Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been using SSH for a long time, and I do know the purpose of ssh-copy-id command.
If I copy the pubfile contents and paste it into the authorised_keys file on the target server, that's OK, because I already have access to the target server, and there are not security concerns.
However, I have a silly doubt regarding how ssh-copy-id command works.
Whenever we issue ssh-copy-id -i <pubfile> user@host, we are adding the pubfile contents to authorised_keys file of the ./ssh directory of "user" on "host" machine. But we don't necessary have access to that server yet.
Why can anyone issue that command from anywhere without being asked anything? I mean... anyone could add an arbitrary public key and gain access to any server. Who or which mechanism controls that?
Sorry if that's an obvious question, but I can't find the clue.
In other words to copy the keys with ssh-copy-id you still need to be able to login to that server with a valid username and password. It is basically a script that uses the ssh command.
So, which user should I use to issue ssh-copy-id?
So far I'm trying it with a sudo user which exists on my local machine, but not in the remote server.
There are two users involved, the local user which has an id and the remotes user. You need to use the local user to copy that id to the remote host using that remote user.
There are two users involved, the local user which has an id and the remotes user. You need to use the local user to copy that id to the remote host using that remote user.
OK. Here's what I do:
LOCAL:
Code:
/home/localuser/.ssh/ssh-keygen (keypair named "test2")
/home/localuser/.ssh/ssh-copy-id -i test2.pub test@192.168.1.138 (test user already exists in 192.168.1.138)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "test.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Received disconnect from 192.168.1.138 port 22:2: Too many authentication failures
Disconnected from 192.168.1.138 port 22
EDIT: solved
PasswordAuthentication yes
MaxAuthTries 100
I got rid of the message, was prompted for the password and now able to add the pubkey
Thanks everyone!
Last edited by banderas20; 07-21-2023 at 08:51 AM.
Reason: solved
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.