where to upload public ssh key - SSH

This is a discussion on where to upload public ssh key - SSH ; I am setting up a server with svn+ssh. I am a little confused to where, or how to configure where, openssh will look for the public keys. This also means that I don't know where to upload the public keys. ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: where to upload public ssh key

  1. where to upload public ssh key

    I am setting up a server with svn+ssh. I am a little confused to
    where, or how to configure where, openssh will look for the public
    keys. This also means that I don't know where to upload the public
    keys.

    Any help would be appreciated.

    Thanks


  2. Re: where to upload public ssh key

    On 2007-09-04, chris wrote:

    > I am setting up a server with svn+ssh. I am a little confused to
    > where, or how to configure where, openssh will look for the public
    > keys. This also means that I don't know where to upload the public
    > keys.


    Just like using ssh outside of svn - that is if it's OpenSSH
    public keys go in ~/.ssh/authorized_keys on the server.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  3. Re: where to upload public ssh key

    >>>>> "chris" == chris writes:

    chris> I am setting up a server with svn+ssh. I am a little confused
    chris> to where, or how to configure where, openssh will look for the
    chris> public keys. This also means that I don't know where to upload
    chris> the public keys.

    chris> Any help would be appreciated.

    chris> Thanks

    http://www.snailbook.com/faq/publick...auth.auto.html

    --
    Richard Silverman
    res@qoxp.net


  4. Re: where to upload public ssh key

    It is the $HOME dir (~/.ssh/...) that is causing the confusion. Who's
    home dir is this? Do I have to create a user on the server for each
    of the developers (although it is really just me) who want to upload
    their public key? I was under the impression that I would just append
    the public key to the authorized_keys file. I figured this file would
    be in some, non-personal folder, location.

    Thanks for the help.


  5. Re: where to upload public ssh key

    I have created the .ssh folder on the server in home/my_name/ and have
    created a nice long passphrase. I am able to login using the
    passphrase, but I am still able to login with the account password. I
    can not imagine this is good thing seeing as the normal account
    password is much much shorter than the passphrase.

    I would think that I am missing something here, but none of the books
    that I have skimmed through mention anything about this.

    Here is the console output when logging in with the normal username
    and password
    ~ chrisolsen $ ssh chrisolsen@my_domain.com
    Enter passphrase for key '/Users/chrisolsen/.ssh/id_dsa':
    Enter passphrase for key '/Users/chrisolsen/.ssh/id_dsa':
    Enter passphrase for key '/Users/chrisolsen/.ssh/id_dsa':
    chrisolsen@my_domain.com's password:
    Linux ubuntu-test-server 2.6.15-26-server #1 SMP Fri Sep 8 21:00:37
    UTC 2006 i686 GNU/Linux



  6. Re: where to upload public ssh key

    chris wrote:
    > It is the $HOME dir (~/.ssh/...) that is causing the confusion. Who's
    > home dir is this?


    The home directory for the user that you're logging in as.

    > Do I have to create a user on the server for each
    > of the developers (although it is really just me) who want to upload
    > their public key? I was under the impression that I would just append
    > the public key to the authorized_keys file. I figured this file would
    > be in some, non-personal folder, location.


    No. If you intend to log in as a particular user, then presumably you
    already have a home directory? Are you using the machine in a different
    way?

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  7. Re: where to upload public ssh key

    chris wrote:
    > I have created the .ssh folder on the server in home/my_name/ and have
    > created a nice long passphrase. I am able to login using the
    > passphrase, but I am still able to login with the account password. I
    > can not imagine this is good thing seeing as the normal account
    > password is much much shorter than the passphrase.
    >
    > I would think that I am missing something here, but none of the books
    > that I have skimmed through mention anything about this.


    You can set the valid authentication mechanisms in the server's
    configuration file (sshd_config). The default has both password and
    private key authentication enabled, but you can disable them.

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  8. Re: where to upload public ssh key

    > No. If you intend to log in as a particular user, then presumably you
    > already have a home directory? Are you using the machine in a different
    > way?


    I didn't realize it worked that way. So for a developer on
    SourceForge I take it that they then have an *nix account created for
    them. I figured all developers would just have their public key added
    to the authorized_keys file.

    > You can set the valid authentication mechanisms in the server's
    > configuration file (sshd_config). The default has both password and
    > private key authentication enabled, but you can disable them.


    I feel dumb for asking this, but what is the reason for the public and
    private keys if you can login with your normal username/password? Is
    there an additional level of encryption added to the data that is
    transferred to and from the server when you login with your
    passphrase? What throws me is that in what I read it was stressed
    that the passphrase be fairly complex yet it is sent to the server.

    I am just trying to setup an svn and was trying to read just enough to
    get me that far, but it seems like "once in and never out". I might
    have to dig a little further to make the details make sense that were
    supposed to make the initial questions make sense.

    Thanks for the help





  9. Re: where to upload public ssh key

    chris wrote:
    > I feel dumb for asking this, but what is the reason for the public and
    > private keys if you can login with your normal username/password?


    1) easy to set up, most folks still use passwords, so disabling them in
    the default would confuse a lot of people
    2) who says you have a valid password? Quite a few setups use private
    keys, then give the account an invalid password, so login through
    that mechanism is impossible.

    Sounds like you want to retain a valid password on the account, but stop
    SSH from using it. That's possible, just not the default.

    > Is
    > there an additional level of encryption added to the data that is
    > transferred to and from the server when you login with your
    > passphrase?


    No. (but which encryption are you referring to?)

    You can do some more complex things with key authorization (like limit
    functionality and commands), but the data stream encryption is
    negotiated the same way with both.

    > What throws me is that in what I read it was stressed
    > that the passphrase be fairly complex yet it is sent to the server.


    Passphrases and private keys are never sent to the server.

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  10. Re: where to upload public ssh key

    chris wrote:
    >> No. If you intend to log in as a particular user, then presumably you
    >> already have a home directory? Are you using the machine in a different
    >> way?

    >
    > I didn't realize it worked that way. So for a developer on
    > SourceForge I take it that they then have an *nix account created for
    > them. I figured all developers would just have their public key added
    > to the authorized_keys file.


    You can do that, but then they would all be allowed to authenticate as
    the same user. Usually you want to force them to authenticate as
    different users.

    The sshd forks a copy for the login user and tries to find a key that
    will authenticate. Unless you give it some way to find different data
    for different users, they'll all behave the same. You can override
    where it looks for the authorized_keys file in the sshd_config file.

    AuthorizedKeysFile
    Specifies the file that contains the public keys that can be used
    for user authentication. AuthorizedKeysFile may contain tokens
    of the form %T which are substituted during connection setup.
    The following tokens are defined: %% is replaced by a literal
    '%', %h is replaced by the home directory of the user being au-
    thenticated, and %u is replaced by the username of that user.
    After expansion, AuthorizedKeysFile is taken to be an absolute
    path or one relative to the user's home directory. The default
    is ``.ssh/authorized_keys''.

    I don't know what would happen if you give it a single global file. I
    imagine that means that any user with a valid key will be permitted to
    log in as any valid user on the system...

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  11. Re: where to upload public ssh key

    >> What throws me is that in what I read it was stressed
    >> that the passphrase be fairly complex yet it is sent to the server.


    >Passphrases and private keys are never sent to the server.


    So when logging in and I have to enter my passphrase, is that only to
    access the private key on my side and perform the encryption? That
    would make more sense.


  12. Re: where to upload public ssh key

    chris wrote:
    >>> What throws me is that in what I read it was stressed
    >>> that the passphrase be fairly complex yet it is sent to the server.

    >
    >>Passphrases and private keys are never sent to the server.

    >
    > So when logging in and I have to enter my passphrase, is that only to
    > access the private key on my side and perform the encryption? That
    > would make more sense.


    Right. The passphrase is to keep the private key from being stored on
    the disk in cleartext. The passphrase allows the ssh client to read the
    key, which is then used to encrypt a message that the server can decrypt
    with the public key, authenticating you.

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  13. Re: where to upload public ssh key

    On Sep 4, 5:11 am, chris wrote:
    > I am setting up a server with svn+ssh. I am a little confused to
    > where, or how to configure where, openssh will look for the public
    > keys. This also means that I don't know where to upload the public
    > keys.
    >
    > Any help would be appreciated.
    >
    > Thanks


    It should help you.
    http://www.securityfocus.com/infocus/1806

    Generally you should download your public key to $HOME/.ssh/
    authorized_keys
    Check first that there is this file
    If no - just create it and copy your public key there: cat
    my_public_key > $HOME/.ssh/authorized_keys && chmod 600 $HOME/.ssh/
    authorized_keys

    if yes - just add you public key: cat my_public_key >> $HOME/.ssh/
    authorized_keys

    Make sure that global configuration allows you to use auth via keys.

    Marcin Praczko


+ Reply to Thread