This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
it_tips:ssh [2017/05/03 14:46] florido [SSH key pair quick setup] |
it_tips:ssh [2017/05/03 15:00] florido [Check if the agent is running] |
||
---|---|---|---|
Line 143: | Line 143: | ||
==== SSH key pair quick setup ==== | ==== SSH key pair quick setup ==== | ||
- | - Generate a private/public keypair **with password** and strong encryption((NIST complexity recommendations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)): <code:bash> ssh-keygen -b 4096 -f ~/.ssh/myid_rsa | + | We will generate a public/private key pair called //myid_rsa// and //myid_rsa.pub// and copy it to a machine called ''watto.matfys.lth.se'' in order to login to it. |
+ | |||
+ | - Generate a private/public keypair **with password** and strong encryption((NIST complexity recommendations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)): Command: <code:bash> ssh-keygen -b 4096 -f ~/.ssh/myid_rsa</code>Result:<code:bash> | ||
Generating public/private rsa key pair. | Generating public/private rsa key pair. | ||
Enter passphrase (empty for no passphrase): | Enter passphrase (empty for no passphrase): | ||
Line 164: | Line 166: | ||
+-----------------+ | +-----------------+ | ||
</code> | </code> | ||
- | - Make sure the permissions are correct: <code:bash> | + | - Make sure the permissions are correct: Commands:<code:bash>chmod 600 ~/.ssh/myid_rsa; chmod 644 ~/.ssh/myid_rsa.pub; ls -ltrah ~/.ssh/myid_rsa*</code>Result:<code:bash> |
- | tjatte:~> chmod 600 ~/.ssh/myid_rsa; chmod 644 ~/.ssh/myid_rsa.pub; ls -ltrah ~/.ssh/myid_rsa*</code> | + | |
- | <code:bash> | + | |
-rw------- 1 pflorido hep 3,3K maj 3 13:59 /nfs/users/floridop/.ssh/myid_rsa | -rw------- 1 pflorido hep 3,3K maj 3 13:59 /nfs/users/floridop/.ssh/myid_rsa | ||
-rw-r--r-- 1 pflorido hep 751 maj 3 13:59 /nfs/users/floridop/.ssh/myid_rsa.pub | -rw-r--r-- 1 pflorido hep 751 maj 3 13:59 /nfs/users/floridop/.ssh/myid_rsa.pub | ||
</code> | </code> | ||
- | - Copy the key to the target server, say watto:<code:bash>ssh-copy-id -i ~/.ssh/myid_rsa pflorido@watto.matfys.lth.se</code><code:bash> | + | - Copy the key to the target server, say watto: Command:<code:bash>ssh-copy-id -i ~/.ssh/myid_rsa pflorido@watto.matfys.lth.se</code>Result:<code:bash> |
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed | /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed | ||
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys | /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys | ||
Line 180: | Line 180: | ||
and check to make sure that only the key(s) you wanted were added. | and check to make sure that only the key(s) you wanted were added. | ||
</code> | </code> | ||
- | - Add the key to the agent keyring:<code:bash>ssh-add ~/.ssh/myid_rsa</code><code:bash> | + | - Add the key to the agent keyring:Command:<code:bash>ssh-add ~/.ssh/myid_rsa</code>Result:<code:bash> |
Enter passphrase for /nfs/users/floridop/.ssh/myid_rsa: | Enter passphrase for /nfs/users/floridop/.ssh/myid_rsa: | ||
Identity added: /nfs/users/floridop/.ssh/myid_rsa (/nfs/users/floridop/.ssh/myid_rsa) | Identity added: /nfs/users/floridop/.ssh/myid_rsa (/nfs/users/floridop/.ssh/myid_rsa) | ||
</code> | </code> | ||
- | - Try to login to the server **using the identity created**:<code:bash>ssh -i ~/.ssh/myid_rsa.pub pflorido@watto.matfys.lth.se</code> | + | - Try to login to the server **using the identity created**: Command:<code:bash>ssh -i ~/.ssh/myid_rsa.pub pflorido@watto.matfys.lth.se</code> |
+ | |||
+ | ===== Debugging SSH problems and useful commands ===== | ||
+ | |||
+ | The best to debug is to enable ssh verbose mode: | ||
+ | |||
+ | <code:bash>ssh -vv pflorido@watto.matfys.lth.se</code> | ||
+ | |||
+ | ==== See which keys are tried by the agent ==== | ||
+ | |||
+ | <code:bash>ssh-add -l</code> | ||
+ | |||
+ | ==== Delete a key from the agent keyring ==== | ||
+ | |||
+ | <code:bash>ssh-add -d ~/.ssh/myid_rsa</code> | ||
+ | |||
+ | ==== Check if the agent is running ==== | ||
+ | |||
+ | <code:bash>ps aux | grep ssh-agent</code> | ||
+ | |||
+ | ==== Remove an offending key from known_hosts ==== | ||
+ | |||
+ | <code:bash>ssh-keygen -R <hostname></code> | ||
- | ==== Debugging problems ==== | + | ==== Remove an offending key from known_hosts ==== |
+ | <code:bash>ssh-keygen -R <hostname or IP></code> | ||
====== References ====== | ====== References ====== | ||
* Arch linux SSH PKI tutorial, https://wiki.archlinux.org/index.php/SSH_Keys | * Arch linux SSH PKI tutorial, https://wiki.archlinux.org/index.php/SSH_Keys |