[PLUG] Remote host lost ssh key verification
King Beowulf
kingbeowulf at gmail.com
Fri Feb 24 20:34:11 UTC 2017
On 02/24/2017 12:06 PM, Rich Shepard wrote:
> On Fri, 24 Feb 2017, King Beowulf wrote:
>
>> In that case, the only entries that you care about are in "known_hosts"
>> unless sshd is stopped. As root:
>> /etc/rc.d/rc.sshd restart
>
> Ed,
>
> Did this.
>
>> $ ssh susan at glaurung
>
> It generates the new known_hosts file then denies the connection.
>
>> Since you have an authorized keys file did you try
>> $ ssh -i private-key-file username at host
>
> ssh on the laptop tells me that id_ed25519.pub on the desktop is not
> accessible so the connection's denied. The perms on
> salmo/.ssh/id_ed25519.pub are 644 so it _should_ be readable by others.
>
The username, password, public key and/or passphrase is wrong. To login
in you MUST have a user set up to log into the DESTINATION computer.
On DESTINATION computer: delete ~/.ssh/authorized_keys
On DESTINATION computer:
1. to use username/password (no keys or passphrase),
check /etc/ssh/sshd_config lines:
PermitRootLogin no
PubkeyAuthentication no
These are the defaults. I also have "AllowUsers" as
a further restriction.
2. /etc/rc.d/rc.sshd restart
now pick ANY existing user on the DESTINATION and
some_user at SOURCE$ ssh a_user at DESTINATION
a_user at DESTINATION's password:
...
a_user at DESTINATION$ _
3. Once this works, on SOURCE computer:
ssh-copy-id -i ~/.ssh/id_rsa.pub a_user at DESTINATION
(to use the default key). If you created id_rsa (etc)
with passphrase, you will need that AND a_user's password.
This will create a new ~/.ssh/authorized_keys on DESTINATION.
4. you should now be able to login in:
$ ssh a_user at DESTINATION
or
$ ssh -i id_rsa.pub a_user at DESTINATION
(id_rsa is the default, use -i for if you create different key)
5. "PubkeyAuthentication yes" to disable user/password and
use ONLY keys.
Clear as mud? I hope!
-Ed
More information about the PLUG
mailing list