Re: [PLUG] Enabling bi-directional ssh [FIXED]

On Wed, 9 Nov 2016, Rich Shepard wrote: > definging That should be defining. Rich ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Enabling bi-directional ssh [FIXED]

On Wed, 9 Nov 2016, Rich Shepard wrote: > 1) Why might the incorrect IP address appear? Because I copied /etc/hosts from salmo and did not change the first line definging 127.0.0.1. > 2) How do I correct this error? Edited /etc/hosts. Thanks to everyone who contributed ideas and

Re: [PLUG] Enabling bi-directional ssh [SOURCE FOUND]

On Mon, 7 Nov 2016, Paul Mullen wrote: > What happens if you specify the identity file (private key) to be used via > the command line? E.g.: > >ssh -vv -i ~/.ssh/id_ed25519 salmo Paul, et al.: Perhaps I've finally seen the problem that occurs only from the portable to the desktop: it's

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Tom wrote: > Do not use ssh-agent to add public keys to authorized_keys file, it is > intended for something else. The easiest is to simply copy the public key > line in your local id_ed25519.pub to the authorized_keys file in your > remote hosts. Tom, Copying the public

Re: [PLUG] Enabling bi-directional ssh

Do not use ssh-agent to add public keys to authorized_keys file, it is intended for something else. The easiest is to simply copy the public key line in your local id_ed25519.pub to the authorized_keys file in your remote hosts. Please note that if your ssh is configured to use ssh v.1 protocol

Re: [PLUG] Enabling bi-directional ssh

Rich Shepard wrote: > On Tue, 8 Nov 2016, Paul Mullen wrote: > >> Change it to a fully-qualified path, e.g. "~/.ssh/id_ed25519". > Paul, > > Aha! Progress of a sort. Now, when I enter 'ssh salmo:' I see 'ssh: Could > not resolve hostname salmo:: Name or service not known.' Of course, salmo is

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Rich Shepard wrote: > Aha! Progress of a sort. Now, when I enter 'ssh salmo:' I see 'ssh: Could > not resolve hostname salmo:: Name or service not known.' Of course, salmo is > in /etc/hosts and I can ping salmo from typha. OK; I don't need the colon after the hostname.

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Larry Brigman wrote: > I would first try doing ssh to each host locally and see if that works. Larry, I don't follow your suggestion. Currently only two hosta are running on the LAN: salmo (the desktop server/workstation) and typha (the ThinkPad X200). I can connect

Re: [PLUG] Enabling bi-directional ssh

I would first try doing ssh to each host locally and see if that works. On Nov 8, 2016 3:36 PM, "Rich Shepard" wrote: > On Tue, 8 Nov 2016, Paul Mullen wrote: > > > Manually running ssh-agent will start up another process, but it won't > > export any environment

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Paul Mullen wrote: > Change it to a fully-qualified path, e.g. "~/.ssh/id_ed25519". Paul, Aha! Progress of a sort. Now, when I enter 'ssh salmo:' I see 'ssh: Could not resolve hostname salmo:: Name or service not known.' Of course, salmo is in /etc/hosts and I can ping

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Paul Mullen wrote: > Manually running ssh-agent will start up another process, but it won't > export any environment variables. You have to do that yourself. True. > (This is unnecesssary if an ssh-agent process was already started > automatically at login, either via an

Re: [PLUG] Enabling bi-directional ssh

On Tue, Nov 08, 2016 at 03:12:10PM -0800, Rich Shepard wrote: > Just added 'id_ed25519' to ~/.ssh/config after the port number using > the key-value pair IdentityFile id_ed25519. Change it to a fully-qualified path, e.g. "~/.ssh/id_ed25519". -- Paul Mullen

Re: [PLUG] Enabling bi-directional ssh

On Tue, Nov 08, 2016 at 02:59:59PM -0800, Rich Shepard wrote: > Yes, I'm the only logged in user. Manually running ssh-agent creates > the socket and PID; still no environment variables to display. Manually running ssh-agent will start up another process, but it won't export any environment

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Paul Mullen wrote: > ssh has a list of default identity files it looks for if you don't specify > one (either via the command line or a config file). From the looks of your > debug info, it seems ssh is only looking for id_dsa. Do you have a config > file at ~/.ssh/config

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Paul Mullen wrote: > Running `ssh-agent` will start up a new ssh-agent process and leave it > running. That's probably not what you want. (The output of ssh-agent is > meant to be eval'd by shell scripts.) Paul, And this should occur when I log in. In ~/.bash_profile (on

Re: [PLUG] Enabling bi-directional ssh

On Tue, Nov 08, 2016 at 01:36:20PM -0800, Rich Shepard wrote: > Typing 'ssh-agent' on the command line tells me that the socket and > PID exist and are exported; the PID is 1245. Running `ssh-agent` will start up a new ssh-agent process and leave it running. That's probably not what you want.

Re: [PLUG] Enabling bi-directional ssh

On Tue, Nov 08, 2016 at 01:28:29PM -0800, Rich Shepard wrote: > I created keys using only id_ed25519. That's why I don't understand > where ssh is finding id_dsa since it does not exist on either host. ssh has a list of default identity files it looks for if you don't specify one (either via the

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Rich Shepard wrote: > The portable (typha) has id_ed25519 and id_ed25519.pub copied from the > server (salmo) and authorized_keys has my public key from the server > (salmo). When I try to connect from here to the server I get the rejection > message, "Connection refused

Re: [PLUG] Enabling bi-directional ssh

On Tue, 8 Nov 2016, Tom wrote: > First of all, you only modified .ssh content on remote hosts: > 1. when connecting to remote host the only thing which matters is > that your local public key (id_ed25519.pub) line is in the appropriate > remote authorized_keys file; AND you have the equivalent

Re: [PLUG] Enabling bi-directional ssh

First of all, you only modified .ssh content on remote hosts: 1. when connecting to remote host the only thing which matters is that your local public key (id_ed25519.pub) line is in the appropriate remote authorized_keys file; AND you have the equivalent private key file (id_ed25519) in your

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, Tom wrote: > If you want the public key ssh to work the same way in the other > direction (remote to local) you have two basic options: > a) have same authorized_keys, id_ed25519 and id_ed25519.pub in your > accounts on all hosts (remote and local). Now I'm thoroughly

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, Paul Mullen wrote: > What happens if you specify the identity file (private key) to be used via > the command line? E.g.: > >ssh -vv -i ~/.ssh/id_ed25519 salmo Paul, Testing will happen later this morning, but I believe that Tom identified the problem. If the seed

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, Tom wrote: > I'm glad that you resolved the /etc/ssh host key files. Hi Tom, Me, too. Working on this issue while doing two other things causes me to miss the obvious from time to time. > It is common to stop sshd, remove the files and start sshd again to > generate new

Re: [PLUG] Enabling bi-directional ssh

On Sun, Nov 06, 2016 at 02:48:22PM -0800, Rich Shepard wrote: > debug1: Authentications that can continue: publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/rshepard/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug1: No more

Re: [PLUG] Enabling bi-directional ssh

I'm glad that you resolved the /etc/ssh host key files. It is common to stop sshd, remove the files and start sshd again to generate new set of host files. It is normally done when you create a host from disk image either locally or in the cloud. Otherwise you would have multiple hosts with

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, Rich Shepard wrote: > Sure enough, that does make a difference. Still denied access to the > remote portable from the local desktop and will work on that. Almost there. On the portable/remote there are server ssh_host keys. I can now ssh from the desktop/local to the

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, David wrote: > If you read the script that is referenced by "whowd", there is a test for > the host keys, and that creation is bypassed because the file exists. My > apologies for presuming that you would read it more carefully. David, I read it but missed seeing that. >

Re: [PLUG] Enabling bi-directional ssh

On 11/07/2016 11:53 AM, Rich Shepard wrote: > On Mon, 7 Nov 2016, David wrote: > >> I don't recall which OS, but this link has the two main streams: >> > > dafr, > >And everyone agrees that when sshd is started it should create the server

Re: [PLUG] Enabling bi-directional ssh

On 11/7/2016 11:53 AM, Rich Shepard wrote: > On Mon, 7 Nov 2016, David wrote: >> I don't recall which OS, but this link has the two main streams: >> > dafr, > > And everyone agrees that when sshd is started it should create the server >

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, David wrote: > I don't recall which OS, but this link has the two main streams: > dafr, And everyone agrees that when sshd is started it should create the server host_keys. Here it ain't doin' that. Sigh. Thanks,

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, Larry Brigman wrote: > Normally the sshd start up script generates the host keys. This should be > automatic for system installs. Larry, That's what I assumed, but not what I have here. Perhaps I need to re-install sshd. Will try that before asking for help on the

Re: [PLUG] Enabling bi-directional ssh

On Mon, 7 Nov 2016, Rich Shepard wrote: > Still looking ... As root, generated an ssh key and put the file(s) in /etc/ssh. Still cannot start sshd; it cannot find /etc/ssh/ssh_host_ed25519_key even though all 444 bytes are present. Time to post on linuxquestions.org. Rich

Re: [PLUG] Enabling bi-directional ssh

On 11/07/2016 11:25 AM, Rich Shepard wrote: > On Sun, 6 Nov 2016, Rich Shepard wrote: > >> On the server/workstation and a portable ~/.ssh has 700 perms while the >> authorized_keys, known_hosts, and *.pub key files in that directory have 644 >> perms; the others are 600. > >I've identified

Re: [PLUG] Enabling bi-directional ssh

Normally the sshd start up script generates the host keys. This should be automatic for system installs. On Nov 7, 2016 11:28 AM, "Rich Shepard" wrote: > On Sun, 6 Nov 2016, Rich Shepard wrote: > > > On the server/workstation and a portable ~/.ssh has 700 perms

Re: [PLUG] Enabling bi-directional ssh

On Sun, 6 Nov 2016, Rich Shepard wrote: > On the server/workstation and a portable ~/.ssh has 700 perms while the > authorized_keys, known_hosts, and *.pub key files in that directory have 644 > perms; the others are 600. I've identified the problem and am working on finding the solution.

Re: [PLUG] Enabling bi-directional ssh

On Sun, 6 Nov 2016, Tom wrote: > I struggle to understand what is local and what is remote and what files > you have where. So here is the minimum what you need to do/audit: > > Local machine .ssh/: > id_ed25519 - r/w by user only (600) > id_ed25519.pub - r/w by user + r by group and others (644)

Re: [PLUG] Enabling bi-directional ssh

Hi Rich, I struggle to understand what is local and what is remote and what files you have where. So here is the minimum what you need to do/audit: Local machine .ssh/: id_ed25519 - r/w by user only (600) id_ed25519.pub - r/w by user + r by group and others (644) Remote machine(s) .ssh/:

[PLUG] Enabling bi-directional ssh

On the server/workstation and a portable ~/.ssh has 700 perms while the authorized_keys, known_hosts, and *.pub key files in that directory have 644 perms; the others are 600. I copied (via USB flash drive) the id_ed25519.pub from each host to ~/.ssh/authorized_keys on the other host.