topic Re: SSH authorized_keys file in Operating System - HP-UX

SSH authorized_keys file

Robert True — Thu, 30 Oct 2003 09:50:20 GMT

While doing some research on a problem, I discovered my authorized_keys files are likly not built correctly. The Definitive Guide book does not have concrete examples of the structure of the file that I can find. Does anyone know where I can get more / better examples on the file?

Thanks,
Rt.

Re: SSH authorized_keys file

Steven E. Protter — Thu, 30 Oct 2003 10:24:07 GMT

This is not something you build manually.

If its corrupt, erase it and it will be rebuilt correctly as you do ssh connections to other systems.

The word doc I'm attaching briefly discusses a proceess that builds them.

SEP

Re: SSH authorized_keys file

Zeev Schultz — Thu, 30 Oct 2003 10:29:47 GMT

"The authorized_keys file contains the public keys from other user accounts.
The user must put their public key in this authorization file. Only add the
public key of other user accounts that you want to be able to access your
account. Typically you are only adding your own public key from another
system. A user could copy the file over and rename, but be careful as this
file may contain multiple public keys, in which case you would want to
append to the file.
In HP-SSH the default name for the authorized_keys file can be found in the
sshd_config file:
#AuthorizedKeysFile .ssh/authorized_keys
In some implementations the name authorized_keys2 is used for the SSH-2
protocol." (from Chris Wong's ssh explained)

I'd attach the whole pdf but it goes for 2Mb.
Pick one here : http://www.newfdawg.com/docs/HP-SSH_Explained.PDF

Re: SSH authorized_keys file

Kevin Wright — Thu, 30 Oct 2003 10:49:43 GMT

copy your .pub files you create on other systems to the .ssh/authorized_keys file. This will allow you to use your passphrases you entered when you ran ssh-keygen on the client. This file is very picky on syntax, make sure there are no extra spaces at the end of your keys.

Re: SSH authorized_keys file

Robert True — Thu, 30 Oct 2003 12:54:52 GMT

Steven: I think you were thinking of the known_hosts file, which does get generated automaticly (or at least semi-automaticly: on my system it is set to ask). I hope an authorized_keys file will not be generated automaticly!

The doc you pointed to, while confusing and hard to read, does discribe a method of building an authorized_keys file, but not exactly what I am looking for.

Zeev: The newfldawg pdf doc you pointed to does contain some interesting view graphs. Thanks.

To clarify, what I am looking for is: the syntax of the optional authorization entries for a key, such as allowing port-forwarding, restricting to a specific host, subnet,domain, etc. The above mentioned Def. Guide is confusing me as to the syntax for HP's version of the file.

Rt.

Re: SSH authorized_keys file

Steven E. Protter — Thu, 30 Oct 2003 12:59:54 GMT

You were right.

In actuality, the document I provided was much more relavent.

Rebuild your known_hosts public key files according to Chris Vail's doc. I don't use xwindows any more, I just use the cat command, but that will rebuild the file for you.

You have to have the known_hosts built up to get useful public keys in authorized_keys

Once authorized_keys is messed up there is no point in trying to edit or recovery, just do it over.

SEP

Re: SSH authorized_keys file

James A. Donovan — Thu, 30 Oct 2003 18:43:13 GMT

I've seen authorized_keys files corrupted when public keys are copy/pasted into them. Each key should be a single continuous line. Copying and pasting can insert unwanted CR-LF's into these files.

Re: SSH authorized_keys file

James A. Donovan — Thu, 30 Oct 2003 18:53:42 GMT

port forwarding, host, subnet, domain restrictions, etc. are all controlled by the settings in the sshd_config file, not the authorized_keys file.

Take a look at the man page for sshd_config:

http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5&arch=&apropos=0&manpath=OpenBSD+Current

Re: SSH authorized_keys file

Hemanth Gurunath Basrur — Thu, 30 Oct 2003 22:31:41 GMT

Hello Robert,

Refer to the foll. links for info.

http://www.lbl.gov/ITSD/CIS/faqs/SOFTWARE_Data_Communications/2.html

http://newfdawg.com/SHP-SSHpart4.htm

http://www.trustix.org/pipermail/tsl-discuss/2001-October/001398.html

HTH.

Regards,
Hemanth

Re: SSH authorized_keys file

Robert True — Fri, 31 Oct 2003 09:38:44 GMT

Thanks everyone, but my keys are working fine, nothing is corrupted, I use ssh only for all communication between systems I administer.

I am trying to do some fine tuning on individual accounts as OReilly's Def. Guide seems to imply can be done for various situations, ie: run single commands, restrict to defined locations, etc.

The last link supplied to newfdawg makes me think I should spend some more time there, as I have not been on there much in a long while.

Thanks again,
Rt.