HPE Community
Operating System - HP-UX
1752801 Members
5542 Online
108789 Solutions
New Discussion юеВ

Re: ssh crossing uid

 
Paresh
New Member

тАО08-13-2007 07:33 AM

тАО08-13-2007 07:33 AM

ssh crossing uid

I have a system1 with uid1 & would like to authenticate using publickey to system2 using uid2.

Is this possible allowed using ssh?

Thx
Paresh
0 Kudos
8 REPLIES 8
Jeff_Traigle
Honored Contributor

тАО08-13-2007 07:35 AM

тАО08-13-2007 07:35 AM

Re: ssh crossing uid

Of course. Generate the key for uid1 on system1 using ssh-keygen. Put the public key in ~uid2/.ssh/authorized_keys on system2. That's all there is to it.
--
Jeff Traigle
0 Kudos
Matti_Kurkela
Honored Contributor

тАО08-13-2007 07:43 AM

тАО08-13-2007 07:43 AM

Re: ssh crossing uid

... and for the actual connection, there are two ways to do it:
ssh -l uid2 system2
or
ssh uid2@system2

MK
MK
0 Kudos
Paresh
New Member

тАО08-13-2007 08:01 AM

тАО08-13-2007 08:01 AM

Re: ssh crossing uid

Tried it, does not work, whileas it works for the same id.

lnaunx24.prd>/home/cyborg/.ssh:ssh -v hrdload@lnaunx25.prd.na.lafarge.com
OpenSSH_4.2p1-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.20.004, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to lnaunx25.prd.na.lafarge.com [10.178.13.108] port 22.
debug1: Connection established.
debug1: identity file /home/cyborg/.ssh/id_rsa type 1
debug1: identity file /home/cyborg/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1-hpn
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'lnaunx25.prd.na.lafarge.com' is known and matches the RSA host key.
debug1: Found key in /home/cyborg/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/cyborg/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/cyborg/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
lnaunx24.prd>/home/cyborg/.ssh:
0 Kudos
Ralph Grothe
Honored Contributor

тАО08-14-2007 02:04 AM

тАО08-14-2007 02:04 AM

Re: ssh crossing uid

When you created the RSA key for this connection did you simply confirm the default suggestion of ~/.ssh/id_rsa,
or did you specify a different file name?
If so then you also need to refer to this when you start the connection, using the -i option.

e.g.

$ ssh -i ~/.ssh/some_other_keyfile_name -l remote_user remote_host remote_command

Note that you only name the file name of the private key (without the suffix .pub).

Also, check on remote host in remote user's $HOME/.ssh/authorized_keys if the public key from key issuer really is contained.
(compare fingerprints issued by ssh-keygen command)
Check the owner ship and perms of $HOME/.ssh and $HOME/.ssh/authorized_keys on remote host.
Look into remote syslog.log for sshd messages.
Madness, thy name is system administration
0 Kudos
Tor-Arne Nostdal
Trusted Contributor

тАО08-15-2007 04:17 AM

тАО08-15-2007 04:17 AM

Re: ssh crossing uid

It might also be a good idea to check out that you're using compatible ssh versions on the machines...
I'm trying to become President of the state I'm in...
0 Kudos
Steven E. Protter
Exalted Contributor

тАО08-15-2007 04:31 AM

тАО08-15-2007 04:31 AM

Re: ssh crossing uid

Shalom,

Here is how I did it.

ssh-keygen -t dsa



I take id_dsa.pub to the secon server, different user (used sftp)

cat id_dsa.pub >> authorized_keys

In the .ssh directory.

This appended the entry and immediately let usera on the orignal host log into the user account of userb on the target server without a password.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Paresh
New Member

тАО08-16-2007 06:45 AM

тАО08-16-2007 06:45 AM

Re: ssh crossing uid

It's working now.

Not sure what I did wrong earlier.

Anyways thanks to all for getting back.

This forum support is really cool

Thx
Paresh.
0 Kudos
Paresh
New Member

тАО08-16-2007 06:47 AM

тАО08-16-2007 06:47 AM

Re: ssh crossing uid

all is good.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.