SSH keys don't do anything
But I'm still asked for a password when I attempt to login with Lish via SSH, SSH directly, or using Rsync.
If you place the public keys (file permissions = 644) in that directory, is it just supposed to log you in without prompting for a password? Do I need to reboot the server first? Can't figure out what I'm doing wrong.
The key was generated with a passphrase. If all was working properly would the passphrase have to be supplied even if the password was not? I'm trying to get this working so that I can run rsync via a local CRON script automatically. If using a script, should I not use a passphrase?
The docs on Linode and others they point to, don't really explain very well how this is all supposed to work.
10 Replies
Also make sure your .ssh/authorized_keys file is correct: keytype followed by key, no stray newlines in the key, …
Using a passphrase for the key is highly recommended, so you might wish to add the key to ssh-agent on your local computer.
Things to man and google for more info:
sshd_config
ssh_config
ssh-agent
I'm also using OpenSSH.
Originally they were introduced to differentiate keys for SSHv2 versus v1.x, but I'd be pretty surprised if any distribution currently in use at Linode needs them. (Actually I'm even mildly surprised OpenSSH is still reading them at this point)
– David
I just had to reboot my local FreeBSD box.
All is well…
I tried to setup my local box to use rsync via CRON with my private key that has a pass phrase. It's not worth the hassle unless you think someone may steal your computer. You have to use a script to get SSH to use the SSH agent every time you boot up your local box, and you have to supply the pass phrase at boot up as well.
See this method:
I punted and regenerated a private key without a pass phrase - actually you can keep the current key and remove the pass phrase with: 'ssh-keygen -p', enter the old passphrase, and then hit CR each time for the new one.
Also Filezilla (I'm using version 3.5.2) isn't yet able to work with private keys that have a pass phrase.
The benefit of using keys for SSH is that you can then disable access to the server using a password and not have to worry anymore about brute force attacks. Just edit /etc/ssh/sshd_config and add "PasswordAuthentication no".
I use PCBSD and Ubuntu with KDE on different machines and setup the key files on both. I use KDE's file manager, Dolphin, which supports SFTP.
Now I don't need Filezilla anymore. I can use my file manager transparently and even launch a text editor or other program by double clicking any file, do my editing, and save it as usual.
@Torva:
putting the key into the file /root/.ssh/authorizedkeys as well as the ordinary user /jeff/.ssh/authorizedkeys. I have the same key file on my local machine.
The file on the server should be named authorizedkeys, and it should contain your public key (one line). The file on your local machine should be named idrsa, and it should contain your private key (many lines). Having the same key in both places doesn't do anything, because public key cryptography requires a pair of keys. Public on the server, private on your local machine.
@Azathoth:
Permissions should be 600 not 644.
The authorizedkeys file can be either 644 or 600. After all, it only contains your public key, and public keys are safe to disclose to others. The idrsa file on your local machine should be 600, because it contains your private key. SSH will refuse to use a private key with any other permission.
Correct me if I'm wrong but don't you also need the public key to be in /authorized_keys on your local machine as well as the server?
@Torva:
Correct me if I'm wrong but don't you also need the public key to be in /authorized_keys on your local machine as well as the server?
Only if you want to be able to use that public key when connecting to your local machine.