Re: ssh-keygen between SuSE and FreeBSD
> >>> Ronald Klop <[EMAIL PROTECTED]> 08/14/08 10:36 AM >>> > > Well, I admit I still have more things to learn, even though I've been > > the admin of "my" own Linux servers for 3 years and FreeBSD for... can't > > remember, but not quite as long, but I'm not gonna pester my colleagues > > for something like this, about my own servers! ;) > > > > My background is more in programming as I have a CS degree in software > > design. Still learning in that area too! We are all, always learning. > > (hopefully) > > > > Genuine thanks for the suggestion though. > > > > - Gavin > > Funny, you don't 'pester' your colleagues but do e-mail a couple of > thousand people on this mailinglist. Communication is a weird thing. :-) > > Ronald. LOL! Okay, fair enough. I concede, you got me there. :) (I LOVE pestering y'all though!) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Ronald Klop <[EMAIL PROTECTED]> 08/14/08 10:34 AM >>> > >> I'm not quite sure right now why you're using rsa keys. I'm always using > >> dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for > >> ssh version 1, while dsa keys are for ssh version 2. > >> But I could be wrong here ;) > >> No man ssh handy right now, sorry. > > > > If that's true, then I believe I will start using the dsa ones! I think > > I chose rsa because the FreeBSD manual indicated I could use either and > > I could only find settings for enabling rsa in sshd_config on the remote > > servers, but I'll look again... > > This story about rsa and dsa is not true. > Rsa wasn't free (patents or something else) until a few years ago. So > everybody used dsa. But since quite some time it doesn't matter what you > use. I don't know about advantages of one above the other. In daily use > they are the same. > > Ronald. Thanks for more info. Maybe some people think that because of the following lines in sshd.config? # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key Although the 2nd line *doesn't* read "#HostKey /etc/ssh/ssh_host_rsa_key", maybe people are associating dsa with protocol 2 because of the 3rd and 4th lines? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
On Thu, 14 Aug 2008 19:31:12 +0200, Gavin Spomer <[EMAIL PROTECTED]> wrote: Lyndon Nerenberg <[EMAIL PROTECTED]> 08/14/08 9:47 AM >>> DOn't you have a local IT helpdesk? This is pretty basic stuff that they should have documentation for. Well, I admit I still have more things to learn, even though I've been the admin of "my" own Linux servers for 3 years and FreeBSD for... can't remember, but not quite as long, but I'm not gonna pester my colleagues for something like this, about my own servers! ;) My background is more in programming as I have a CS degree in software design. Still learning in that area too! We are all, always learning. (hopefully) Genuine thanks for the suggestion though. - Gavin Funny, you don't 'pester' your colleagues but do e-mail a couple of thousand people on this mailinglist. Communication is a weird thing. :-) Ronald. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
On Thu, 14 Aug 2008 19:25:09 +0200, Gavin Spomer <[EMAIL PROTECTED]> wrote: [snip] I'm not quite sure right now why you're using rsa keys. I'm always using dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for ssh version 1, while dsa keys are for ssh version 2. But I could be wrong here ;) No man ssh handy right now, sorry. If that's true, then I believe I will start using the dsa ones! I think I chose rsa because the FreeBSD manual indicated I could use either and I could only find settings for enabling rsa in sshd_config on the remote servers, but I'll look again... This story about rsa and dsa is not true. Rsa wasn't free (patents or something else) until a few years ago. So everybody used dsa. But since quite some time it doesn't matter what you use. I don't know about advantages of one above the other. In daily use they are the same. Ronald. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Lyndon Nerenberg <[EMAIL PROTECTED]> 08/14/08 9:47 AM >>> > DOn't you have a local IT helpdesk? This is pretty basic stuff that they > should have documentation for. Well, I admit I still have more things to learn, even though I've been the admin of "my" own Linux servers for 3 years and FreeBSD for... can't remember, but not quite as long, but I'm not gonna pester my colleagues for something like this, about my own servers! ;) My background is more in programming as I have a CS degree in software design. Still learning in that area too! We are all, always learning. (hopefully) Genuine thanks for the suggestion though. - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Marian Hettwer <[EMAIL PROTECTED]> 08/14/08 9:43 AM >>> > Hi Gavin, > From your Suse, try to run the ssh commando with "-v" or even -vv or -vvv > to get debugging output. > If you can't figure out what the debugging output wants to tell you, send > it to the list. > But complete, copy 'n' paste please :) Sure, no problem: (edited) [EMAIL PROTECTED]:~> ssh -v [EMAIL PROTECTED] OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to freebsdserver [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/myusername/.ssh/id_rsa type -1 debug1: identity file /home/myusername/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 FreeBSD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'freebsdserver' is known and matches the DSA host key. debug1: Found key in /home/myusername/.ssh/known_hosts:6 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/myusername/.ssh/id_rsa debug1: Trying private key: /home/myusername/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Thu Aug 14 10:08:12 2008 from suseserver . [snip] . Welcome to FreeBSD! . [snip] . [EMAIL PROTECTED] ~]$ > I'm not quite sure right now why you're using rsa keys. I'm always using > dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for > ssh version 1, while dsa keys are for ssh version 2. > But I could be wrong here ;) > No man ssh handy right now, sorry. If that's true, then I believe I will start using the dsa ones! I think I chose rsa because the FreeBSD manual indicated I could use either and I could only find settings for enabling rsa in sshd_config on the remote servers, but I'll look again... > > I noticed you made a distinction between password and passphrase. Could > > you please explain the difference? > > > Well, when you generate a rsa or dsa key, you get asked to enter a > passphrase for that key. > So a passphrase is basically the password to your ssh key. > While the password is the real password of the local user you're trying to > be. Like ssh [EMAIL PROTECTED], the password would be the password of the > user foo at > host bar. > And since everybody likes to know wether someone is talking about the > "password" of a ssh key or the password of a local user, you say passphrase > to keys and password to local users. > That's how I would explain it :)) Good explanation. I grok, I grok. :D > Cheers, > Marian ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
That made it possible for me to ssh from SuSE server to FreeBSD server, but now when I ssh from my Mac to SuSE server it wants a password now: ssh-agent holds your keys in memory for you, and provides them to remote systems when needed. You need to run it on each system you log in to. If you have a single workstation you normally use, start ssh-agent there and set your ssh client to forward keys to remote systems. DOn't you have a local IT helpdesk? This is pretty basic stuff that they should have documentation for. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Paul Saab <[EMAIL PROTECTED]> 08/14/08 9:41 AM >>> > look at your permissions in ~/.ssh on the freebsd box. Make sure your home > directory does not have insecure permissions and .ssh + all the files in > there are not writable by anyone else. No worries there. Thanks. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Pollywog <[EMAIL PROTECTED]> 08/14/08 9:32 AM >>> > On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote: > > >>> Lyndon Nerenberg <[EMAIL PROTECTED]> 08/13/08 7:10 PM >>> > > > > > > You need to start an ssh-agent on the machine you're connecting from and > > > populate it with your keychain: > > > > > > eval `ssh-agent` > > > ssh-add > > > > > > Add the above to your .profile, or check the Linux PAM implementation to > > > see if it has ssh session support. > > > > > > --lyndon > > > > Thanks. > > > > That made it possible for me to ssh from SuSE server to FreeBSD server, but > > now when I ssh from my Mac to SuSE server it wants a password now: > > > >Enter passphrase for /home/myusername/.ssh/id_rsa: > > > > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and > > don't have anything much more intelligent to say but "I don't understand". > > ;) > > > > Questions: > > > >1. If the ssh-agent and ssh-add utilities load the keys into memory, > > they'd be wiped if I rebooted? > > Yes, rebooting will take the keys out of memory and you would need to > use 'ssh-add' on the command line to put the keys and passphrase in memory. > The 'ssh-add -D' command removes the keys when you are done but are not > logging out. > > > > >2. Is #1 why I'd add it to my ~/.profile? > > This is so that ssh-agent is set when you login at a console. I don't know > about Mac but some Linux distributions have session scripts so that this is > done for you when you start a KDE session. I don't believe ~/.profile will > be read unless you login at a console or xterm or similar. > > When you add stuff to your ~/.profile, I recommend doing it on a separate > account first. I once added those lines on a Linux system and was locked out > on that account but I was able to get in with another account, su to root, > and remove the lines in the affected user ~/.profile and then I was no longer > locked out. > > > >3. How am I able to ssh (without a password) from my Mac to SuSE server > > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add" > > in my .profile on my Mac? > > You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work > until > you have generated your SSH keys with: > > ssh-keygen -t rsa -b 1024 > or > ssh-keygen -t dsa -b 1024 > > or similar. Until you do that, you have to use your login password and > cannot > use a passphrase since you have not set one. Setting the passphrase is part > of the process of generating your SSH keys. > > BTW I do not know if you are using the "keychain" utility. Be very careful > with it. It can be confusing. I found it inconvenient to use and no longer > use it. > > There are some fine SSH tutorials online, I believe "OnLamp" has some. Just > make sure they are not more than about 3 yrs old. All good information. Thanks. I will save this for future reference. :) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
Hi Gavin, On Thu, 14 Aug 2008 08:30:47 -0700, Gavin Spomer <[EMAIL PROTECTED]> wrote: >> > > Uh, not sure. Head spinning now. ;) > > 1. I have a Mac, SuSE server and a FreeBSD server. > 2. I can ssh from my Mac to SuSE server without having to type in my > password. > 3. I can ssh from my Mac to FreeBSD server without having to type in my > password. > 4. I can do #2 and #3 above because I ran "ssh-keygen -t rsa" on my Mac > and copied the id_rsa.pub to my ~/.ssh/authorized_keys files on the SuSE > and FreeBSD servers. > 5. I ran the same "ssh-keygen -t rsa" on the SuSE server and copied the > id_rsa.pub to the FreeBSD. > 6. I canNOT ssh from the SuSE server to the FreeBSD server withOUT typing > in my password. > 7. When I ssh from SuSE server to FreeBSD server, I get prompted: > Enter passphrase for key '/home/myusername/.ssh/id_rsa': >From your Suse, try to run the ssh commando with "-v" or even -vv or -vvv to get debugging output. If you can't figure out what the debugging output wants to tell you, send it to the list. But complete, copy 'n' paste please :) I'm not quite sure right now why you're using rsa keys. I'm always using dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for ssh version 1, while dsa keys are for ssh version 2. But I could be wrong here ;) No man ssh handy right now, sorry. > 8. I want to be able to ssh from SuSE server to FreeBSD server because I > want to run scp via a cron job. > understood. > I noticed you made a distinction between password and passphrase. Could > you please explain the difference? > Well, when you generate a rsa or dsa key, you get asked to enter a passphrase for that key. So a passphrase is basically the password to your ssh key. While the password is the real password of the local user you're trying to be. Like ssh [EMAIL PROTECTED], the password would be the password of the user foo at host bar. And since everybody likes to know wether someone is talking about the "password" of a ssh key or the password of a local user, you say passphrase to keys and password to local users. That's how I would explain it :)) Cheers, Marian ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
On Thursday 14 August 2008 15:29:27 Gavin Spomer wrote: > >>> Lyndon Nerenberg <[EMAIL PROTECTED]> 08/13/08 7:10 PM >>> > > > > You need to start an ssh-agent on the machine you're connecting from and > > populate it with your keychain: > > > > eval `ssh-agent` > > ssh-add > > > > Add the above to your .profile, or check the Linux PAM implementation to > > see if it has ssh session support. > > > > --lyndon > > Thanks. > > That made it possible for me to ssh from SuSE server to FreeBSD server, but > now when I ssh from my Mac to SuSE server it wants a password now: > >Enter passphrase for /home/myusername/.ssh/id_rsa: > > I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and > don't have anything much more intelligent to say but "I don't understand". > ;) > > Questions: > >1. If the ssh-agent and ssh-add utilities load the keys into memory, > they'd be wiped if I rebooted? Yes, rebooting will take the keys out of memory and you would need to use 'ssh-add' on the command line to put the keys and passphrase in memory. The 'ssh-add -D' command removes the keys when you are done but are not logging out. > >2. Is #1 why I'd add it to my ~/.profile? This is so that ssh-agent is set when you login at a console. I don't know about Mac but some Linux distributions have session scripts so that this is done for you when you start a KDE session. I don't believe ~/.profile will be read unless you login at a console or xterm or similar. When you add stuff to your ~/.profile, I recommend doing it on a separate account first. I once added those lines on a Linux system and was locked out on that account but I was able to get in with another account, su to root, and remove the lines in the affected user ~/.profile and then I was no longer locked out. > >3. How am I able to ssh (without a password) from my Mac to SuSE server > or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add" > in my .profile on my Mac? You can do 'ssh-agent bash' followed by 'ssh-add' but this will not work until you have generated your SSH keys with: ssh-keygen -t rsa -b 1024 or ssh-keygen -t dsa -b 1024 or similar. Until you do that, you have to use your login password and cannot use a passphrase since you have not set one. Setting the passphrase is part of the process of generating your SSH keys. BTW I do not know if you are using the "keychain" utility. Be very careful with it. It can be confusing. I found it inconvenient to use and no longer use it. There are some fine SSH tutorials online, I believe "OnLamp" has some. Just make sure they are not more than about 3 yrs old. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Igor Pokrovsky <[EMAIL PROTECTED]> 08/14/08 8:22 AM >>> > > ... and I have to enter my password. I've Googled, but can't seem to find > > the answer to my dilemma. Is it generally kind of a pain to do this between > > platforms? I'm finally very comfortable on FreeBSD and am starting to > > really get annoyed with SuSE. :( > > You can generate keys with empty pass phrase, so it won't be asked ;-) > > -ip Yes, this works. Any security concerns with doing this? - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> It's not asking for your password. It's asking for your passphrase to > decrypt your private key. Are you running an ssh-agent on the Suse > system? > -- > R. Kevin Oberman Aha! Thanks, Kevin. Things are clicking in my brain and I grok now. I just remembered that when I did ssh-keygen on my mac and then ssh'd to my servers, it stored the passPHRASE (right?) in my Mac's Keychain too. Thanks everyone. For further reference, can anyone clearly define what topics are valid for this list? - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
> >>> Paul Schmehl <[EMAIL PROTECTED]> 08/13/08 7:18 PM >>> > --On August 13, 2008 5:35:29 PM -0700 Gavin Spomer <[EMAIL PROTECTED]> wrote: > > I am able to use ssh-keygen to generate keys so that I can ssh from my > > Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD > > systems, without having to enter my password. When I try the same thing > > from a SuSE system to a FreeBSD system, (I.E. I run "ssh-keygen -t rsa" > > on the SuSE system, then copy the id_rsa.pub to my > > ~/.ssh/authorized_keys file on the FreeBSD system) I get the following > > message when ssh-ing to the FreeBSD system: > > > >Enter passphrase for key '/home/myusername/.ssh/id_rsa': > > Just to be clearyou're saying that your key pass*phrase* doesn't work > and you have to type your pass*word* in instead? Or did you make all your > previous keys passphrase-less and add a passphrase to this one? > > Paul Schmehl Uh, not sure. Head spinning now. ;) 1. I have a Mac, SuSE server and a FreeBSD server. 2. I can ssh from my Mac to SuSE server without having to type in my password. 3. I can ssh from my Mac to FreeBSD server without having to type in my password. 4. I can do #2 and #3 above because I ran "ssh-keygen -t rsa" on my Mac and copied the id_rsa.pub to my ~/.ssh/authorized_keys files on the SuSE and FreeBSD servers. 5. I ran the same "ssh-keygen -t rsa" on the SuSE server and copied the id_rsa.pub to the FreeBSD. 6. I canNOT ssh from the SuSE server to the FreeBSD server withOUT typing in my password. 7. When I ssh from SuSE server to FreeBSD server, I get prompted: Enter passphrase for key '/home/myusername/.ssh/id_rsa': 8. I want to be able to ssh from SuSE server to FreeBSD server because I want to run scp via a cron job. I noticed you made a distinction between password and passphrase. Could you please explain the difference? - Gavin ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
>>> Lyndon Nerenberg <[EMAIL PROTECTED]> 08/13/08 7:10 PM >>> > You need to start an ssh-agent on the machine you're connecting from and > populate it with your keychain: > > eval `ssh-agent` > ssh-add > > Add the above to your .profile, or check the Linux PAM implementation to > see if it has ssh session support. > > --lyndon Thanks. That made it possible for me to ssh from SuSE server to FreeBSD server, but now when I ssh from my Mac to SuSE server it wants a password now: Enter passphrase for /home/myusername/.ssh/id_rsa: I read the FreeBSD handbook section "14.11.7 ssh-agent and ssh-add" and don't have anything much more intelligent to say but "I don't understand". ;) Questions: 1. If the ssh-agent and ssh-add utilities load the keys into memory, they'd be wiped if I rebooted? 2. Is #1 why I'd add it to my ~/.profile? 3. How am I able to ssh (without a password) from my Mac to SuSE server or Mac to FreeBSD server when I don't have "eval `ssh-agent`" and "ssh-add" in my .profile on my Mac? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
On Wed, Aug 13, 2008 at 05:35:29PM -0700, Gavin Spomer wrote: > I hope this isn't an invalid topic for this list. I'm on so many lists and I > hate to join another one just to get help on one thing. Apologies if it's not. > > I am able to use ssh-keygen to generate keys so that I can ssh from my Mac to > any of my SuSE systems or ssh from my Mac to any of my FreeBSD systems, > without having to enter my password. When I try the same thing from a SuSE > system to a FreeBSD system, (I.E. I run "ssh-keygen -t rsa" on the SuSE > system, then copy the id_rsa.pub to my ~/.ssh/authorized_keys file on the > FreeBSD system) I get the following message when ssh-ing to the FreeBSD > system: > >Enter passphrase for key '/home/myusername/.ssh/id_rsa': > > ... and I have to enter my password. I've Googled, but can't seem to find the > answer to my dilemma. Is it generally kind of a pain to do this between > platforms? I'm finally very comfortable on FreeBSD and am starting to really > get annoyed with SuSE. :( You can generate keys with empty pass phrase, so it won't be asked ;-) -ip ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh-keygen between SuSE and FreeBSD
Format recovered. A newline every 72-75 characters would be more polite. > Date: Wed, 13 Aug 2008 17:35:29 -0700 > From: Gavin Spomer <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > > I hope this isn't an invalid topic for this list. I'm on so many lists > and I hate to join another one just to get help on one > thing. Apologies if it's not. > > I am able to use ssh-keygen to generate keys so that I can ssh from my > Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD > systems, without having to enter my password. When I try the same > thing from a SuSE system to a FreeBSD system, (I.E. I run "ssh-keygen > -t rsa" on the SuSE system, then copy the id_rsa.pub to my > ~/.ssh/authorized_keys file on the FreeBSD system) I get the following > message when ssh-ing to the FreeBSD system: > >Enter passphrase for key '/home/myusername/.ssh/id_rsa': > > ... and I have to enter my password. I've Googled, but can't seem to > find the answer to my dilemma. Is it generally kind of a pain to do > this between platforms? I'm finally very comfortable on FreeBSD and am > starting to really get annoyed with SuSE. :( It's not asking for your password. It's asking for your passphrase to decrypt your private key. Are you running an ssh-agent on the Suse system? If this does not point you in the right direction, try running ssh -v. This MAY give us an idea of the problem, though the debug data from the server would be better. MacOS X uses the FreeBSD user environment, so it should work the same under FreeBSD as it does on the Mac. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpPCPdF6DUcq.pgp Description: PGP signature
Re: ssh-keygen between SuSE and FreeBSD
--On August 13, 2008 5:35:29 PM -0700 Gavin Spomer <[EMAIL PROTECTED]> wrote: I hope this isn't an invalid topic for this list. I'm on so many lists and I hate to join another one just to get help on one thing. Apologies if it's not. I am able to use ssh-keygen to generate keys so that I can ssh from my Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD systems, without having to enter my password. When I try the same thing from a SuSE system to a FreeBSD system, (I.E. I run "ssh-keygen -t rsa" on the SuSE system, then copy the id_rsa.pub to my ~/.ssh/authorized_keys file on the FreeBSD system) I get the following message when ssh-ing to the FreeBSD system: Enter passphrase for key '/home/myusername/.ssh/id_rsa': ... and I have to enter my password. I've Googled, but can't seem to find the answer to my dilemma. Is it generally kind of a pain to do this between platforms? I'm finally very comfortable on FreeBSD and am starting to really get annoyed with SuSE. :( Just to be clearyou're saying that your key pass*phrase* doesn't work and you have to type your pass*word* in instead? Or did you make all your previous keys passphrase-less and add a passphrase to this one? Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ** WARNING: Check the headers before replying
