Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I did not post earlier that the ssh command will automatically search for the default key names i.e id_rsa, id_dsa, id_ecdsa etc, however since your key is named something else it has be a command line option or in the config file.
sadly, i have to take a break from testing using box C.
Last night i left box C update some packages and this morning when I woke up i opted for 'overwrite' when asked at the end of slackpkg upgrade-all. Result, I didnt realize that the kernel was also updated and as a result I lost X (and strangely also the wireless). So, i need to fix that also
However, I could learn something about ssh connecting remotely on a different network. I left my work pc on;
would I need to add the outside IP address (of box A) somewhere to this line
You would use your work's public IP address and username but there are few more steps required. I believe they were posted previously so maybe it is already configured.
If you want to connect to your work PC from home you need to forward port 22 on your work router/gateway to your work computer's IP address. It would also be advisable to configure a DHCP reservation or static IP address for your work computer.
It would be more secure to copy the public key to a flash drive and copy it to your ~/.ssh/authorized_keys file and be sure to disable your ssh password authentication then using ssh-copy-id. You could copy the private key to and check on the computer itself to verify the keys work.
You would use your work's public IP address and username but there are few more steps required. I believe they were posted previously so maybe it is already configured.
If you want to connect to your work PC from home you need to forward port 22 on your work router/gateway to your work computer's IP address. It would also be advisable to configure a DHCP reservation or static IP address for your work computer.
It would be more secure to copy the public key to a flash drive and copy it to your ~/.ssh/authorized_keys file and be sure to disable your ssh password authentication then using ssh-copy-id. You could copy the private key to and check on the computer itself to verify the keys work.
Thank you michaelk
I will definitely copy the key on a flash drive, however I will need to practice the whole port forwarding thing, router to pc.
Still on testing box B to box C, rather than editing the ~/ssh/config i recreated the key pair, on box B, with the option -b 4096 and named it id_rsa. Then ssh-copy-id to box C. All good so far.
I edited 'PasswordAuthentication no' (on both pcs) and tested ssh connection from box B to box C. Now, i am not asked for password but for passphrase. Is this normal?
Then I tried to connect backward (from box C to box B) and i get: permission denied - Do i have to create the key pair on box C also and repeat the ssh-copy-id to box B? (before, i could ssh back&forth when '#PasswordAuthentication no')
With that in place you can use the shortcut "ssh box_c" and the configuration file will fill in the rest of the details it has on record.
Skim through "man ssh_config" for an overview but read in detail the beginning of it.
I was confused because the only config file i remembered was in /etc/ssh/ (system config) but, after reading the "man ssh_config" i learned that there is a user's config which must be created. So i did, edited it accordingly and when i try ssh box C i get:
Code:
bash-5.0$ ssh 192.168.0.xxx
/home/darkstar/.ssh/config: line 5: Bad configuration option: identifyfile
/home/darkstar/.ssh/config: terminating, 1 bad configuration options
bash-5.0$
Yes, each server's i.e the box you login to needs a public key and the client i.e. the box you run the ssh command needs a private key.
Yes, the passphrase is additional security to protect the private key. When creating keys you can press the enter key when prompted for a passphrase to not use one.
Like everything else config options are case sensitive. It should be IdentifyFile not identifyfile
Yes, each server's i.e the box you login to needs a public key and the client i.e. the box you run the ssh command needs a private key.
Yes, the passphrase is additional security to protect the private key. When creating keys you can press the enter key when prompted for a passphrase to not use one.
Like everything else config options are case sensitive. It should be IdentifyFile not identifyfile
everything is case-correct but it still gives me the error.
but wait!! if the request of passphrase is normal and I can ssh to from box B to box C, why would I need a ~/.ssh/config? in fact, if i get rid of the config file, i connect from B to C without error msgs.
Now the other problem seems connecting backwards from C to B. I have created the key pair on C also and tried to copy the public key to B
Code:
bash-5.0$ ssh-copy-id -i ~/.ssh/id_rsa darkstar@<box_B_IP>
usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/darkstar/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already insta
/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.0.xxx port 22: Connection refused
The reason for the config file was originally due to your private key file name of homedesktop_rsa but since you created new keys using the default it works without. However, its nice to use a config file because you can save username, hostname and then connect with just the Host as a shortcut.
No need for a separate authorized_keys file. Basically ssh-copy-id appends the public key to the authorized_keys file and there can be multiple keys in the same file.
The reason for the config file was originally due to your private key file name of homedesktop_rsa but since you created new keys using the default it works without. However, its nice to use a config file because you can save username, hostname and then connect with just the Host as a shortcut.
No need for a separate authorized_keys file. Basically ssh-copy-id appends the public key to the authorized_keys file and there can be multiple keys in the same file.
Is the ssh server running on box B?
assuming i would like to get the shortcut also, ~/.ssh/config creates that "line 5" error; so at the moment i'll leave it and when i grasp more of it i'll get a little more technical.
Grrr... I am doing so many things at the same time on two pcs that I had forgotten that i had stopped ssh server on B.
Box B and box C now are friends again with 4096bit encryption keys. GREAT work!
Now i only have left to connect box A to B on a different network and I think I have learned enough to e able to do this successfully tomorrow, but i will let you know.
Thank you.
p.s.: i find this tech stuff fascinating, especially networking!
I just learned that i should have copied the key-pair (boyh id_rsa and id_rsa.pub), on my flash drive, and not just id_rsa.pub, to make the authorized key file on box A.
I just learned that i should have copied the key-pair (boyh id_rsa and id_rsa.pub), on my flash drive, and not just id_rsa.pub, to make the authorized key file on box A.
You need the private key on the machine you are connecting from and the public key on the machine you are connecting to. If for some reason you need the public key but only kept a copy of the private key you can regenerate the public key using the -y option for ssh-keygen. You can't go the other way around though, you have to have the private key.
i was trying to create the "authorized_keys" file on box A (from flash drive box B key-pairs) and when I
Code:
ssh-copy-id -i /path/id_rsa.pub to box_A_@192.168.0.xxx
it kept on asking for the "id-rsa" file
Quote:
Turbocapitalist
You need the private key on the machine you are connecting from and the public key on the machine you are connecting to. If for some reason you need the public key but only kept a copy of the private key you can regenerate the public key using the -y option for ssh-keygen. You can't go the other way around though, you have to have the private key.
I understood the private/public keys concept and where they should go/be. Although, I didn't know I could recreate the key on a different machine using -y. Well, I will go to box A tomorrow just to do this (as i am getting excited about it) and finish it.
In the meantime, I created a key-pairs on pc at work (box A) and copied it on flash drive so that once home I could append box-A-public-key to my desktop (box B), and it seems to have worked at first try (i hope, as i cannot know for sure until i test ssh connection between B and A) .
And just because i have a great social life, i think tonight I will spend some time making a config file to make connection easier between all three pc (box A, B and C when they need to talk to each other).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.