System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Can not SSH from one HPUX machine to another

Darren Etheridge_2
Super Advisor

Can not SSH from one HPUX machine to another

I can't seem to get rsync or ssh between 2 hp machines to work.

I have 2 HPUX machines, one running 11.23 and one runing 11.31.   I have followed the below instructons:

 

host server:

 

[HAL:/]ssh-keygen -t rsa
Generating public/private rsa key pair.
Please be patient....   Key generation may take a few minutes
Enter file in which to save the key (//.ssh/id_rsa):
Created directory '//.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.

 

[HAL:/.ssh]cat /.ssh/id_rsa.pub >> /.ssh/authorized_keys

 

[HAL:/.ssh]rcp id_rsa.pub tal:/.ssh

 

remote-server:

[TAL:/.ssh]cat id_rsa.pub >> /.ssh/authorized_keys

 

 

But when I try to ssh to HAL it asks for password.

 

ANy ideas.... I'm at a loss :(


 

1 REPLY
Matti_Kurkela
Honored Contributor

Re: Can not SSH from one HPUX machine to another

You created the key pair on HAL, but copied only the public part to TAL. Adding the public part to authorized_keys on both hosts means you can now SSH from HAL to itself or from HAL to TAL, but when trying to SSH from TAL to HAL, the ssh client won't have the private key available and must fall back to password authentication.

 

Think of it this way: the "id_rsa" (without the .pub suffix) file is like a key, and the "id_rsa.pub" file is like a lock cylinder into which the key fits. You'll need to keep the private key secure, but you can give out copies of the lock cylinder to anyone: "if you want me to be able to get through some door, add this lock cylinder to the lock of that door."

 

The simplest way to complete your setup would be to copy the id_rsa file from HAL to TAL, i.e.:

[HAL:/.ssh]scp -p id_rsa tal:/.ssh

Note: the private key file needs to have chmod 600 protection on it, otherwise the ssh client thinks it might be compromised and will complain and/or not use the key until you fix it. Hence the "-p" option (preserve permissions).

MK