keys would put the remote's public key back
on itself. I'll fix that.
> This is most likely not your problem, but: If your client (ssh) or remote
> server (sshd) do not use id_ed25519*, only id_dsa --> check if id_ed25519
> is not disabled in ~/.ssh/sshd_config or on remote side in
> /etc/ssh/ssh_config
No. No. No. I created keys using only id_ed25519. That's why I don't
understand where ssh is finding id_dsa since it does not exist on either
host.
> About your password and seed conundrum - ssh uses challenge response
> protocol for authentication. Your passwords or keys are not transmitted
> - which means that, if you like chaos, you could have different
> passwords for the same private key files on different hosts. The
> password is only used to unlock your private key, so that you can
> decrypt the challenge from the remote host on your local machine and
> prove that you can decrypt the challenge to the remote host by sending
> it back encrypted by remote machine's public key. I hope that this
> explanation makes sense and it is not circular.
I see I'm still not clearly communicating. Let me try again.
The server (salmo) has id_ed25519 and id_ed25519.pub generated by locally
ssh-keygen. The authorized_keys file contains my public key from the
portable (typha). I can successfully connect from salmo to typha via ssh
after entering my passphrase. (Haven't added it to typha's ssh-agent yet.)
The portable (typha) has id_ed25519 and id_ed25519.pub copied from the
server (salmo) and authorized_keys has my public key from the server
(salmo). When I try to connect from here to the server I get the rejection
message, "Connection refused (publickey)." With extra verbosity on the
command line I get the output included in the earlier message.
I hope this is more succinct.
Thanks,
Rich
More information about the PLUG
mailing list