[PLUG] Re-doing ssh key phrase and key type

David dafr+plug at dafr.us
Wed Oct 26 22:56:57 UTC 2016


On 10/26/2016 03:51 PM, Rich Shepard wrote:
> On Tue, 25 Oct 2016, Rich Shepard wrote:
>
>> Having new installations of Slackware-14.2 on three hosts now (two more to
>> go after I get these three fully functional), I want to change my ssh
>> private and public keys using a new passphrase and type.
>
>    Keeping the same thread going, I've read the ssh, sshd, ssh_config,
> sshd_config, ssh-keygen, and ssh-agen man pages and searched the web for
> usage examples and still have a few unanswered questions.
>
>    On the desktop I generated a new ed25519 key pair. Wanting to set up
> communications between this host and the ThinkPad I tried
>
>  	scp ~/.ssh/id_ed25519.pub typha:.ssh
>
> (and a couple of different references to the remote host) but the connection
> was refused.
>
>   I copied the public key to a USB thumb drive and manually installed it in
> typha: ~/.ssh.
>
>    Then, logged into typha, I tried to scp ~/ from the desktop. Openssh told
> me it didn't recognize the remote machine and asked it I wanted to continue.
> I responded, "yes," and the public key was added to the ThinkPad's
> authorized_hosts file, but the connection was refused. Is the next step to
> specify verbotisty levels, e.g., 'ssh -vv <remote_host>'?
>
>    On a related issue, as authorized_hosts holds public keys from remote
> hosts, and I'm essentially starting from a clean slate with the portables
> and the desktop, can I remove that old file from the desktop's ~/.ssh/ and
> start over again when I use ssh/scp from a portable to the desktop?
>
>    On another related OpenSSH issue: ssh-agent. I've not before used it but
> it looks useful. If I understand the man page, I run it on hosts that will
> remotely connect to the desktop (the portables) so when they boot they'll
> have the public key available to all shells and I'll not need to enter my
> pass phrase each time I want to establish a secure connection. Is this
> correct? Should I also run it on the desktop?
>
> Rich



Take a gander at the tool ssh-copy-id which is pretty slick way to copy 
your keys into place.

If the key isn't being recognized, you may have a permissions issue, so 
eyeball the mode for the file and the .ssh directory and make sure it's 
restrictive enough. Too permissive, and I believe SSH ignores the 
directory/files for authentication.

Using the verbose ssh command should help provide some insight as well.

dafr





More information about the PLUG mailing list