HPE Community
Operating System - HP-UX
1832339 Members
2438 Online
110041 Solutions
New Discussion

Re: DSA key

 
pv_2
Advisor

‎06-02-2009 01:19 PM

‎06-02-2009 01:19 PM

DSA key

I started new sftp script. And I am trying to loging to the remote site. And here is the error

>sftp XXXX
Connecting to xxxx...
No DSA host key is known for XXXxand you have requested strict checking.
Host key verification failed.
Connection closed.
********
DSA key is already there in (/home/user/.ssh/id_dsa

Please help me out

0 Kudos
Reply
14 REPLIES 14
James R. Ferguson
Acclaimed Contributor

‎06-02-2009 01:23 PM

‎06-02-2009 01:23 PM

Re: DSA key

Hi:

If you "cut-and-pasted" the key make sure that you did so correctly.

Regards!

...JRF...
0 Kudos
Reply
pv_2
Advisor

‎06-02-2009 01:26 PM

‎06-02-2009 01:26 PM

Re: DSA key

i did generated the dsa key. it was there already
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎06-02-2009 01:36 PM

‎06-02-2009 01:36 PM

Re: DSA key


You need a copy of the id_dsa.pub key of the server you are connecting FROM in the /home/user/.ssh/known_hosts file on the server you are connecting TO.

0 Kudos
Reply
pv_2
Advisor

‎06-02-2009 01:39 PM

‎06-02-2009 01:39 PM

Re: DSA key

So I need to ask the remote site people to provide the cert key and that key i need to place in known_hosts, is this right?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎06-02-2009 01:43 PM

‎06-02-2009 01:43 PM

Re: DSA key

No.

If you are logging into the remote site, then YOUR id_dsa.pub needs to go into THEIR /home/user/.ssh/known_hosts
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎06-02-2009 01:51 PM

‎06-02-2009 01:51 PM

Re: DSA key

I'm confused!!!!!

If you are logging into the remote site, then YOUR id_dsa.pub needs to go into THEIR /home/user/.ssh/authorized_keys file (not the known_hosts).

On YOUR server you might need the HOST key of the REMOTE server in the /home/user/.ssh/known_hosts on your local server.

0 Kudos
Reply
pv_2
Advisor

‎06-02-2009 01:52 PM

‎06-02-2009 01:52 PM

Re: DSA key

Ok Like this i am trying to loging

my server name xxx {root}: / >sftp xxx.xxx.ca
Connecting to xxx.xxx.ca...
No DSA host key is known for xxx.xxx.ca and you have requested strict checking.
Host key verification failed.
Connection closed.

Here are keys listed

Server name {root}: /home/user/.ssh >ll
total 48
-rw------- 1 user user 672 Jan 29 15:53 id_dsa
-rw-r--r-- 1 user user 604 Jan 29 15:53 id_dsa.pub
-rw-r--r-- 1 user user 1300 Feb 2 14:01 known_hosts
server name {root}: /home/user/.ssh >



0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎06-02-2009 01:57 PM

‎06-02-2009 01:57 PM

Re: DSA key

Is the host key for the server you are logging into in the known_hosts file? If not, that is likely the problem.
0 Kudos
Reply
pv_2
Advisor

‎06-03-2009 12:37 PM

‎06-03-2009 12:37 PM

Re: DSA key

Now remote site provided the cert key. It is 22:5x:ax:bx:fx:7x............ etc. in known _hosts it looks this:

AAAIANuvyb3dj7b5cO5w1F4xtTQETicbGddlreHlHM

How to paste the key in
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-03-2009 01:40 PM

‎06-03-2009 01:40 PM

Re: DSA key

Hi (again):

> How to paste the key in

Use 'vi'. You can copy-and-paste into an offered line or merge from an external file. Be sure that you don't inadvertanly add newlines where there are none!

Regards!

...JRF...
0 Kudos
Reply
pv_2
Advisor

‎06-05-2009 11:58 AM

‎06-05-2009 11:58 AM

Re: DSA key

Now I am able to connect to the remote sftp server manualy entering by password. with sftp script i cannot. it says permission denied. i send a dsa pub key to remote server. This key there on the server for cron job user home /.ssh folder.Do i need to create another key for new remote site.can we have multiple DSA key's on server?
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-05-2009 07:13 PM

‎06-05-2009 07:13 PM

Re: DSA key

The most common problem is that id_dsa.pub key is exactly 1 line starting with ssh-dss and ending with = optionally follopwed by a comment such as the hostname and user. Pasting an ssh key will almost always fail because what you see is seldom what you get. There are dozens of terminal emulators trying to help you with that extra-long line. You may find it broken into 3 or 4 pieces.

So there are two ways to add the key:

1. (most reliable) copy the public key file to the target system as an ASCII file. Then append it to the authorized_keys file:

cp /tmp/id_dsa.pub >> ~userabc/.ssh/authorized_keys

Be sure to count the lines:
wc ~userabc/.ssh/authorized_keys

Each key in the file must be exactly 1 line.

2. Resaerch your terminal emulator (SecureCRT, PuTTY, Reflection, xterm, hyperterminal, etc) to see how the emulator handles copy/paste. Most emulators silently insert end-of-line codes when you copy multiple lines on the screen. Some emulators such as Reflection have an option to suppress the separators and match the original input string.

When you use vi, depending on your .exrc file (or built-in defaults), there may be a wrap-margin setting and/or auto-indent which will break up the line. Turn off wm and ai with:

:set noai wm=0

Then insert the new line. Type ESC to finish the insert and then jump to the beginning of the key using the character 0 (zero). If it moves to the beginning of the line but not the beginning of the key, then the key has been split by copy/paste. Move to the beginning of the line and type J (capital J) which joins the current line with the next line. Move to the space between the two strings. Delete the space (carefully). Repeat the J command and remove the extra space until the key is one line with no imbedded spaces.

(choose your method)

Note also that permissions and ownerships are critical. On the target system, the HOME directory cannot be writable by any user except the owner. .ssh must be 700 permission, all files in .ssh should be 600. If any of these are not correct or the public key is not pasted correctly, sftp (ssh) will fail without telling you what you did wrong.


Bill Hassell, sysadmin
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎06-06-2009 01:14 AM

‎06-06-2009 01:14 AM

Re: DSA key

>Bill: cp /tmp/id_dsa.pub >> ~userabc/.ssh/authorized_keys

This works better using cat. :-)
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-06-2009 03:34 PM

‎06-06-2009 03:34 PM

Re: DSA key

> Dennis: This works better using cat. :-)

cat /tmp/id_dsa.pub >> ~userabc/.ssh/authorized_keys

Absolutely correct. cp won't work.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.