OpenSSH - SSH

This is a discussion on OpenSSH - SSH ; I have generated a private/public key pair(1024 bit DSA key) and I want to use the same for 2 different machines. I retain the private key with my machine. I place the public key in one of the other machine ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: OpenSSH

  1. OpenSSH

    I have generated a private/public key pair(1024 bit DSA key) and I
    want to use the same for 2 different machines. I retain the private
    key with my machine. I place the public key in one of the other
    machine and try to sftp. It works absolutely fine. I place the same
    public key in another machine and I am not able to successfully ftp.
    Since I had enabled verbose output when I sftped, I was able to see a
    noteable difference.

    debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'JS' is known and matches the RSA host key.
    debug1: Found key in /home/odyord/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received



    The failure attempt's log had that the host is known and it matches
    the RSA host key. But in the successful attempt it said it matches the
    DSA host key. Since, I had generated a DSA host key, why should it try
    to match with a RSA key.

    Can someone please help me out.

    Cheers,
    JS


  2. Re: OpenSSH

    On 2007-06-05, joseph.shameem@gmail.com wrote:

    > I have generated a private/public key pair(1024 bit DSA key) and I
    > want to use the same for 2 different machines. I retain the private
    > key with my machine. I place the public key in one of the other
    > machine and try to sftp. It works absolutely fine. I place the same
    > public key in another machine and I am not able to successfully ftp.
    > Since I had enabled verbose output when I sftped, I was able to see a
    > noteable difference.
    >
    > The failure attempt's log had that the host is known and it matches
    > the RSA host key. But in the successful attempt it said it matches the
    > DSA host key. Since, I had generated a DSA host key, why should it try
    > to match with a RSA key.


    It sounds as if you are confusing host keys with user keys.

    What's your reason for wanting the same key on two hosts?
    With that info I think it will be easier to see what you need.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  3. Re: OpenSSH

    On 5 Jun, 21:35, all mail refused wrote:
    > On 2007-06-05, joseph.sham...@gmail.com wrote:
    >
    > > I have generated a private/public key pair(1024 bit DSA key) and I
    > > want to use the same for 2 different machines. I retain the private
    > > key with my machine. I place the public key in one of the other
    > > machine and try to sftp. It works absolutely fine. I place the same
    > > public key in another machine and I am not able to successfully ftp.
    > > Since I had enabled verbose output when I sftped, I was able to see a
    > > noteable difference.

    >
    > > The failure attempt's log had that the host is known and it matches
    > > the RSA host key. But in the successful attempt it said it matches the
    > > DSA host key. Since, I had generated a DSA host key, why should it try
    > > to match with a RSA key.

    >
    > It sounds as if you are confusing host keys with user keys.
    >
    > What's your reason for wanting the same key on two hosts?
    > With that info I think it will be easier to see what you need.
    >
    > --
    > Elvis Notargiacomo master AT barefaced DOT cheekhttp://www.notatla.org.uk/goen/


    Might be...since I am very new to this. I would want to connect to
    either of the host at any time from my machine. I thought it would be
    easier to maintain if I use the same key for both the hosts. Can I not
    do this? Should I always use a seperate key pair for each host?

    Thanks,
    JS


  4. Re: OpenSSH

    In article <1181114892.635307.253260@q69g2000hsb.googlegroups. com>
    joseph.shameem@gmail.com writes:
    >On 5 Jun, 21:35, all mail refused wrote:
    >> On 2007-06-05, joseph.sham...@gmail.com wrote:
    >>
    >> > I have generated a private/public key pair(1024 bit DSA key) and I
    >> > want to use the same for 2 different machines. I retain the private
    >> > key with my machine. I place the public key in one of the other
    >> > machine and try to sftp. It works absolutely fine. I place the same
    >> > public key in another machine and I am not able to successfully ftp.
    >> > Since I had enabled verbose output when I sftped, I was able to see a
    >> > noteable difference.

    >>
    >> > The failure attempt's log had that the host is known and it matches
    >> > the RSA host key. But in the successful attempt it said it matches the
    >> > DSA host key. Since, I had generated a DSA host key, why should it try
    >> > to match with a RSA key.

    >>
    >> It sounds as if you are confusing host keys with user keys.
    >>
    >> What's your reason for wanting the same key on two hosts?
    >> With that info I think it will be easier to see what you need.


    >Might be...since I am very new to this. I would want to connect to
    >either of the host at any time from my machine. I thought it would be
    >easier to maintain if I use the same key for both the hosts. Can I not
    >do this? Should I always use a seperate key pair for each host?


    Using the same *user* key for accessing multiple hosts is fine of course
    - as Elvis says, you're confusing host and user keys. Your description
    of the log talks about matching RSA and DSA *host* keys, these are what
    authenticates the server to you, they have nothing to do with your
    authentication to the server via your user key.

    --Per Hedeland
    per@hedeland.org


  5. Re: OpenSSH

    On 2007-06-06, joseph.shameem@gmail.com wrote:

    > either of the host at any time from my machine. I thought it would be
    > easier to maintain if I use the same key for both the hosts. Can I not


    The user key (the one you want to copy) is under a home directory, in
    the .ssh diretcory. You copy one or more public keys "id_dsa.pub"
    "into authorized_keys".

    The host keys (that you do not normally change) may be under /etc/ssh
    or some such place.

    If you now have a faulty host key on one host it may be simplest to remove
    it and get a new one created using
    /etc/init.d/sshd stop
    /etc/init.d/sshd start
    but this comes at the expense of getting it introduced to those users
    who still expect to see the old host key because it is recorded in their
    known_hosts files.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  6. Re: OpenSSH

    On 2007-06-07, all mail refused wrote:

    Here I correct my typing.

    > On 2007-06-06, joseph.shameem@gmail.com wrote:
    >
    >> either of the host at any time from my machine. I thought it would be
    >> easier to maintain if I use the same key for both the hosts. Can I not

    >
    > The user key (the one you want to copy) is under a home directory, in
    > the .ssh directory. You copy one or more public keys "id_dsa.pub"
    > into "authorized_keys".
    >
    > The host keys (that you do not normally change) may be under /etc/ssh
    > or some such place.
    >
    > If you now have a faulty host key on one host it may be simplest to remove
    > it and get a new one created using
    > /etc/init.d/sshd stop
    > /etc/init.d/sshd start
    > but this comes at the expense of getting it introduced to those users
    > who still expect to see the old host key because it is recorded in their
    > known_hosts files.



    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/
    One of my other 11 computers runs Minix.

+ Reply to Thread