passpharse configuration - SSH

This is a discussion on passpharse configuration - SSH ; Hi all, First I generated a key using ssh-keygen -rsa It asked for passpharse and file location The command created two files 1. Id_rsa 2. Id_rsa.pub I copy the id_rsa.pub in my local machine(Windows) in the file authorized_keys But it ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: passpharse configuration

  1. passpharse configuration

    Hi all,

    First I generated a key using ssh-keygen -rsa
    It asked for passpharse and file location
    The command created two files

    1. Id_rsa
    2. Id_rsa.pub

    I copy the id_rsa.pub in my local machine(Windows) in the file
    authorized_keys
    But it is asking my original password to login.
    It is not asking my passpharse.

    What should I need to do next?


    $ ssh -vv root@199.63.25.8
    OpenSSH_4.5p1, OpenSSL 0.9.8e 23 Feb 2007
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 199.63.25.8 [199.63.25.8] port 22.
    debug1: Connection established.
    debug1: identity file /cygdrive/c/Documents and Settings/e356535/.ssh/
    identity type -1
    debug1: identity file /cygdrive/c/Documents and Settings/e356535/.ssh/
    id_rsa type -1
    debug1: identity file /cygdrive/c/Documents and Settings/e356535/.ssh/
    id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version
    OpenSSH_3.9p1
    debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.5
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
    hellman-group-exchange-sha1,diffie-hellman-group14-sha1,dif
    fie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
    cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijnda
    el-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
    cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijnda
    el-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
    ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
    ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-
    hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
    cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,
    aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
    cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,
    aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
    ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
    ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 113/256
    debug2: bits set: 499/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '199.63.25.8' is known and matches the RSA host key.
    debug1: Found key in /cygdrive/c/Documents and Settings/e356535/.ssh/
    known_hosts:18
    debug2: bits set: 496/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /cygdrive/c/Documents and Settings/e356535/.ssh/identity
    (0x0)
    debug2: key: /cygdrive/c/Documents and Settings/e356535/.ssh/id_rsa
    (0x0)
    debug2: key: /cygdrive/c/Documents and Settings/e356535/.ssh/id_dsa
    (0x0)
    debug1: Authentications that can continue: publickey,gssapi-with-
    mic,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /cygdrive/c/Documents and Settings/
    e356535/.ssh/identity
    debug1: Trying private key: /cygdrive/c/Documents and Settings/
    e356535/.ssh/id_rsa
    debug1: Trying private key: /cygdrive/c/Documents and Settings/
    e356535/.ssh/id_dsa
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: password
    root@199.63.25.8's password:
    debug2: we sent a password packet, wait for reply
    debug1: Authentication succeeded (password).
    debug1: channel 0: new [client-session]
    debug2: channel 0: send open
    debug1: Entering interactive session.
    debug2: callback start
    debug2: client_session2_setup: id 0
    debug2: channel 0: request pty-req confirm 0
    debug2: channel 0: request shell confirm 0
    debug2: fd 3 setting TCP_NODELAY
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 131072
    Last login: Fri Jul 20 00:55:41 2007 from 199.63.55.95
    [root@linux ~]#



    thanks in advance
    kamesh


  2. Re: passpharse configuration

    kamZ wrote:
    > Hi all,
    >
    > First I generated a key using ssh-keygen -rsa


    I'm assuming that you use an OpenSSH *client* on a unix-like system.
    That's right ? The ssh-keygen *must* be done on the client side..

    > It asked for passpharse and file location
    > The command created two files
    >
    > 1. Id_rsa
    > 2. Id_rsa.pub
    >
    > I copy the id_rsa.pub in my local machine(Windows) in the file
    > authorized_keys


    What do yo mean by "local machine" ? The id_rsa.pub file must go in the
    authorized_keys key on the *Server* side.

    > But it is asking my original password to login.
    > It is not asking my passpharse.
    >
    > What should I need to do next?
    >


    You need to provide more information about your setup.. What's the
    server, what's the client. They run with OS, What SSH client/server
    etc...


    If you use a Unix-like client with OpenSSH:
    -------------------------------------------
    You need to use use ssh-agent and ssh-add to load the key ... There's
    many way to do it... ssh-agent should run and have the right
    environnement variables set to begin with. After you can use ssh-add to
    add the key to the agent, it will ask you for the paraphrase at this
    time. But if you want to start ssh-agent properly automatically on
    startup, it's depend on your setup. On some OS, ssh-agent start by
    default with Xwindows whensome "id_rsa" or "id_dsa" are present in your
    ~/.ssh directory. if it's the case.. you only have to call "ssh-add"
    once that that's it.

    Look at the "ssh-agent" and "ssh-add" manpage for more details.

    If you use Windows as a client using PuTTY:
    ------------------------------------------
    In that case.. you have to generate the key with "PuTTYgen" and copy the
    public key to the authorized_keys file on the server side. Use Pageant
    to load your private key (equivalent of the ssh-agent/ssh-add with
    OpenSSH). And your puTTY is ready to connect to your server using your
    key.


    [snip]

    --
    Martin

+ Reply to Thread