topic Re: ssh-keygen problems in Operating System - HP-UX

ssh-keygen problems

Leon van Ofwegen — Mon, 07 Jan 2002 13:15:12 GMT

Guys,

I try to make two machines trust eachother via ssh. I've created on both machines a rsa key. And copied the public keys to eachothers "authorized_keys" files. On one machine I still get the question for the password. On the other, the connections gets closed, and the syslogs shows:Jan 7 14:14:23 sd0-par3 sshd[7135]: fatal: buffer_get: trying to get more bytes
129 than in buffer 34

How can I fix this? What do I do wrong?

Thnx!

Leon

Re: ssh-keygen problems

David Lodge — Mon, 07 Jan 2002 13:45:02 GMT

I've only seen this sort of message with incompatible versions of ssh...

Are you versions both the same?

Re: ssh-keygen problems

Steven Sim Kok Leong — Mon, 07 Jan 2002 14:12:32 GMT

Hi,

SSH2 should be used instead of SSH1 for security reasons.

If you are using the SSH-Communication's SSH2, then on the client you are connecting from, you must create the file "identification" which contains the link to the private key ie.

IdKey id_dsa_1024_a

On the server you are connecting to, you must create the file "authorization" which contains the link to the public key ie.

Key id_dsa_1024_a.pub

id_dsa_1024_a.pub is the public key you have to copy from the client to the server.

Subsequently, you should not be prompted for a password once the client host key is saved on the server upon the first ssh connection.

In /etc/ssh2/sshd2_config, remember to enable publickey as one of the authentication methods.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com

Re: ssh-keygen problems

Sridhar Bhaskarla — Mon, 07 Jan 2002 14:17:58 GMT

Hi Leon,

This precisely is what you would need to do.

1. Generate key using ssh-keygen
2. Copy identity.pub as authorized_keys on the target system into the corresponding .ssh directory.
3. You would need to run ssh-agent with ssh-add to remember the passphrase on the system.

Step 3 is required so that the system will not prompt for the passphrases.

Checkout ssh-agent man page for more details.

-Sri

Re: ssh-keygen problems

Craig Rants — Mon, 07 Jan 2002 14:21:02 GMT

As mentioned before, your versions should be the same. Also you should match the protocol's they use as well. I have set up plenty of key based trusts, here is my notes for doing so.

GL,
C

5) Generate /opt/openssh2/etc/ssh_host_key
/opt/openssh2/bin/ssh-keygen -b 1024 -f /opt/openssh2/etc/ssh_host_key -N ''

6) Generate root's key
/opt/openssh2/bin/ssh-keygen
press enter when prompted for file location
press enter when prompted for passphrase

7) Add /opt/openssh2/bin to root's .profile
cd
vi .profile
PATH=/usr/sbin:$PATH:/sbin:/opt/openssh2/bin:(make sure these entries match)

8) cd /opt/openssh2/etc
vi sshd_config
#HostKey /opt/openssh2/etc/ssh_host_dsa_key
IgnoreRhosts no
RhostsAuthentication yes
RhostsRSAAuthentication yes

12) Setup trust
On the host1:
cd /roots/.ssh
scp identity.pub client_hostname:/roots/.ssh/identity.pub.host1 (where the
client_hostname is the name of the box you are installing ssh on)
On host2
cd /roots/.ssh
cat identity.pub.host1 >> authorized_keys

13) Try the trust connection
On host1:
ssh -v client_hostname (watch for errors in the output, you should get in without
being prompted for a password)

Re: ssh-keygen problems

Leon van Ofwegen — Mon, 07 Jan 2002 15:19:25 GMT

The ssh/ssl versions are the same. (same depot file) machines are the same as well. (two nodes in a superdome).

I will try your procedures, and let you know the results!

Thnx

Leon

Re: ssh-keygen problems

Leon van Ofwegen — Tue, 08 Jan 2002 13:38:36 GMT

Problem solved. The rights on the authorized_keys file was wrong, also I copied the pub keys as 3 lines, instead of 1. And final, there were some errors in the sshd.config file.

Thanks for your help!

Leon