[opensuse] Transferring ssh keys to a server for a new user
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, How does one transfer ssh keys to a server that does not allow passwords? See: cer@minas-tirith:~/.ssh> ssh-copy-id -i id_dsa.pub cer2@isengard.valinor /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_dsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Permission denied (publickey). cer@minas-tirith:~/.ssh> I have "solved" the issue by disabling "ChallengeResponseAuthentication no" temporarily on the server, but I wonder if there is a better method. Perhaps transfer the key with another user? - -- Cheers Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAliZy0gACgkQtTMYHG2NR9XtvgCfWC2e1mbfjiUoD5lezFKDknrr 57gAnRH3RQvaiym1Dmk0qCgnRnjnRXku =kZdU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Dienstag, Februar 07, 2017 14:27 CET, "Carlos E. R."
How does one transfer ssh keys to a server that does not allow passwords?
In this case, ssh-copy-id won't work. There is no option which says "install key on behalf of". Google and Stackoverflow also don't recomment any short cuts. You'll have to write your own small script which: - Create the .ssh/ folder - chown 700 .ssh - chmod <user> .ssh - touch .ssh/authorizes-keys - chown 600 .ssh/authorizes-keys - chmod <user> .ssh/authorizes-keys - Append public key to .ssh/authorizes-keys Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07.02.2017 14:27, Carlos E. R. wrote:
How does one transfer ssh keys to a server that does not allow passwords?
/dev/floppy or similar. Or email your public key to the administrator of the system in question, who hopefully already has access to the system. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-02-07 16:12, Mathias Homann wrote:
On 07.02.2017 14:27, Carlos E. R. wrote:
How does one transfer ssh keys to a server that does not allow passwords?
/dev/floppy or similar. Or email your public key to the administrator of the system in question, who hopefully already has access to the system.
I am the admin, and this moment the only access is remote. This morning I had local access. What I did was enable standard ssh login in the server temporarily, run that script again, then disable standard ssh login. I just wondered if there is a better method. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On Tuesday, 7 February 2017 14:27:30 CET Carlos E. R. wrote:
How does one transfer ssh keys to a server that does not allow passwords? […] I have "solved" the issue by disabling "ChallengeResponseAuthentication no" temporarily on the server, but I wonder if there is a better method. Perhaps transfer the key with another user?
yes, or as part of the machine provisioning, e.g. I am sure autoyast supports it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-02-07 16:28, Oliver Kurz wrote:
On Tuesday, 7 February 2017 14:27:30 CET Carlos E. R. wrote:
How does one transfer ssh keys to a server that does not allow passwords? […] I have "solved" the issue by disabling "ChallengeResponseAuthentication no" temporarily on the server, but I wonder if there is a better method. Perhaps transfer the key with another user?
yes, or as part of the machine provisioning, e.g. I am sure autoyast supports it.
Yes, but this was a new user added a month after provisioning :-) I wondered if there is an easy way to upload the key in this case. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
participants (4)
-
Aaron Digulla
-
Carlos E. R.
-
Mathias Homann
-
Oliver Kurz