HPE Community
Operating System - HP-UX
1835408 Members
2419 Online
110078 Solutions
New Discussion

setting up ssh keys

 
SOLVED
Go to solution
gr8
Advisor

‎06-04-2007 06:11 PM

‎06-04-2007 06:11 PM

setting up ssh keys

hi
can any one tell me how to setup ssh keys among three servers?
0 Kudos
13 REPLIES 13
Steven Schweda
Honored Contributor

‎06-04-2007 06:56 PM

‎06-04-2007 06:56 PM

Re: setting up ssh keys

A forum search for:

hp-ux ssh-keygen

should tell you more than you want to know.
0 Kudos
Steven E. Protter
Exalted Contributor

‎06-04-2007 07:02 PM

‎06-04-2007 07:02 PM

Solution

Re: setting up ssh keys

Shalom,

ssh-keygen -t dsa

All three servers.

Add them all to a single file called authorized_keys

distribute the file to the .ssh directory of all systems.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Doug O'Leary
Honored Contributor

‎06-04-2007 10:36 PM

‎06-04-2007 10:36 PM

Re: setting up ssh keys

Hey;

While accurate, the info above doesn't help with understanding how ssh works and, without that, when you run into problems, you will have a much harder time troubleshooting them.

O'Reilly has an absolutely outstanding book on secure shell very appropriately titled "SSH, The Secure Shell: The Definitive Guide", ISBN: 0-596-00011-1.

When you want to know what ssh can do for you and how to configure it, pick that book up. It's very much worth the cost.

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Yogeeraj_1
Honored Contributor

‎06-04-2007 11:09 PM

‎06-04-2007 11:09 PM

Re: setting up ssh keys

hi,

also have a look at the docs.

see attachment

hope this helps too!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Rasheed Tamton
Honored Contributor

‎06-04-2007 11:31 PM

‎06-04-2007 11:31 PM

Re: setting up ssh keys

SSH Key Authentication between two Servers:

[a]. Generate a pair of SSH keys on the client.

root@sdsaptsp2# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa. Your public key has been saved in //.ssh/id_rsa.pub.The key fingerprint is: 05:26:98:a9:1f:c3:03:d1:b1:4e:35:e8:9b:f7:e3:89 root@sdsaptsp2

Note: Here passphrase is set as null. You can also use passphrase and it is good for security.

[b]. Copy the public key from the client to the server:

root@sdsaptsp2# scp /.ssh/id_rsa.pub sdsaptsp1:/var/tmp/
root@sdsaptsp1's password:
id_rsa.pub 100% 222 0.2KB/s 00:00

On the server [sdsaptsp1], append the newly obtained key to the ~/.ssh/authorized_keys file, which stores SSH public keys:

root@sdsaptsp1# cat /var/tmp/id_rsa.pub >> /.ssh/authorized_keys

[c]. Modify the permissions of the authorized_keys file

root@sdsaptsp2# chmod 600 ~/.ssh/authorized_keys

At the client, try and login to the server:

root@sdsaptsp2# ssh sdsaptsp1
Sun Microsystems Inc. SunOS 5.9 Generic Patch January 2007
You have mail.
root@sdsaptsp1#

Do the same on the other servers.

Hope it helps.
0 Kudos
PeterWolfe
Respected Contributor

‎06-06-2007 02:32 AM

‎06-06-2007 02:32 AM

Re: setting up ssh keys

gr8,

You didn't say what version of HP-UX
you were using but if it's 11iV2 Dec 05
or later, there is a nice utility:
/opt/dsau/bin/csshsetup
that helps automate the steps required to
configure password-less ssh access across
N systems. You simply do:

csshsetup -f

where contains the name of the
N systems, one per line. That would set up
the user with a one-way ssh trust from the current system to the N others. If
you add the -r flag, the key exchange is
bi-directional across all the servers so you could ssh from any server to any other server in the list. One of the standard
uses here is setting up ssh in a Serviceguard cluster for example. Works just
fine for groups of standalone systems as well.
0 Kudos
gr8
Advisor

‎06-11-2007 10:03 PM

‎06-11-2007 10:03 PM

Re: setting up ssh keys

Hi all
i tried creating authorized_keys but iam facing loging in probelms with one user
0 Kudos
Steven Schweda
Honored Contributor

‎06-11-2007 11:06 PM

‎06-11-2007 11:06 PM

Re: setting up ssh keys

> i tried creating authorized_keys

Do you think that this explains what you did?

> but iam facing loging in probelms with one
> user

Do you think that this explains your problem?

It might help to explain, exactly, what you
have done.

It might also help if you show the output
from an "ssh" command which includes the "-v"
option (for example: "ssh -v host_name").

If you have a problem with only one user, and
it works for other users, you could compare
the "ssh -v [...]" output for the problem
user with that for a non-problem user.
0 Kudos
Geoff Wild
Honored Contributor

‎06-12-2007 12:46 AM

‎06-12-2007 12:46 AM

Re: setting up ssh keys

As the userid you want to use, cd ~USER
mkdir .ssh
chmod 700 .ssh
cd .ssh
ssh-keygen -t rsa -f id_rsa

That will create id_rsa and id_rsa.pub

Add the contents of id_rsa.pub to the ~USER/.ssh/authorized_keys file on a remote host (you may have to create the file if not there already).

Then, as that USER, you should be able to ssh without being prompted for a password.

Example, list contents of my home dir on svr1020 - executed from svr1120:

gwild@svr1120 [ /home/gwild ]
# ssh svr1020 ls
mirror-root
test_dbi.pl
test_mail.pl


NOTE: This will not work if the /home/USER permissions are higher then 755 - that is, 775 will not work.


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
gr8
Advisor

‎06-14-2007 08:19 PM

‎06-14-2007 08:19 PM

Re: setting up ssh keys

Hi
i have problem with only one user .who is having home directory on a deffrent file system.(all others are at /export/home).

i compared output of ssh -v commands. ifound that for the problem user ssh publickey authentication is not taking place but unfortunately there is no error messages for that
tail of ssh -v ouput shows something like this

debug1: authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: next auth method to try is publickey
debug1: try privkey: /home/xxxx/.ssh/identity
debug1: try privkey: /home/xxxx/.ssh/id_rsa
debug1: try pubkey: /home/xxxx/.ssh/id_dsa
debug1: authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: next auth method to try is keyboard-interactive
0 Kudos
Steven Schweda
Honored Contributor

‎06-15-2007 02:35 AM

‎06-15-2007 02:35 AM

Re: setting up ssh keys

So, is there a "/home/xxxx/.ssh/identity"
for this user? What's in it? "ls -l"?

> [...] you could compare [...]

Can we assume that this is where the good
user's "ssh -v" output diverges from that of
the bad user?

> tail of ssh -v ouput shows something like this

Yeah, we wouldn't want to see the whole
thing for a good user and for a bad user, and
we certainly wouldn't want to see it before
you changed all the details.
0 Kudos
Geoff Wild
Honored Contributor

‎06-15-2007 02:40 AM

‎06-15-2007 02:40 AM

Re: setting up ssh keys

Did you check the permissions of their home directory? Has to be 755.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
gr8
Advisor

‎07-19-2007 06:42 PM

‎07-19-2007 06:42 PM

Re: setting up ssh keys

It was the home directory permission issue.
it was not the standard home directory for this user . maded required permission changes tested -- ok .thanks for your help
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.