[PLUG] Enabling bi-directional ssh

Rich Shepard rshepard at appl-ecosys.com
Tue Nov 8 21:28:29 UTC 2016 

On Tue, 8 Nov 2016, Tom wrote:

> First of all, you only modified .ssh content on remote hosts:
>  1. when connecting to remote host the only thing which matters is
> that your local public key (id_ed25519.pub) line is in the appropriate
> remote authorized_keys file; AND you have the equivalent private key
> file (id_ed25519) in your local .ssh/; AND you know the correct
> passphrase.

Tom,

   I thought copying authorized_keys would put the remote's public key back
on itself. I'll fix that.

> This is most likely not your problem, but: If your client (ssh) or remote
> server (sshd) do not use id_ed25519*, only id_dsa --> check if id_ed25519
> is not disabled in ~/.ssh/sshd_config or on remote side in
> /etc/ssh/ssh_config

   No. No. No. I created keys using only id_ed25519. That's why I don't
understand where ssh is finding id_dsa since it does not exist on either
host.

> About your password and seed conundrum - ssh uses challenge response
> protocol for authentication. Your passwords or keys are not transmitted
> - which means that, if you like chaos, you could have different
> passwords for the same private key files on different hosts. The
> password is only used to unlock your private key, so that you can
> decrypt the challenge from the remote host on your local machine and
> prove that you can decrypt the challenge to the remote host by sending
> it back encrypted by remote machine's public key. I hope that this
> explanation makes sense and it is not circular.

   I see I'm still not clearly communicating. Let me try again.

   The server (salmo) has id_ed25519 and id_ed25519.pub generated by locally
ssh-keygen. The authorized_keys file contains my public key from the
portable (typha). I can successfully connect from salmo to typha via ssh
after entering my passphrase. (Haven't added it to typha's ssh-agent yet.)

   The portable (typha) has id_ed25519 and id_ed25519.pub copied from the
server (salmo) and authorized_keys has my public key from the server
(salmo). When I try to connect from here to the server I get the rejection
message, "Connection refused (publickey)." With extra verbosity on the
command line I get the output included in the earlier message.

   I hope this is more succinct.

Thanks,

Rich

More information about the PLUG mailing list