openssh trusted rsa key for win2k - SSH

This is a discussion on openssh trusted rsa key for win2k - SSH ; IssacNewton is the new RSA trusted user. he'll (Issac) be coming (making an ssh connection) from linuxcomputer05; logging in to win2xcomputer01 without a password. ssh -x root@linuxcomputer05 useradd -m IssacNewton passwd IssacNewton su - IssacNewton ssh-keygen -t rsa cat .ssh/id_rsa.pub ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: openssh trusted rsa key for win2k

  1. openssh trusted rsa key for win2k

    IssacNewton is the new RSA trusted user. he'll (Issac) be coming
    (making an ssh connection) from linuxcomputer05; logging in to
    win2xcomputer01 without a password.

    ssh -x root@linuxcomputer05
    useradd -m IssacNewton
    passwd IssacNewton
    su - IssacNewton
    ssh-keygen -t rsa
    cat .ssh/id_rsa.pub # to include the key in echo command below
    exit

    ssh -x administrator@win2xcomputer01
    cd \documents and settings
    net user IssacNewton grav1tyPassw0rd /add /homedir:"C:\documents and
    settings\IssacNewton" /fullname:"Sir Isaac Newton, PRS" /expires:NEVER
    net localgroup Administrators IssacNewton /add
    cd \program files\openssh\etc
    mkpasswd -l > passwd
    mkgroup -l > group
    exit

    ssh -x IssacNewton@win2xcomputer01
    cd \documents and settings
    mkdir IssacNewton
    cd IssacNewton
    mkdir .ssh
    cd .ssh
    echo ssh-rsa
    AAAAB3NzaC1yc2EAAAABIwzZZIEA5ZLuNXTKMQmHV7FXGrtwZ6 u9dyOAHoj7qRV2mnmOtoigswFDgt+jIfGUtMdgIQ2fxAj1ByoJ bxWzZM4+ECe53LgZ0vasz7sCuyb/stuJ3hM9pCfnQq0JR9U38HKJ5lxidKnMFZCmJPu9Ss+5YabRSU R+ziaFwLni2/YDqDuwkX3fY0k=
    IssacNewton@linuxcomputer05 > authorized_keys2
    cacls . /T /E /R "BUILTIN\Power Users" "BUILTIN\Users" "Everyone"
    attrib +R . /S /D
    cd ..\..
    xcopy /E /O "Default User\*" IssacNewton
    cacls IssacNewton /T /E /G IssacNewton:F
    attrib +R IssacNewton
    exit


  2. Re: openssh trusted rsa key for win2k

    bradleywas@gmail.com wrote:
    > IssacNewton is the new RSA trusted user. he'll (Issac) be coming
    > (making an ssh connection) from linuxcomputer05; logging in to
    > win2xcomputer01 without a password.
    >
    > ssh -x root@linuxcomputer05
    > useradd -m IssacNewton
    > passwd IssacNewton
    > su - IssacNewton
    > ssh-keygen -t rsa
    > cat .ssh/id_rsa.pub # to include the key in echo command below
    > exit
    >
    > ssh -x administrator@win2xcomputer01
    > cd \documents and settings
    > net user IssacNewton grav1tyPassw0rd /add /homedir:"C:\documents and
    > settings\IssacNewton" /fullname:"Sir Isaac Newton, PRS" /expires:NEVER
    > net localgroup Administrators IssacNewton /add
    > cd \program files\openssh\etc
    > mkpasswd -l > passwd
    > mkgroup -l > group
    > exit
    >
    > ssh -x IssacNewton@win2xcomputer01
    > cd \documents and settings
    > mkdir IssacNewton
    > cd IssacNewton
    > mkdir .ssh
    > cd .ssh
    > echo ssh-rsa
    > AAAAB3NzaC1yc2EAAAABIwzZZIEA5ZLuNXTKMQmHV7FXGrtwZ6 u9dyOAHoj7qRV2mnmOtoigswFDgt+jIfGUtMdgIQ2fxAj1ByoJ bxWzZM4+ECe53LgZ0vasz7sCuyb/stuJ3hM9pCfnQq0JR9U38HKJ5lxidKnMFZCmJPu9Ss+5YabRSU R+ziaFwLni2/YDqDuwkX3fY0k=
    > IssacNewton@linuxcomputer05 > authorized_keys2
    > cacls . /T /E /R "BUILTIN\Power Users" "BUILTIN\Users" "Everyone"
    > attrib +R . /S /D
    > cd ..\..
    > xcopy /E /O "Default User\*" IssacNewton
    > cacls IssacNewton /T /E /G IssacNewton:F
    > attrib +R IssacNewton
    > exit
    >



    Hi bradley !

    I was hardly marking test to use public mecanism logon from linux box to
    W2K3 box via SSH.

    I will try this and I will come back to you if something fails =)

    Actually, what I was testing doesn t work ! neither the public key auth
    nor the password auth work ! I surely make something wrong in user
    creation on W2K3 box.

    BTW, I'm using openSSH 3.8.1p1

    Raphael.

  3. Re: openssh trusted rsa key for win2k

    > Hi bradley !
    >
    > I was hardly marking test to use public mecanism logon from linux box to
    > W2K3 box via SSH.
    >


    me too. from win/* -> Linux works great but not the converse

    I'm running Gygwin and the SSHD component is difficult to configure
    (ie getting into SYSTEM mode to setup the host Keys)


    --
    ---
    Jeff B (remove the No-Spam to reply)

  4. Re: openssh trusted rsa key for win2k

    Jeff B wrote:
    > > Hi bradley !
    >>
    >> I was hardly marking test to use public mecanism logon from linux box to
    >> W2K3 box via SSH.
    >>


    > me too. from win/* -> Linux works great but not the converse


    I have my XP laptop setup for logins which work just fine from unix
    openssh clients.

    > I'm running Gygwin and the SSHD component is difficult to configure
    > (ie getting into SYSTEM mode to setup the host Keys)


    I'm not sure what you mean here. Does 'ssh-host-config' not do
    everything for you when run from an administrator's account? I don't
    know how to get into SYSTEM mode.

    Are you trying to set it up as a service or just run it from an account?

    Did you disable privilege separation when prompted? I didn't want to
    create another account, so that's the easy way to configure.

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  5. Re: openssh trusted rsa key for win2k

    >>>>> "JB" == Jeff B writes:

    >> Hi bradley ! I was hardly marking test to use public mecanism
    >> logon from linux box to W2K3 box via SSH.
    >>


    JB> me too. from win/* -> Linux works great but not the converse

    JB> I'm running Gygwin and the SSHD component is difficult to
    JB> configure (ie getting into SYSTEM mode to setup the host Keys)

    Note that both ssh.com and VShell (VanDyke) support Kerberos/GSSAPI
    authentication in their Windows server products, integrated with the
    Windows ccache. It works seamlessly from Linux/OpenSSH to Windows.

    --
    Richard Silverman
    res@qoxp.net


  6. Re: openssh trusted rsa key for win2k

    Darren Dunham wrote:
    > Jeff B wrote:
    >
    >>
    >>I'm running Gygwin and the SSHD component is difficult to configure
    >>(ie getting into SYSTEM mode to setup the host Keys)

    >
    >
    > I'm not sure what you mean here. Does 'ssh-host-config' not do
    > everything for you when run from an administrator's account? I don't
    > know how to get into SYSTEM mode.


    that's the issue. s-h-c runs fine, but there's no key files generated
    and doing keygen under admin account doesn't work; files are in the
    wrong location

    > Are you trying to set it up as a service or just run it from an account?


    either would do

    > Did you disable privilege separation when prompted? I didn't want to
    > create another account, so that's the easy way to configure.
    >


    yes


    --
    ---
    Jeff B (remove the No-Spam to reply)

  7. Re: openssh trusted rsa key for win2k



    $ /usr/sbin/sshd -f /etc/sshd_config2 -D -d
    debug1: sshd version OpenSSH_4.1p1
    Could not load host key: /etc/ssh_host_key
    Could not load host key: /etc/ssh_host_rsa_key
    Could not load host key: /etc/ssh_host_dsa_key
    Disabling protocol version 1. Could not load host key
    Disabling protocol version 2. Could not load host key
    sshd: no hostkeys available -- exiting.

    ls -l /etc/ssh*
    -rwxr-x--- 1 SYSTEM None 1292 Jan 6 14:42 /etc/ssh_config
    -rw------- 1 SYSTEM None 736 Dec 6 11:53 /etc/ssh_host_dsa_key
    -rw-r--r-- 1 SYSTEM None 602 Dec 6 11:53 /etc/ssh_host_dsa_key.pub
    -rw------- 1 SYSTEM None 736 Dec 6 11:45 /etc/ssh_host_key
    -rw-r--r-- 1 SYSTEM None 602 Dec 6 11:45 /etc/ssh_host_key.pub
    -rw------- 1 SYSTEM None 951 Dec 6 11:54 /etc/ssh_host_rsa_key
    -rw-r--r-- 1 SYSTEM None 222 Dec 6 11:54 /etc/ssh_host_rsa_key.pub
    -rw-r--r-- 1 SYSTEM None 229 Dec 6 11:38 /etc/ssh_known_hosts
    -rw-r--r-- 1 SYSTEM None 2821 Jan 6 14:42 /etc/sshd_config

    goofus! ssh_host_rsa_key.pub from my linux is actually
    present in ssh_known_hosts

  8. Re: openssh trusted rsa key for win2k

    Jeff B wrote:
    > $ /usr/sbin/sshd -f /etc/sshd_config2 -D -d
    > debug1: sshd version OpenSSH_4.1p1
    > Could not load host key: /etc/ssh_host_key
    > Could not load host key: /etc/ssh_host_rsa_key
    > Could not load host key: /etc/ssh_host_dsa_key
    > Disabling protocol version 1. Could not load host key
    > Disabling protocol version 2. Could not load host key
    > sshd: no hostkeys available -- exiting.


    > ls -l /etc/ssh*
    > -rwxr-x--- 1 SYSTEM None 1292 Jan 6 14:42 /etc/ssh_config
    > -rw------- 1 SYSTEM None 736 Dec 6 11:53 /etc/ssh_host_dsa_key


    Hmm, I can't go back in time, but I think my keys weren't owned by
    SYSTEM until I set it up to run as a service. Once that happened, I
    can't run by hand any longer. So your messages are expected if you've
    done that.

    I would expect you could either

    1) Chown the keys to you (since you're running sshd) or
    2) Start the sshd service

    $ net start sshd
    The CYGWIN sshd service is starting.
    The CYGWIN sshd service was started successfully.

    I chowned my RSA key to me and was able to start it up in the shell.

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  9. Re: openssh trusted rsa key for win2k

    Darren Dunham wrote:
    > Jeff B wrote:
    >
    >>$ /usr/sbin/sshd -f /etc/sshd_config2 -D -d
    >>debug1: sshd version OpenSSH_4.1p1
    >>Could not load host key: /etc/ssh_host_key
    >>Could not load host key: /etc/ssh_host_rsa_key
    >>Could not load host key: /etc/ssh_host_dsa_key
    >>Disabling protocol version 1. Could not load host key
    >>Disabling protocol version 2. Could not load host key
    >>sshd: no hostkeys available -- exiting.

    >
    >
    >>ls -l /etc/ssh*
    >>-rwxr-x--- 1 SYSTEM None 1292 Jan 6 14:42 /etc/ssh_config
    >>-rw------- 1 SYSTEM None 736 Dec 6 11:53 /etc/ssh_host_dsa_key

    >
    >
    > Hmm, I can't go back in time, but I think my keys weren't owned by
    > SYSTEM until I set it up to run as a service. Once that happened, I
    > can't run by hand any longer. So your messages are expected if you've
    > done that.
    >
    > I would expect you could either
    >
    > 1) Chown the keys to you (since you're running sshd) or
    > 2) Start the sshd service
    >
    > $ net start sshd
    > The CYGWIN sshd service is starting.
    > The CYGWIN sshd service was started successfully.
    >
    > I chowned my RSA key to me and was able to start it up in the shell.
    >


    What you see is the results of failing when owned by me & then
    attempting to get SYSTEM to allow sshd. Both ways, I get:
    >>Could not load host key: /etc/ssh_host_key
    >>Could not load host key: /etc/ssh_host_rsa_key
    >>Could not load host key: /etc/ssh_host_dsa_key
    >>Disabling protocol version 1. Could not load host key
    >>Disabling protocol version 2. Could not load host key
    >>sshd: no hostkeys available -- exiting.




    --
    ---
    Jeff B (remove the No-Spam to reply)

  10. Re: openssh trusted rsa key for win2k

    Jeff B wrote:

    > What you see is the results of failing when owned by me & then
    > attempting to get SYSTEM to allow sshd.


    I don't know what you mean by "get SYSTEM to allow sshd".

    Can you chown the key files to you?
    Can you read the key files?

    Once done, can you run sshd by hand and not get those errors?

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

+ Reply to Thread