[PLUG] Remote host lost ssh key verification [UPDATED]

Erik Lane eriklane at gmail.com
Sat Feb 25 16:57:34 UTC 2017 

On Sat, Feb 25, 2017 at 5:55 AM, Rich Shepard <rshepard at appl-ecosys.com>
wrote:

> On Fri, 24 Feb 2017, Erik Lane wrote:
>
> > Is there any reason why the public and private keys need to be different
> on
> > the different computers?
>
> Erik,
>
>    Nope.
>

Thanks Rich!


>
> > It seems like you could create them on one computer and copy paste to the
> > relevant files to make them both the same.
>
>    When you run ssh-keygen it does a bit more than create the private and
> public id_* files. What I (and probably many others) do is to use the same
> passphrase with ssh-keygen on every host. This lets me use the same
> passphrase regardless of which host I'm currently using.
>
>    As an aside, I learned something else interesting yesterday. I have
> ssh-agent running on all hosts. After running ssh-keygen on the laptop I
> ran
> ssh-add. Saw nothing on the monitor but the bash prompt. However, when I
> then tested with 'ssh <desktop>' I was instantly connected; no passphrase
> necessary. And, as I copyied data and applications to the laptop with scp
> no
> passphrase was necessary with each invocation. As I have a rather long
> passphrase this is a huge time saver and a really kewel feature.
>
> > I have had a couple instances where I actually needed to create the keys
> > as root as well. I was using rsync with sudo, (and the files were owned
> by
> > a different user for Owncloud) so I had to have root create the keys,
> > since that was what would be running the ssh transfer. Well, there might
> > have been other options, I really don't know, but setting it up that way
> > took care of it for me. Once I got it working I stopped looking for other
> > ways to do it. :)
>
>    Never used owncloud, but I would think that if the owner and you are
> part
> of the same group you could copy files (you're not writing to them) owned
> by
> another user.
>
>

Thanks for the suggestion on being part of the same group. I'll look into
that at some point. The security implications of running as root to run
rsync over just my personal LAN isn't something I'm too worried about.
(Plus since I'm not using owncloud right now, those files don't change, so
if they get skipped because I don't 'sudo' it's not a problem, either.)
Anyway, if Owncloud starts and sees that any of its database folder and
files is writable by any other user it complains and refuses to run. (I'm
not sure if it also checks if it's readable to anyone else.) If I ever do
end up using it much then I'll want to have the databases backed up so I
don't lose anything.

Thanks again!
Erik

More information about the PLUG mailing list