[PLUG] Remote host lost ssh key verification [UPDATED]
King Beowulf
kingbeowulf at gmail.com
Fri Feb 24 22:53:57 UTC 2017
On 02/24/2017 02:16 PM, Rich Shepard wrote:
> On Fri, 24 Feb 2017, King Beowulf wrote:
>
>> for ssh or scp (cp over ssh), you only need one pub key for the
>> connection to work. NOT the ones in /etc/ssh. One of the ones in ~/.ssh
>
> Ed,
>
> Here's what I've done; there's still something left for me to do.
>
> On laptop:
>
> 1) ssh-keygen (using same passphrase as on other hosts).
> 2) ssh-add
> 3) tried ssh-copy-id to desktop but was denied.
> 4) copied ~/.ssh/id_ed25519.pub to thumb drive.
> 5) added desktop's ~/.ssh/id_25519.pub to laptop's ~/.ssh/known_hosts.
>
No, not in "known_hosts", forget "known_hosts". That file is NOT used
to authenticate user login.
> On desktop:
>
> 1) added laptop's ~/.ssh/id_ed25519.pub to ~/.ssh/known_hosts.
>
No. See above. Doing this can prevent you from accessing the computers
remotely
>> cat laptop_key.pub > ~/.ssh/authorized_keys
>
> Now I'm confused about what should be in each host's
> ~/.ssh/authorized_keys and ~/.ssh/known_hosts.
1. take the LAPTOP id_ed25519.pub key and put it in DESKTOP
~/.ssh/authorized_keys
2. take the DESKTOP *.pub key and put it in LAPTOP ~/.ssh/authorized_keys
Note that even if you use the same passphrase, the private keys for each
computer are unique. also, you need to generate the keys as a USER not
ROOT!
now just from laptop
ssh -i id_ed25519 rshepard at desktop
>
> Do the id_ed25519.pub files from one host belong in the authorized_keys
> files on other hoste? If so, what goes in the known_hosts file in each host?
known_hosts is just used to say you TRUST the remote computer.
authorized_keys tells the host what remote user is allowed to login.
>
> Getting there,
>
> Rich
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
More information about the PLUG
mailing list