User Tools

Site Tools


it_tips:ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
it_tips:ssh [2017/05/03 14:44]
florido
it_tips:ssh [2017/05/03 15:40]
florido [SSH key pair quick setup]
Line 143: Line 143:
 ==== SSH key pair quick setup ==== ==== SSH key pair quick setup ====
  
-  ​- Generate a private/​public keypair **with password** and strong encryption((NIST complexity recommendations,​ http://​nvlpubs.nist.gov/​nistpubs/​SpecialPublications/​NIST.SP.800-57Pt3r1.pdf)):​ <​code:​bash>​ ssh-keygen -b 4096 -f ~/​.ssh/​myid_rsa ​+We will generate a public/​private key pair called //​myid_rsa//​ and //​myid_rsa.pub//​ and copy it to a machine called ''​watto.matfys.lth.se''​ in order to login to it. 
 + 
 +  ​- Generate a private/​public keypair **with password** and strong encryption((NIST complexity recommendations,​ http://​nvlpubs.nist.gov/​nistpubs/​SpecialPublications/​NIST.SP.800-57Pt3r1.pdf)): Command: <​code:​bash>​ ssh-keygen -b 4096 -f ~/​.ssh/​myid_rsa</​code>​Result:<​code:​bash>​
 Generating public/​private rsa key pair. Generating public/​private rsa key pair.
 Enter passphrase (empty for no passphrase): ​ Enter passphrase (empty for no passphrase): ​
Line 164: Line 166:
 +-----------------+ +-----------------+
 </​code>​ </​code>​
-  - Make sure the permissions are correct: <​code:​bash>​tjatte:​~>​ tjatte:​~>​ +  - Make sure the permissions are correct: Commands:<​code:​bash>​chmod 600 ~/​.ssh/​myid_rsa;​ chmod 644  ~/​.ssh/​myid_rsa.publs -ltrah ~/​.ssh/​myid_rsa*</​code>​Result:<​code:​bash>​
-tjatte:~> chmod 600 ~/​.ssh/​myid_rsa;​ chmod 644  ~/​.ssh/​myid_rsa.pub +
-tjatte:​~> ​ls -ltrah ~/​.ssh/​myid_rsa*+
 -rw------- 1 pflorido hep 3,3K maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa -rw------- 1 pflorido hep 3,3K maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa
 -rw-r--r-- 1 pflorido hep  751 maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa.pub -rw-r--r-- 1 pflorido hep  751 maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa.pub
 </​code>​ </​code>​
-  - Copy the key to the target server, say watto:<​code:​bash>​ssh-copy-id -i ~/​.ssh/​myid_rsa pflorido@watto.matfys.lth.se+  - Copy the key to the target server, say watto: Command:<​code:​bash>​ssh-copy-id -i ~/​.ssh/​myid_rsa pflorido@watto.matfys.lth.se</​code>​Result:<​code:​bash>​
 /​usr/​bin/​ssh-copy-id:​ INFO: attempting to log in with the new key(s), to filter out any that are already installed /​usr/​bin/​ssh-copy-id:​ INFO: attempting to log in with the new key(s), to filter out any that are already installed
 /​usr/​bin/​ssh-copy-id:​ INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys /​usr/​bin/​ssh-copy-id:​ INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Line 180: Line 180:
 and check to make sure that only the key(s) you wanted were added. and check to make sure that only the key(s) you wanted were added.
 </​code>​ </​code>​
-  - Add the key to the agent keyring:<​code:​bash>​ssh-add ~/​.ssh/​myid_rsa+  - Add the key to the agent keyring:Command:<​code:​bash>​ssh-add ~/​.ssh/​myid_rsa</​code>​Result:<​code:​bash>​
 Enter passphrase for /​nfs/​users/​floridop/​.ssh/​myid_rsa: ​ Enter passphrase for /​nfs/​users/​floridop/​.ssh/​myid_rsa: ​
 Identity added: /​nfs/​users/​floridop/​.ssh/​myid_rsa (/​nfs/​users/​floridop/​.ssh/​myid_rsa) Identity added: /​nfs/​users/​floridop/​.ssh/​myid_rsa (/​nfs/​users/​floridop/​.ssh/​myid_rsa)
 </​code>​ </​code>​
-  - Try to login to the server **using the identity created**:<​code:​bash>​ssh -i ~/​.ssh/​myid_rsa.pub pflorido@watto.matfys.lth.se</​code>​+  - Try to login to the server **using the identity created**: Command:<​code:​bash>​ssh -i ~/​.ssh/​myid_rsa.pub pflorido@watto.matfys.lth.se</​code>​ 
 + 
 +You can now create entries in your ''​~/​.ssh/​config''​ file to use tunnelling as described in [[#Speedup connection using tunneling]],​ and the agent should automatically forward your keys. 
 + 
 +===== Debugging SSH problems and useful commands ===== 
 + 
 +The best to debug is to enable ssh verbose mode: 
 + 
 +<​code:​bash>​ssh -vv pflorido@watto.matfys.lth.se</​code>​ 
 + 
 +==== See which keys are tried by the agent ==== 
 + 
 +<​code:​bash>​ssh-add -l</​code>​ 
 + 
 +==== Delete a key from the agent keyring ==== 
 + 
 +<​code:​bash>​ssh-add -d ~/​.ssh/​myid_rsa</​code>​ 
 + 
 +==== Check if the agent is running ==== 
 + 
 +<​code:​bash>​ps aux | grep ssh-agent</​code>​ 
 + 
 +==== Remove an offending key from known_hosts ==== 
 + 
 +<​code:​bash>​ssh-keygen -R <​hostname>​</​code>​
  
-==== Debugging problems ​====+==== Remove an offending key from known_hosts ​====
  
 +<​code:​bash>​ssh-keygen -R <​hostname or IP></​code>​
 ====== References ====== ====== References ======
  
   * Arch linux SSH PKI tutorial, https://​wiki.archlinux.org/​index.php/​SSH_Keys ​   * Arch linux SSH PKI tutorial, https://​wiki.archlinux.org/​index.php/​SSH_Keys ​
it_tips/ssh.txt · Last modified: 2023/10/09 14:27 by florido

Accessibility Statement