User Tools

Site Tools


it_tips:ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
it_tips:ssh [2017/05/03 16:44]
florido
it_tips:ssh [2017/05/03 17:40] (current)
florido [SSH key pair quick setup]
Line 143: Line 143:
 ==== SSH key pair quick setup ==== ==== SSH key pair quick setup ====
  
-  ​- Generate a private/​public keypair **with password** and strong encryption((NIST complexity recommendations,​ http://​nvlpubs.nist.gov/​nistpubs/​SpecialPublications/​NIST.SP.800-57Pt3r1.pdf)):​ <​code:​bash>​ ssh-keygen -b 4096 -f ~/​.ssh/​myid_rsa ​+We will generate a public/​private key pair called //​myid_rsa//​ and //​myid_rsa.pub//​ and copy it to a machine called ''​watto.matfys.lth.se''​ in order to login to it. 
 + 
 +  ​- Generate a private/​public keypair **with password** and strong encryption((NIST complexity recommendations,​ http://​nvlpubs.nist.gov/​nistpubs/​SpecialPublications/​NIST.SP.800-57Pt3r1.pdf)): Command: <​code:​bash>​ ssh-keygen -b 4096 -f ~/​.ssh/​myid_rsa</​code>​Result:<​code:​bash>​
 Generating public/​private rsa key pair. Generating public/​private rsa key pair.
 Enter passphrase (empty for no passphrase): ​ Enter passphrase (empty for no passphrase): ​
Line 164: Line 166:
 +-----------------+ +-----------------+
 </​code>​ </​code>​
-  - Make sure the permissions are correct: <​code:​bash>​tjatte:​~>​ tjatte:​~>​ +  - Make sure the permissions are correct: Commands:<​code:​bash>​chmod 600 ~/​.ssh/​myid_rsa;​ chmod 644  ~/​.ssh/​myid_rsa.publs -ltrah ~/​.ssh/​myid_rsa*</​code>​Result:<​code:​bash>​
-tjatte:~> chmod 600 ~/​.ssh/​myid_rsa;​ chmod 644  ~/​.ssh/​myid_rsa.pub +
-tjatte:​~> ​ls -ltrah ~/​.ssh/​myid_rsa*+
 -rw------- 1 pflorido hep 3,3K maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa -rw------- 1 pflorido hep 3,3K maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa
 -rw-r--r-- 1 pflorido hep  751 maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa.pub -rw-r--r-- 1 pflorido hep  751 maj  3 13:59 /​nfs/​users/​floridop/​.ssh/​myid_rsa.pub
 </​code>​ </​code>​
-  - Copy the key to the target server, say watto:<​code:​bash>​ssh-copy-id -i ~/​.ssh/​myid_rsa pflorido@watto.matfys.lth.se+  - Copy the key to the target server, say watto: Command:<​code:​bash>​ssh-copy-id -i ~/​.ssh/​myid_rsa pflorido@watto.matfys.lth.se</​code>​Result:<​code:​bash>​
 /​usr/​bin/​ssh-copy-id:​ INFO: attempting to log in with the new key(s), to filter out any that are already installed /​usr/​bin/​ssh-copy-id:​ INFO: attempting to log in with the new key(s), to filter out any that are already installed
 /​usr/​bin/​ssh-copy-id:​ INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys /​usr/​bin/​ssh-copy-id:​ INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Line 180: Line 180:
 and check to make sure that only the key(s) you wanted were added. and check to make sure that only the key(s) you wanted were added.
 </​code>​ </​code>​
-  - Add the key to the agent keyring:<​code:​bash>​ssh-add ~/​.ssh/​myid_rsa+  - Add the key to the agent keyring:Command:<​code:​bash>​ssh-add ~/​.ssh/​myid_rsa</​code>​Result:<​code:​bash>​
 Enter passphrase for /​nfs/​users/​floridop/​.ssh/​myid_rsa: ​ Enter passphrase for /​nfs/​users/​floridop/​.ssh/​myid_rsa: ​
 Identity added: /​nfs/​users/​floridop/​.ssh/​myid_rsa (/​nfs/​users/​floridop/​.ssh/​myid_rsa) Identity added: /​nfs/​users/​floridop/​.ssh/​myid_rsa (/​nfs/​users/​floridop/​.ssh/​myid_rsa)
 </​code>​ </​code>​
-  - Try to login to the server **using the identity created**:<​code:​bash>​ssh -i ~/​.ssh/​myid_rsa.pub pflorido@watto.matfys.lth.se</​code>​+  - Try to login to the server **using the identity created**: Command:<​code:​bash>​ssh -i ~/​.ssh/​myid_rsa.pub pflorido@watto.matfys.lth.se</​code>​ 
 + 
 +You can now create entries in your ''​~/​.ssh/​config''​ file to use tunnelling as described in [[#Speedup connection using tunneling]],​ and the agent should automatically forward your keys. 
 + 
 +===== Debugging SSH problems and useful commands ===== 
 + 
 +The best to debug is to enable ssh verbose mode: 
 + 
 +<​code:​bash>​ssh -vv pflorido@watto.matfys.lth.se</​code>​ 
 + 
 +==== See which keys are tried by the agent ==== 
 + 
 +<​code:​bash>​ssh-add -l</​code>​ 
 + 
 +==== Delete a key from the agent keyring ==== 
 + 
 +<​code:​bash>​ssh-add -d ~/​.ssh/​myid_rsa</​code>​ 
 + 
 +==== Check if the agent is running ==== 
 + 
 +<​code:​bash>​ps aux | grep ssh-agent</​code>​ 
 + 
 +==== Remove an offending key from known_hosts ==== 
 + 
 +<​code:​bash>​ssh-keygen -R <​hostname>​</​code>​
  
-==== Debugging problems ​====+==== Remove an offending key from known_hosts ​====
  
 +<​code:​bash>​ssh-keygen -R <​hostname or IP></​code>​
 ====== References ====== ====== References ======
  
   * Arch linux SSH PKI tutorial, https://​wiki.archlinux.org/​index.php/​SSH_Keys ​   * Arch linux SSH PKI tutorial, https://​wiki.archlinux.org/​index.php/​SSH_Keys ​
it_tips/ssh.1493822677.txt.gz · Last modified: 2017/05/03 16:44 by florido