HPE Community
Operating System - HP-UX
1845902 Members
4672 Online
110250 Solutions
New Discussion

Re: ssh-keygen problems

 
Leon van Ofwegen
Occasional Contributor

‎01-07-2002 05:15 AM

‎01-07-2002 05:15 AM

ssh-keygen problems

Guys,

I try to make two machines trust eachother via ssh. I've created on both machines a rsa key. And copied the public keys to eachothers "authorized_keys" files. On one machine I still get the question for the password. On the other, the connections gets closed, and the syslogs shows:Jan 7 14:14:23 sd0-par3 sshd[7135]: fatal: buffer_get: trying to get more bytes
129 than in buffer 34

How can I fix this? What do I do wrong?

Thnx!

Leon
0 Kudos
Reply
6 REPLIES 6
David Lodge
Trusted Contributor

‎01-07-2002 05:45 AM

‎01-07-2002 05:45 AM

Re: ssh-keygen problems

I've only seen this sort of message with incompatible versions of ssh...

Are you versions both the same?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎01-07-2002 06:12 AM

‎01-07-2002 06:12 AM

Re: ssh-keygen problems

Hi,

SSH2 should be used instead of SSH1 for security reasons.

If you are using the SSH-Communication's SSH2, then on the client you are connecting from, you must create the file "identification" which contains the link to the private key ie.

IdKey id_dsa_1024_a

On the server you are connecting to, you must create the file "authorization" which contains the link to the public key ie.

Key id_dsa_1024_a.pub

id_dsa_1024_a.pub is the public key you have to copy from the client to the server.

Subsequently, you should not be prompted for a password once the client host key is saved on the server upon the first ssh connection.

In /etc/ssh2/sshd2_config, remember to enable publickey as one of the authentication methods.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-07-2002 06:17 AM

‎01-07-2002 06:17 AM

Re: ssh-keygen problems

Hi Leon,

This precisely is what you would need to do.

1. Generate key using ssh-keygen
2. Copy identity.pub as authorized_keys on the target system into the corresponding .ssh directory.
3. You would need to run ssh-agent with ssh-add to remember the passphrase on the system.

Step 3 is required so that the system will not prompt for the passphrases.

Checkout ssh-agent man page for more details.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Craig Rants
Honored Contributor

‎01-07-2002 06:21 AM

‎01-07-2002 06:21 AM

Re: ssh-keygen problems

As mentioned before, your versions should be the same. Also you should match the protocol's they use as well. I have set up plenty of key based trusts, here is my notes for doing so.

GL,
C

5) Generate /opt/openssh2/etc/ssh_host_key
/opt/openssh2/bin/ssh-keygen -b 1024 -f /opt/openssh2/etc/ssh_host_key -N ''

6) Generate root's key
/opt/openssh2/bin/ssh-keygen
press enter when prompted for file location
press enter when prompted for passphrase

7) Add /opt/openssh2/bin to root's .profile
cd
vi .profile
PATH=/usr/sbin:$PATH:/sbin:/opt/openssh2/bin:(make sure these entries match)

8) cd /opt/openssh2/etc
vi sshd_config
#HostKey /opt/openssh2/etc/ssh_host_dsa_key
IgnoreRhosts no
RhostsAuthentication yes
RhostsRSAAuthentication yes


12) Setup trust
On the host1:
cd /roots/.ssh
scp identity.pub client_hostname:/roots/.ssh/identity.pub.host1 (where the
client_hostname is the name of the box you are installing ssh on)
On host2
cd /roots/.ssh
cat identity.pub.host1 >> authorized_keys

13) Try the trust connection
On host1:
ssh -v client_hostname (watch for errors in the output, you should get in without
being prompted for a password)
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
Leon van Ofwegen
Occasional Contributor

‎01-07-2002 07:19 AM

‎01-07-2002 07:19 AM

Re: ssh-keygen problems

The ssh/ssl versions are the same. (same depot file) machines are the same as well. (two nodes in a superdome).

I will try your procedures, and let you know the results!

Thnx

Leon
0 Kudos
Reply
Leon van Ofwegen
Occasional Contributor

‎01-08-2002 05:38 AM

‎01-08-2002 05:38 AM

Re: ssh-keygen problems

Problem solved. The rights on the authorized_keys file was wrong, also I copied the pub keys as 3 lines, instead of 1. And final, there were some errors in the sshd.config file.

Thanks for your help!

Leon
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.