Setting up ssh shared keys

Question

Level 1

1 points

Setting up ssh shared keys

Hi,

I'm trying to setup shared keys on my MacBook Pro OS X 10.4.11 so that I can rsync it with another linux box without entering a password. I was following instructions at http://freebsd.peon.net/quickies/21/ but couldn't find the /.ssh/authorized_keys on the mac. Creating that folder didn't make any difference.

Anyone knows where that "authorized_keys" file is or should go in OS X?

Btw, I'm very new to OS X and linux.

Thanks,
Alex

MacBook Pro, Mac OS X (10.4.11)

Posted on Jul 13, 2008 5:09 AM

Reply

Answer 1

stankal Author

Level 1

1 points

Jul 13, 2008 5:48 AM in response to stankal

Well, I think i have found the location now (i didn't realize ~/ denotes home directory) so I believe it's ~/.ssh/known_hosts, right?

But when I pasted the key generated is step one, I'm still prompted for password when ssh or rsync. Any thoughts as to what I'm doing wrong?

Thanks,
Alex

Reply

Answer 2

BDAqua

Level 10

250,259 points

Jul 13, 2008 6:07 AM in response to stankal

~/ denotes home directory)

That part is right.

Reply

Answer 3

ntloser

Level 1

29 points

Jul 13, 2008 5:52 PM in response to stankal

public key goes on the ssh server you are connecting to. It should be listed in the .ssh/authorized_keys

Private key stays stays on the machine(s) you are connecting from.

So as an example;

On the box you are connecting to,(well call it SSHserver) lets assume you have a user named "sshserveruser"

make a directory within "sshserveruser"'s home directory named .ssh (more than likely it is there)
If it is not there you can just mkdir .ssh

On either the mac or linux box create your public and private key set.

Get the public key you just made and on the "SSHserver" add it to the authorized_keys file located within the sshserveruser/.ssh directory

You can do this by;
"cat path and_name_of your publickey >> home directory_of_sshserveruser/.ssh/authorizedkeys"

This will add the public key to authorized_keys file without overwriting anything.

Now back on the box you are going to connect FROM, (with your private key)
from terminal type

ssh -l sshserveruser@sshserver -i location of_your_privatekey

that should make your connection.

If you want to restrict access to the SSH server to key only you must modify the sshd_conf in the etc directory.

PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
PAMAuthenticationViaKbdInt no

But make sure your keys work first.

Reply

Answer 4

stankal Author

Level 1

1 points

Jul 14, 2008 7:59 PM in response to ntloser

hi ntloser,

Thanks for your reply. You made me see that I wasn't reading the page with instructions right. I did everything opposite like you suspected.

Well, now I followed your instructions carefully, and it's kind of working. Now I'm getting prompted for the passphrase for the key. Did I miss something again? I double checked your steps and I did everything. Is that how it is supposed to work? I don't think so because I don't see that much difference between asking for password and asking for passphrase. I though that once I do this setup I should be able to ssh without being prompted for a password.

I probably need just a little bit more help to set it up.

Thanks again,
Alex

Reply

Answer 5

ntloser

Level 1

29 points

Jul 14, 2008 8:15 PM in response to stankal

When you create a key pair, you will be prompted to enter a passphase. It sounds like this is what you did when you created your keys.

It is an extra layer of security in case somebody gets a hold of your private key.

There are ways to remove the passphrase but off the top of my head I do not know.

What I would do is, generate a new set. When you generate your new set you will be prompted to enter a passphrase, just press enter as this will make it so your key does not have a passphrase.

Reply

Answer 6

stankal Author

Level 1

1 points

Jul 17, 2008 6:28 PM in response to ntloser

Thanks again. I finally got it working.

Reply

Answer 7

ntloser

Level 1

29 points

Jul 17, 2008 6:38 PM in response to stankal

ssh is cool. By default the SSH server allows port forwarding. So, on the client side, you can add "switches" to forward ports through SSH. I use it for VNC and RDP, (Windows has copSSH so I have an SSH server on my MS box) That way everything is encrypted.

But definitely make sure to shut off PAM and clear passwords so nobody form the outside can brute force their way in... KEY ONLY!!

Reply