This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
it_tips:ssh [2017/05/03 14:49] florido [SSH key pair quick setup] |
it_tips:ssh [2017/05/03 15:00] florido [Check if the agent is running] |
||
---|---|---|---|
Line 142: | Line 142: | ||
==== SSH key pair quick setup ==== | ==== SSH key pair quick setup ==== | ||
+ | |||
+ | We will generate a public/private key pair called //myid_rsa// and //myid_rsa.pub// and copy it to a machine called ''watto.matfys.lth.se'' in order to login to it. | ||
- Generate a private/public keypair **with password** and strong encryption((NIST complexity recommendations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)): Command: <code:bash> ssh-keygen -b 4096 -f ~/.ssh/myid_rsa</code>Result:<code:bash> | - Generate a private/public keypair **with password** and strong encryption((NIST complexity recommendations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf)): Command: <code:bash> ssh-keygen -b 4096 -f ~/.ssh/myid_rsa</code>Result:<code:bash> | ||
Line 184: | Line 186: | ||
- Try to login to the server **using the identity created**: Command:<code:bash>ssh -i ~/.ssh/myid_rsa.pub pflorido@watto.matfys.lth.se</code> | - Try to login to the server **using the identity created**: Command:<code:bash>ssh -i ~/.ssh/myid_rsa.pub pflorido@watto.matfys.lth.se</code> | ||
- | ==== Debugging problems ==== | + | ===== Debugging SSH problems and useful commands ===== |
+ | |||
+ | The best to debug is to enable ssh verbose mode: | ||
+ | |||
+ | <code:bash>ssh -vv pflorido@watto.matfys.lth.se</code> | ||
+ | |||
+ | ==== See which keys are tried by the agent ==== | ||
+ | |||
+ | <code:bash>ssh-add -l</code> | ||
+ | |||
+ | ==== Delete a key from the agent keyring ==== | ||
+ | |||
+ | <code:bash>ssh-add -d ~/.ssh/myid_rsa</code> | ||
+ | |||
+ | ==== Check if the agent is running ==== | ||
+ | |||
+ | <code:bash>ps aux | grep ssh-agent</code> | ||
+ | |||
+ | ==== Remove an offending key from known_hosts ==== | ||
+ | |||
+ | <code:bash>ssh-keygen -R <hostname></code> | ||
+ | |||
+ | ==== Remove an offending key from known_hosts ==== | ||
+ | <code:bash>ssh-keygen -R <hostname or IP></code> | ||
====== References ====== | ====== References ====== | ||
* Arch linux SSH PKI tutorial, https://wiki.archlinux.org/index.php/SSH_Keys | * Arch linux SSH PKI tutorial, https://wiki.archlinux.org/index.php/SSH_Keys |