HPE Community
Operating System - HP-UX
1819794 Members
3374 Online
109607 Solutions
New Discussion юеВ

How to create trust between servers via ssh keys

 
SOLVED
Go to solution
Jayraj
Frequent Advisor

тАО06-30-2009 11:19 AM

тАО06-30-2009 11:19 AM

How to create trust between servers via ssh keys

Hi All,

I am getting the following error, while trying to login to a server1.How to create trust between Server2 and Server1

Server2$ sudo ssh Server1
Warning: the RSA host key for 'Server1' differs from the key for the IP address '153.6.190.168'
Offending key for IP in /wdroot/.ssh/known_hosts:522
Matching host key in /wdroot/.ssh/known_hosts:894
Are you sure you want to continue connecting (yes/no)?
0 Kudos
Reply
11 REPLIES 11
Mel Burslan
Honored Contributor

тАО06-30-2009 11:25 AM

тАО06-30-2009 11:25 AM

Solution

Re: How to create trust between servers via ssh keys

before anything else, I'd try deleting the offending key.

edit /wdroot/.ssh/known_hosts
goto line 522
delete line
save and exit
retry and if it does not work, come back here post the new error message you are getting.
________________________________
UNIX because I majored in cryptology...
Reply
Jayraj
Frequent Advisor

тАО06-30-2009 11:41 AM

тАО06-30-2009 11:41 AM

Re: How to create trust between servers via ssh keys

Hi,
Here is the No of lines in known_hosts in each server

Server1 #"known_hosts" 20 lines, 9248 characters
Server2 #"known_hosts" 939 lines, 496928 characters

There is no Line 522 in server1.
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО06-30-2009 11:48 AM

тАО06-30-2009 11:48 AM

Re: How to create trust between servers via ssh keys

line number 522 on the server initiating the ssh connection. You said from server2 to server1 and your server2 has a pretty fat known_hosts file. Edit that one or simply do this:

cat /wdroot/.ssh/known_hosts | sed -e "522,522d" > /tmp/kh
cat /tmp/kh > /wdroot/.ssh/known_hosts

this should do it.
________________________________
UNIX because I majored in cryptology...
Reply
Steven E. Protter
Exalted Contributor

тАО06-30-2009 11:55 AM

тАО06-30-2009 11:55 AM

Re: How to create trust between servers via ssh keys

Shalom,

http://www.hpux.ws/?p=10

Remove the offending keys as indicated. Use vi.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Jayraj
Frequent Advisor

тАО07-01-2009 06:19 AM

тАО07-01-2009 06:19 AM

Re: How to create trust between servers via ssh keys

Hi,

I have another question..

is it possible to make trust, if the user dont have his ID on server 2.

Can we make trust between two diffrent users..?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО07-01-2009 06:26 AM

тАО07-01-2009 06:26 AM

Re: How to create trust between servers via ssh keys

Shalom again,

You ask:

is it possible to make trust, if the user dont have his ID on server 2.

Can we make trust between two diffrent users..?

Yes.

The document I posted has a step. You take the users public key .pub transfer it to the server you wish it to log into.

Create or append a file in the .ssh directory called authorized_keys

If you have in the authorized_keys file for user shmuel the public key for user donny from another server a "trust" relationship as you call it is established. I call it exchange of public keys.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Mel Burslan
Honored Contributor

тАО07-01-2009 06:29 AM

тАО07-01-2009 06:29 AM

Re: How to create trust between servers via ssh keys

The answer is yes and no.

Yes you can create trust but no, it will not trust by default.

Lets say:
You are user2 on server2
You want to ssh to server1 as user1
You have a private key on server2 at /home/user2/.ssh/id_rsa
And you have complementary public key on server1 inside /home/user1/.ssh/authorized_keys file

to get to user1@server1 from user2@server2 all you need to do is

On server2
# ssh -l user1 server1


________________________________
UNIX because I majored in cryptology...
Reply
Jayraj
Frequent Advisor

тАО07-01-2009 07:04 AM

тАО07-01-2009 07:04 AM

Re: How to create trust between servers via ssh keys

Hi,

Here is the problem, User dont have his ID on server1. So if I removed the offending key..
will he be going to login in server1 as root..?
0 Kudos
Reply
Berd
Trusted Contributor

тАО07-01-2009 07:09 AM

тАО07-01-2009 07:09 AM

Re: How to create trust between servers via ssh keys

Jayraj,

Please see link to prior thread which explains setting up from scratch.

http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1125086

Regards,
Berd
Reply
Mel Burslan
Honored Contributor

тАО07-01-2009 07:45 AM

тАО07-01-2009 07:45 AM

Re: How to create trust between servers via ssh keys

>User dont have his ID on server1. So if I removed the offending key..
>will he be going to login in server1 as root..?

unless you specify which username to use on the remote server with -l switch, it will use your local login name. If you are root on server2, running command:

ssh server1

will use root username on server1, whereas

ssh -l user1 server12

will try to login as user1 on the remote server.

There has to be a username to log in as on the remote server otherwise your attempt will be refused, regardless if you are using "-l username" or just letting it go default. Lack of username specification will not default your login as root, as you are expecting, if I'm not misunderstanding,
________________________________
UNIX because I majored in cryptology...
Reply
Jayraj
Frequent Advisor

тАО07-12-2009 12:34 AM

тАО07-12-2009 12:34 AM

Re: How to create trust between servers via ssh keys

Thank you all, its done..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.