[opensuse] Clueless about SSH

Bob Williams

27 Oct 2008 27 Oct '08

20:47

On my laptop, I've run ssh-keygen, and I've copied the contents of ~/.ssh/id_rsa.pub into ~/.ssh/authorized_keys on my desktop. However, when I issue the command ssh desktop_user@desktop I get the following error message ssh_exchange_identification: Connection closed by remote host This is disappointing, as I was expecting to be asked to enter the passphrase associated with this key :( Any suggestions? Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.16-0.1-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Show replies by date

Mads Martin Joergensen

27 Oct 27 Oct

21:16

* Bob Williams [Oct 27. 2008 21:48]:

...

On my laptop, I've run ssh-keygen, and I've copied the contents of ~/.ssh/id_rsa.pub into ~/.ssh/authorized_keys on my desktop.

However, when I issue the command

ssh desktop_user@desktop I get the following error message

ssh_exchange_identification: Connection closed by remote host

Can you ssh without keys? -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogical, with just a little bit more effort?" -- A. P. J. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Sampsa Riikonen

28 Oct 28 Oct

09:01

On Monday 27 October 2008 11:16:02 pm Mads Martin Joergensen wrote:

...

* Bob Williams [Oct 27. 2008 21:48]:

...
On my laptop, I've run ssh-keygen, and I've copied the contents of ~/.ssh/id_rsa.pub into ~/.ssh/authorized_keys on my desktop.

However, when I issue the command

ssh desktop_user@desktop I get the following error message

ssh_exchange_identification: Connection closed by remote host

Can you ssh without keys?

Have you tried to run ssh with the verbose "-v" option? .. it might give us more information. Regards, Sampsa -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

22:42

On Tuesday 28 October 2008 09:01:05 Sampsa Riikonen wrote:

...

On Monday 27 October 2008 11:16:02 pm Mads Martin Joergensen wrote:

...
* Bob Williams [Oct 27. 2008 21:48]:

...
On my laptop, I've run ssh-keygen, and I've copied the contents of ~/.ssh/id_rsa.pub into ~/.ssh/authorized_keys on my desktop.

However, when I issue the command

ssh desktop_user@desktop I get the following error message

ssh_exchange_identification: Connection closed by remote host

Can you ssh without keys?

How? Do I need to remove/rename the keys I've created?

...

Have you tried to run ssh with the verbose "-v" option? .. it might give us more information.

~> ssh -v bob@192.168.1.12 OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.12 [192.168.1.12] port 22. debug1: Connection established. debug1: identity file /home/robert/.ssh/id_rsa type 1 debug1: identity file /home/robert/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host Does this help? -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.16-0.1-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Mads Martin Joergensen

22:54

* Bob Williams [Oct 28. 2008 23:42]:

...

...
...
...
~/.ssh/id_rsa.pub into ~/.ssh/authorized_keys on my desktop.

However, when I issue the command

ssh desktop_user@desktop I get the following error message

ssh_exchange_identification: Connection closed by remote host

Can you ssh without keys?

How? Do I need to remove/rename the keys I've created?

You say keys. You only have either an id_dsa or id_rsa pair, right?

...

...
Have you tried to run ssh with the verbose "-v" option? .. it might give us more information.

~> ssh -v bob@192.168.1.12 OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.12 [192.168.1.12] port 22. debug1: Connection established. debug1: identity file /home/robert/.ssh/id_rsa type 1 debug1: identity file /home/robert/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host

Does this help?

A little. But please try also ssh -vv. That turns verbosity even more up. -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogical, with just a little bit more effort?" -- A. P. J. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Andrew Joakimsen

27 Oct 27 Oct

21:54

On Mon, Oct 27, 2008 at 4:47 PM, Bob Williams wrote:

...

However, when I issue the command

ssh desktop_user@desktop I get the following error message

ssh_exchange_identification: Connection closed by remote host

This is disappointing

It seems that the issue is the SSH server is not running, is blocked by a firewall or a NAT router. Of course first check that you are using the correct IP address. Check in YaST2 > System > System Services (Runlevel) and make sure SSH is on and running. The firewall setup will be in YaST2> Security and Users > Firewall management and port 22 is what needs to be opened. If it is a NAT router issue, take a look at this site[1]. Once you get the SSH server running, you can follow the guide[2] to setting up key authentication. Everything should work exactly as published there. [1] http://www.portforward.com [2] http://en.opensuse.org/Public_Key_Authentication -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

22:45

On Monday 27 October 2008 21:54:24 Andrew Joakimsen wrote:

...

On Mon, Oct 27, 2008 at 4:47 PM, Bob Williams

wrote:

...
However, when I issue the command

ssh desktop_user@desktop I get the following error message

ssh_exchange_identification: Connection closed by remote host

This is disappointing

It seems that the issue is the SSH server is not running, is blocked by a firewall or a NAT router. Of course first check that you are using the correct IP address.

The ssh server is running

...

Check in YaST2 > System > System Services (Runlevel) and make sure SSH is on and running. The firewall setup will be in YaST2> Security and Users > Firewall management and port 22 is what needs to be opened. If it is a NAT router issue, take a look at this site[1].

The firewall is allowing the ssh server service My NAT router (Draytek Vigor 2800v) is redirecting both TCP and UDP traffic on port 22 to my desktop computer's port 22. What next? I'll try switching the firewall off completely... Nah! Didn't work :( Time for bed. See you tomorrow.

...

Once you get the SSH server running, you can follow the guide[2] to setting up key authentication. Everything should work exactly as published there.

[1] http://www.portforward.com [2] http://en.opensuse.org/Public_Key_Authentication

-- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.16-0.1-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

David C. Rankin

28 Oct 28 Oct

23:15

Bob Williams wrote:

...

Time for bed. See you tomorrow.

...
Once you get the SSH server running, you can follow the guide[2] to setting up key authentication. Everything should work exactly as published there.

[1] http://www.portforward.com [2] http://en.opensuse.org/Public_Key_Authentication

Bob, ssh is usually 'fire-and-forget' simple. I've followed the post and the only thing I see is that ssh on 11.0 may be choking on your use of rsa authentication. I do all my passwordless ssh configs the same way. I have 10 or so openSuSE boxes and all communicate via ssh without password and without issue. If you are convince that ssh is up and that SuSEFirewall2 is allowing communication on port 22, try this: (1) Check your /etc/ssh/sshd_config Protocol 2 PasswordAuthentication no UsePAM yes X11Forwarding yes Subsystem sftp /usr/lib/ssh/sftp-server AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL (2) on you laptop, generate a (dsa) key, not an (rsa) key with: ssh-keygen -t dsa Use the defaults! You should just just be hitting return 3 times after issuing the above command. The ssh-keygen transaction should look like this: 17:52 nemesis~/.ssh> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/zachry/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/zachry/.ssh/id_dsa. Your public key has been saved in /home/zachry/.ssh/id_dsa.pub. The key fingerprint is: b0:ff:a2:1c:e1:3b:2f:0a:42:d0:c9:d9:c3:af:bc:a1 zachry@nemesis Now, make a copy of the id_dsa.pub key so you can identify it on the other machines. I use 'cp id_dsa.pub id_dsa.pub.$HOSTNAME'. For this example we will call it "id_dsa.pub.laptop". Copy the id_dsa.pub.laptop key to your desktop box and put it in ~/.ssh. I also keep a public_keys directory on my server where all id_dsa.pub.$HOSTNAME keys are kept (I'll explain more later) (3) on the desktop, delete any existing ~/.ssh/authorized_keys file. Now create a new one with: cp id_dsa.pub.laptop authorized_keys # or you can simple use: cat id_dsa.pub.laptop > authorized_keys NOTE: if you need to add any additional keys to the file, you will need to append the keys to the file with: cat id_dsa.pub.laptop >> authorized_keys (4) on the laptop now ssh into the desktop box and you should be able to do it without a password. If you can't, you have other problems not related to ssh, ssh-keygen or your use of authorized_keys. Good Luck! Additional Reading: How to Centrally Maintain all your ssh Public Keys: (1) Collect all of your public keys (id_dsa.pub.hostname, etc..) into a single directory on on a central box. You will have something that looks like this: 17:58 nirvana~/linux/boxes> l public_keys/ total 192 drwxr-xr-x 2 david dcr 4096 2008-10-22 22:40 ./ drwxr-xr-x 21 david rankin 4096 2008-10-28 00:49 ../ -rw-r--r-- 1 root root 16274 2008-10-22 22:39 authorized_keys -rw-r--r-- 1 david dcr 15672 2008-10-18 23:40 authorized_keys.1 -rw-r--r-- 1 david dcr 14475 2008-09-25 00:51 authorized_keys.2 -rw-r--r-- 1 david dcr 13266 2008-08-24 15:00 authorized_keys.3 -rw-r--r-- 1 david dcr 603 2008-08-21 19:35 id_dsa.pub.alchemy -rw-r--r-- 1 david dcr 602 2008-08-21 21:31 id_dsa.pub.alchemyr -rw-r--r-- 1 david dcr 601 2008-01-08 15:34 id_dsa.pub.bonzanew -rw-r--r-- 1 david dcr 600 2008-01-25 20:49 id_dsa.pub.bonzar -rw-r--r-- 1 david dcr 599 2008-05-16 20:51 id_dsa.pub.fax -rw-r--r-- 1 david dcr 598 2008-05-16 20:52 id_dsa.pub.faxr <Big Snip> -rw-r--r-- 1 david dcr 603 2008-01-01 22:39 id_dsa_putty.pub -rwxrwxr-- 1 david dcr 715 2008-10-22 22:40 newkeys* The authorized_keys file will contain all of your public_keys so that you can easily update all of your linux boxes with a complete authorized_keys that will allow access between your machines. (2) After you have all of your keys collected in the directory, use the newkeys script to create the new authorized_keys and create a backup of the last one you used (i.e. authorized_keys.1, authorized_keys.2, etc.). The script is: #!/bin/bash # ## Check for root # ROOT_UID=0 E_NOTROOT=67 if [ "$UID" -ne "$ROOT_UID" ]; then echo -e "\nYou must be root to run this script.\nUser: $USER$, UID: $UID can't!\n" exit $E_NOTROOT fi # ## Backup Authorized_Keys file # for ((i=3;i>0;i--)); do let NEXT=i+1 case "$i" in "3" ) if [[ -w "authorized_keys.3" ]]; then rm "authorized_keys.3"; fi;; * ) if [[ -w "authorized_keys.${i}" ]]; then mv "authorized_keys.${i}" "authorized_keys.${NEXT}"; fi;; esac done if [[ -w "authorized_keys" ]]; then mv authorized_keys authorized_keys.1 fi # ## Create New Authorized_Keys File # for i in $(ls id_dsa*); do cat ${i} >> authorized_keys done exit 0 (3) Lastly, keep a 'getnewkeys' script on each machine to backup the current machines authorized_keys file and retrieve the new authorized_keys file from the central directory each time you add a key to it. The getnewkeys script is simply: #!/bin/bash mv authorized_keys authorized_keys.sav cp /PATH_TO_CENTRAL/public_keys/authorized_keys . #NOTE: change path chown user:group authorized_keys # NOTE change user:group as needed chmod 0644 authorized_keys exit 0 Make to changes to the script noted above and you can use it to update all machines to the latest current authorized_keys file on the central server Good Luck -- again... -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

29 Oct 29 Oct

19:42

On Tuesday 28 October 2008 23:15:24 David C. Rankin wrote:

...

Bob Williams wrote:

...
Time for bed. See you tomorrow.

...
Once you get the SSH server running, you can follow the guide[2] to setting up key authentication. Everything should work exactly as published there.

[1] http://www.portforward.com [2] http://en.opensuse.org/Public_Key_Authentication

Bob,

ssh is usually 'fire-and-forget' simple. I've followed the post and the only thing I see is that ssh on 11.0 may be choking on your use of rsa authentication. I do all my passwordless ssh configs the same way. I have 10 or so openSuSE boxes and all communicate via ssh without password and without issue. If you are convince that ssh is up and that SuSEFirewall2 is allowing communication on port 22, try this:

Many thanks for help, David. I've been through your detailed instructions below, but still getting the same error. Apart from the config files, should there be any other files in /etc/ssh on my desktop machine? For example, I have ssh_host_key and its matching .pub as well as ssh_host_dsa_key pairs.

...

(1) Check your /etc/ssh/sshd_config

Protocol 2 PasswordAuthentication no UsePAM yes X11Forwarding yes Subsystem sftp /usr/lib/ssh/sftp-server AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL

All these options are uncommented (and no others!)

...

(2) on you laptop, generate a (dsa) key, not an (rsa) key with:

ssh-keygen -t dsa

Use the defaults! You should just just be hitting return 3 times after issuing the above command. The ssh-keygen transaction should look like this:

17:52 nemesis~/.ssh> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/zachry/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/zachry/.ssh/id_dsa. Your public key has been saved in /home/zachry/.ssh/id_dsa.pub. The key fingerprint is: b0:ff:a2:1c:e1:3b:2f:0a:42:d0:c9:d9:c3:af:bc:a1 zachry@nemesis

Done

...

Now, make a copy of the id_dsa.pub key so you can identify it on the other machines. I use 'cp id_dsa.pub id_dsa.pub.$HOSTNAME'. For this example we will call it "id_dsa.pub.laptop". Copy the id_dsa.pub.laptop key to your desktop box and put it in ~/.ssh.

Done

...

I also keep a public_keys directory on my server where all id_dsa.pub.$HOSTNAME keys are kept (I'll explain more later)

(3) on the desktop, delete any existing ~/.ssh/authorized_keys file. Now create a new one with:

cp id_dsa.pub.laptop authorized_keys # or you can simple use:

cat id_dsa.pub.laptop > authorized_keys

Done

...

NOTE: if you need to add any additional keys to the file, you will need to append the keys to the file with:

cat id_dsa.pub.laptop >> authorized_keys

(4) on the laptop now ssh into the desktop box and you should be able to do it without a password. If you can't, you have other problems not related to ssh, ssh-keygen or your use of authorized_keys.

Good Luck!

Thanks, but ... robert@sputnik:~> ssh -vv bob@192.168.1.12 OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.1.12 [192.168.1.12] port 22. debug1: Connection established. debug1: identity file /home/robert//.ssh/id_rsa type -1 debug2: key_type_from_name: unknown key type '-----BEGIN' debug2: key_type_from_name: unknown key type '-----END' debug1: identity file /home/robert/.ssh/id_dsa type 2 ssh_exchange_identification: Connection closed by remote host My user name is bob on the desktop and robert on the laptop. The two machines are connected together by ethernet through my router, so port redirection is not involved. What really bugs me is that this was working last week. Then I fired up Wireshark and got a fright when I found I was being probed via ssh, the attacker using every possible user name they could think of (a dictionary attack?). I closed my firewall, but since then I have calmed down and allowed Secure Shell as a service. Presumably, that's the same thing as opening port 22 in the firewall. Anyway, the exchange quoted above contains the line 'Connection established' which suggests to me that it's failing at the key matching stage.

...

Additional Reading:

...for later Many thanks, Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.16-0.1-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

23:48

On Wednesday 29 October 2008 19:42:01 Bob Williams wrote:

...

On Tuesday 28 October 2008 23:15:24 David C. Rankin wrote:

...
Bob Williams wrote:

...
Time for bed. See you tomorrow.

...
Once you get the SSH server running, you can follow the guide[2] to setting up key authentication. Everything should work exactly as published there.

[1] http://www.portforward.com [2] http://en.opensuse.org/Public_Key_Authentication

Bob,

ssh is usually 'fire-and-forget' simple. I've followed the post and the only thing I see is that ssh on 11.0 may be choking on your use of rsa authentication. I do all my passwordless ssh configs the same way. I have 10 or so openSuSE boxes and all communicate via ssh without password and without issue. If you are convince that ssh is up and that SuSEFirewall2 is allowing communication on port 22, try this:

I've done the whole process in reverse, i.e. generated a key pair for my desktop machine, added the public key to authorized_keys, copied that file to my laptop ~/.ssh and made an ssh connection from desktop to laptop, no problem. But it's still sticking in the opposite direction :( Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.16-0.1-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

David C. Rankin

30 Oct 30 Oct

19:45

Bob Williams wrote:

...

My user name is bob on the desktop and robert on the laptop. The two machines are connected together by ethernet through my router, so port redirection is not involved.

Ahah! Bingo! Look at your ~/.ssh/authorized_keys file! I bet you will find robert@host at the end of the line in the desktop file and bob@host in the ~/.ssh/authorized_keys on your laptop. Edit your authorized_keys file and either correct the names or simply delete the space and robert@host after the == Like this: osW/BdzA== robert@host ^^^^^^^^^^^^ delete every thing over the ^^^^ and try again ;-) or change robert to bob. The names have to match the account on the machine or delete them

...

Many thanks, Bob

Your welcome -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

20:47

On Thursday 30 October 2008 19:45:25 David C. Rankin wrote:

...

Bob Williams wrote:

...
My user name is bob on the desktop and robert on the laptop. The two machines are connected together by ethernet through my router, so port redirection is not involved.

Ahah! Bingo!

Look at your ~/.ssh/authorized_keys file! I bet you will find robert@host at the end of the line in the desktop file and bob@host in the ~/.ssh/authorized_keys on your laptop.

Edit your authorized_keys file and either correct the names or simply delete the space and robert@host after the == Like this:

osW/BdzA== robert@host ^^^^^^^^^^^^ delete every thing over the ^^^^ and try again ;-)

or change robert to bob. The names have to match the account on the machine or delete them

...
Many thanks, Bob

Your welcome

Hello, David :) You're right about the names, as you state above. However, the problem lay elsewhere, a mismatch between ssh_host_key.pub on one machine and the contents of known_hosts on the other. So, I've got ssh working in both directions, but my next problem is that scp won't accept any of my user login passwords. I thought it used the same underlying mechanism as ssh. I've tidied up all my public keys as you suggested in an earlier post. Thanks, Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.16-0.1-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

David C. Rankin

22:21

Bob Williams wrote:

...

On Thursday 30 October 2008 19:45:25 David C. Rankin wrote:

...
Bob Williams wrote:

...
My user name is bob on the desktop and robert on the laptop. The two machines are connected together by ethernet through my router, so port redirection is not involved. Ahah! Bingo!

Look at your ~/.ssh/authorized_keys file! I bet you will find robert@host at the end of the line in the desktop file and bob@host in the ~/.ssh/authorized_keys on your laptop.

Edit your authorized_keys file and either correct the names or simply delete the space and robert@host after the == Like this:

osW/BdzA== robert@host ^^^^^^^^^^^^ delete every thing over the ^^^^ and try again ;-)

or change robert to bob. The names have to match the account on the machine or delete them

...
Many thanks, Bob Your welcome

Hello, David :)

You're right about the names, as you state above. However, the problem lay elsewhere, a mismatch between ssh_host_key.pub on one machine and the contents of known_hosts on the other.

So, I've got ssh working in both directions, but my next problem is that scp won't accept any of my user login passwords. I thought it used the same underlying mechanism as ssh.

I've tidied up all my public keys as you suggested in an earlier post.

Thanks,

Bob

scp does use the same ssl mechanism. Delete all of the known_hosts files and try scp and ssh again. The known_hosts file will automatically be recreated the first time the foreign connection is made the next time.. Generally, when known_hosts has a conflict, you will get an error due to the strict checking option that says something like: Offending key in known_hosts blah, blah, blah... the offending key is :#" At that point you simply edit known hosts and delete line #. Try this and then will look further. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

31 Oct 31 Oct

15:13

On Thursday 30 October 2008 22:21:29 David C. Rankin wrote:

...

scp does use the same ssl mechanism. Delete all of the known_hosts files and try scp and ssh again. The known_hosts file will automatically be recreated the first time the foreign connection is made the next time..

Sorry, didn't work. scp still asks for password three times, then Permission denied (publickey,keyboard-interactive). lost connection robert@sputnik:~> whereas ssh works on first attempt (same password)

...

Generally, when known_hosts has a conflict, you will get an error due to the strict checking option that says something like: Offending key in known_hosts blah, blah, blah... the offending key is :#" At that point you simply edit known hosts and delete line #.

Yes, I've tried editing out the offending entry, but this time I deleted the known_hosts file.

...

Try this and then will look further.

Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Brian K. White

17:15

Doesn't scp use ssh protocol 1? Doesn't the default opensuse sshd_config disallow protocol 1? ie: use rsync or sftp instead of scp or comment out "Protocol 2" in /etc/ssh/sshd_config and then rcsshd restart Hmm... nope, scp works for me and the server definitely has "Protocol 2" in sshd_config, so it's probably not that. foo2:~ # touch /tmp/xyxy foo1:~ # scp foo2:/tmp/xyxy /tmp xyxy 100% 0 0.0KB/s 00:00 foo1:~ # This was with a key pair already set up, but you should be trying without any keys first. Step A, THEN step B, C,...Z Step A is get it working the simplest way possible, which is manually entering a password. -- Brian K. White brian@aljex.com http://www.myspace.com/KEYofR +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO FreeBSD #callahans Satriani Filk! ----- Original Message ----- From: "Bob Williams" To: Sent: Friday, October 31, 2008 11:13 AM Subject: Re: [opensuse] Clueless about SSH

...

On Thursday 30 October 2008 22:21:29 David C. Rankin wrote:

...
scp does use the same ssl mechanism. Delete all of the known_hosts files and try scp and ssh again. The known_hosts file will automatically be recreated the first time the foreign connection is made the next time..

Sorry, didn't work. scp still asks for password three times, then

Permission denied (publickey,keyboard-interactive). lost connection robert@sputnik:~>

whereas ssh works on first attempt (same password)

...
Generally, when known_hosts has a conflict, you will get an error due to the strict checking option that says something like: Offending key in known_hosts blah, blah, blah... the offending key is :#" At that point you simply edit known hosts and delete line #.

Yes, I've tried editing out the offending entry, but this time I deleted the known_hosts file.

...
Try this and then will look further.

Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

-- No virus found in this incoming message. Checked by AVG. Version: 7.5.549 / Virus Database: 270.8.5/1758 - Release Date: 10/31/2008 8:22 AM

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

David C. Rankin

20:49

Brian K. White wrote:

...

Doesn't scp use ssh protocol 1? Doesn't the default opensuse sshd_config disallow protocol 1?

ie: use rsync or sftp instead of scp or comment out "Protocol 2" in /etc/ssh/sshd_config and then rcsshd restart

Hmm... nope, scp works for me and the server definitely has "Protocol 2" in sshd_config, so it's probably not that. foo2:~ # touch /tmp/xyxy

foo1:~ # scp foo2:/tmp/xyxy /tmp

xyxy 100% 0 0.0KB/s 00:00

foo1:~ #

This was with a key pair already set up, but

you should be trying without any keys first.

Step A, THEN step B, C,...Z

Step A is get it working the simplest way possible, which is manually entering a password.

Brian, "Bob's box is just freaking possessed!" this Halloween. He doesn't need tech support, he needs an exorcist.... I've never seen any of my SuSE boxes work fine with ssh key access and NOT work with scp at least from 9.2 on, and probably earlier, I just don't recall using ssh keys before then. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

22:38

On Friday 31 October 2008 20:49:12 David C. Rankin wrote:

...

Brian K. White wrote:

...
Doesn't scp use ssh protocol 1? Doesn't the default opensuse sshd_config disallow protocol 1?

ie: use rsync or sftp instead of scp or comment out "Protocol 2" in /etc/ssh/sshd_config and then rcsshd restart

Hmm... nope, scp works for me and the server definitely has "Protocol 2" in sshd_config, so it's probably not that. foo2:~ # touch /tmp/xyxy

foo1:~ # scp foo2:/tmp/xyxy /tmp

xyxy 100% 0 0.0KB/s 00:00

foo1:~ #

This was with a key pair already set up, but

you should be trying without any keys first.

Step A, THEN step B, C,...Z

Step A is get it working the simplest way possible, which is manually entering a password.

Brian,

"Bob's box is just freaking possessed!" this Halloween. He doesn't need tech support, he needs an exorcist....

Maybe it'll just start working OK tomorrow :)

...

I've never seen any of my SuSE boxes work fine with ssh key access and NOT work with scp at least from 9.2 on, and probably earlier, I just don't recall using ssh keys before then.

-- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com

-- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

David C. Rankin

4 Nov 4 Nov

08:43

Bob Williams wrote:

...

On Friday 31 October 2008 20:49:12 David C. Rankin wrote:

...
Brian K. White wrote:

...
Doesn't scp use ssh protocol 1? Doesn't the default opensuse sshd_config disallow protocol 1?

ie: use rsync or sftp instead of scp or comment out "Protocol 2" in /etc/ssh/sshd_config and then rcsshd restart

Hmm... nope, scp works for me and the server definitely has "Protocol 2" in sshd_config, so it's probably not that. foo2:~ # touch /tmp/xyxy

foo1:~ # scp foo2:/tmp/xyxy /tmp

xyxy 100% 0 0.0KB/s 00:00

foo1:~ #

This was with a key pair already set up, but

you should be trying without any keys first.

Step A, THEN step B, C,...Z

Step A is get it working the simplest way possible, which is manually entering a password. Brian,

"Bob's box is just freaking possessed!" this Halloween. He doesn't need tech support, he needs an exorcist....

Maybe it'll just start working OK tomorrow :)

Bob, Are you sure your not running into another bob/robert issue? According to the way you have your laptop and desktop setup, you should be issuing your scp commands like: On the laptop: scp fileto bob@desktop:/pathtoputfile or scp bob@desktop:/filetoget /pathheresomewhere On the desktop scp fileto robert@laptop:/pathtoputfile or scp robert@laptop:/filetoget /pathheresomewhere If it were me, I'd, as root on the laptop: useradd -m bob && cp -a /home/robert /home/bob && find /home/bob -user robert -print0 | xargs -0 chown bob: && cp /var/spool/mail/robert /var/spool/mail/bob && chown bob: /var/spool/mail/bob && userdel -f robert && passwd bob ...regen new ssh keys for bob on laptop, and be done with it man...... -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

11:57

On Tuesday 04 November 2008 08:43:52 David C. Rankin wrote:

...

Bob Williams wrote:

...
On Friday 31 October 2008 20:49:12 David C. Rankin wrote:

...
Brian K. White wrote:

...
Doesn't scp use ssh protocol 1? Doesn't the default opensuse sshd_config disallow protocol 1?

ie: use rsync or sftp instead of scp or comment out "Protocol 2" in /etc/ssh/sshd_config and then rcsshd restart

Hmm... nope, scp works for me and the server definitely has "Protocol 2" in sshd_config, so it's probably not that. foo2:~ # touch /tmp/xyxy

foo1:~ # scp foo2:/tmp/xyxy /tmp

xyxy 100% 0 0.0KB/s 00:00

foo1:~ #

This was with a key pair already set up, but

you should be trying without any keys first.

Step A, THEN step B, C,...Z

Step A is get it working the simplest way possible, which is manually entering a password.

Brian,

"Bob's box is just freaking possessed!" this Halloween. He doesn't need tech support, he needs an exorcist....

Maybe it'll just start working OK tomorrow :)

Bob,

Are you sure your not running into another bob/robert issue? According to the way you have your laptop and desktop setup, you should be issuing your scp commands like:

On the laptop:

scp fileto bob@desktop:/pathtoputfile

or

scp bob@desktop:/filetoget /pathheresomewhere

On the desktop

scp fileto robert@laptop:/pathtoputfile

or

scp robert@laptop:/filetoget /pathheresomewhere

Yes, the mistake I was making with scp was leaving out the user name.

...

If it were me, I'd, as root on the laptop:

useradd -m bob && cp -a /home/robert /home/bob && find /home/bob -user robert -print0 | xargs -0 chown bob: && cp /var/spool/mail/robert /var/spool/mail/bob && chown bob: /var/spool/mail/bob && userdel -f robert && passwd bob

That's all on one line?

...

...regen new ssh keys for bob on laptop, and be done with it man......

You mean lose my dual personalities? I'm not sure what my psychiatrist would say about that!

...

-- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com

Bob PS. Hope you're enjoying your election. The whole world is watching :) -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

David C. Rankin

6 Nov 6 Nov

03:00

Bob Williams wrote:

...

...
Are you sure your not running into another bob/robert issue? According to the way you have your laptop and desktop setup, you should be issuing your scp commands like:

On the laptop:

scp fileto bob@desktop:/pathtoputfile

or

scp bob@desktop:/filetoget /pathheresomewhere

On the desktop

scp fileto robert@laptop:/pathtoputfile

or

scp robert@laptop:/filetoget /pathheresomewhere

Yes, the mistake I was making with scp was leaving out the user name.

...
If it were me, I'd, as root on the laptop:

useradd -m bob && cp -a /home/robert /home/bob && find /home/bob -user robert -print0 | xargs -0 chown bob: && cp /var/spool/mail/robert /var/spool/mail/bob && chown bob: /var/spool/mail/bob && userdel -f robert && passwd bob

That's all on one line?

Yes, why waste carriage retuns?... All you have to do at the end is enter your password again ;-)

...

...
You mean lose my dual personalities? I'm not sure what my psychiatrist would say about that!

No, no, you wouldn't be able to talk to yourself anymore... But dual personalities are often better handled in /etc/aliases.

...

Bob

PS. Hope you're enjoying your election. The whole world is watching :)

Thank you Bob, Unfortunately it wasn't to be. The local ABC affiliate said it best "Nacogdoches continued its trend as a republican county" All races (except a local constables race) went approximately 2/3 - 1/3 republican to democrat (or worse). We will see what 2012 looks like. The paper summed up the judicial race: http://www.3111skyline.com/download/error/results_420_sentinel.pdf (300K) Live and learn... Run as a republican next time and fight it out in the primary... -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Anne Wilson

1 Nov 1 Nov

11:16

On Friday 31 October 2008 20:49:12 David C. Rankin wrote:

...

I've never seen any of my SuSE boxes work fine with ssh key access and NOT work with scp at least from 9.2 on, and probably earlier, I just don't recall using ssh keys before then.

I've complained about a lot of things in SUSE, but ssh+keys is one thing that is working faultlessly :-) Anne

Bob Williams

12:54

On Saturday 01 November 2008 11:16:00 Anne Wilson wrote:

...

On Friday 31 October 2008 20:49:12 David C. Rankin wrote:

...
I've never seen any of my SuSE boxes work fine with ssh key access and NOT work with scp at least from 9.2 on, and probably earlier, I just don't recall using ssh keys before then.

I've complained about a lot of things in SUSE, but ssh+keys is one thing that is working faultlessly :-)

Anne

Anne, thanks for your interest and reassurance, but I have a gremlin here. scp is almost more important to me than ssh, though the latter is now working, thanks to sterling help from David Rankin, who can expect a beer from me next time I'm passing through Nacogdoches :). I know I could use rsync, but it requires modules being setup beforehand, which makes it a bit less flexible for single file transfers. Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Anne Wilson

13:40

On Saturday 01 November 2008 12:54:22 Bob Williams wrote:

...

Anne, thanks for your interest and reassurance, but I have a gremlin here. scp is almost more important to me than ssh, though the latter is now working, thanks to sterling help from David Rankin, who can expect a beer from me next time I'm passing through Nacogdoches :).

Good to know that you have a solution :-) Yes, David has been helping folk for years, to my knowledge.

...

I know I could use rsync, but it requires modules being setup beforehand, which makes it a bit less flexible for single file transfers.

Have you considered keychain? I use it to handle keys, and with that passing my authorisations I can have a folderview on my desktop to my home directory on my server box and to another data directory. If I just want to copy a few files across I can handle those directories in dolphin just like local ones. Keychain also makes it easy to do a backup shell script to rsync files between the two boxes. I found an easy-to-follow howto on the net, set up keychain in about 5 minutes, and have blessed the day ever since :-) Anne

Bob Williams

14:36

New subject: [opensuse] Clueless about SSH [SOLVED]

On Saturday 01 November 2008 13:40:03 Anne Wilson wrote:

...

On Saturday 01 November 2008 12:54:22 Bob Williams wrote:

...
Anne, thanks for your interest and reassurance, but I have a gremlin here. scp is almost more important to me than ssh, though the latter is now working, thanks to sterling help from David Rankin, who can expect a beer from me next time I'm passing through Nacogdoches :).

The clue is in the subject line (first word), in other words, the problem was in front of the keyboard, not inside the machine (wasn't it ever thus?) I have been issuing commands such as scp testfile sputnik:/home/robert without specifying a 'target' user. It should of course be scp testfile robert@sputnik:/home/robert Duh!!!

...

Good to know that you have a solution :-) Yes, David has been helping folk for years, to my knowledge.

I still owe you that beer, David, but it won't be real soon. I live in Sussex, UK.

...

...
I know I could use rsync, but it requires modules being setup beforehand, which makes it a bit less flexible for single file transfers.

Have you considered keychain? I use it to handle keys, and with that passing my authorisations I can have a folderview on my desktop to my home directory on my server box and to another data directory. If I just want to copy a few files across I can handle those directories in dolphin just like local ones. Keychain also makes it easy to do a backup shell script to rsync files between the two boxes.

I found an easy-to-follow howto on the net, set up keychain in about 5 minutes, and have blessed the day ever since :-)

Thanks for that. I shall certainly take a look at keychain, and also fish as suggested by Joe Morris.

...

Anne

Joe Morris

14:08

On 11/01/2008 08:54 PM, Bob Williams wrote:

...

Anne, thanks for your interest and reassurance, but I have a gremlin here. scp is almost more important to me than ssh, though the latter is now working, thanks to sterling help from David Rankin, who can expect a beer from me next time I'm passing through Nacogdoches :).

I know I could use rsync, but it requires modules being setup beforehand, which makes it a bit less flexible for single file transfers.

Bob

Do you use KDE? Have you tried fish in Konqueror? That is by far the easiest way to transfer files via ssh, and its graphical too. :-) -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Bob Williams

14:37

On Saturday 01 November 2008 14:08:51 Joe Morris wrote:

...

On 11/01/2008 08:54 PM, Bob Williams wrote:

...
Anne, thanks for your interest and reassurance, but I have a gremlin here. scp is almost more important to me than ssh, though the latter is now working, thanks to sterling help from David Rankin, who can expect a beer from me next time I'm passing through Nacogdoches :).

I know I could use rsync, but it requires modules being setup beforehand, which makes it a bit less flexible for single file transfers.

Bob

Do you use KDE? Have you tried fish in Konqueror? That is by far the easiest way to transfer files via ssh, and its graphical too. :-)

Yes, Joe. I'm on KDE 4.1.2 at the moment. I'll take a look at fish.

...

-- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64

Rodney Baker

14:58

On Sunday 02 November 2008 01:07:57 Bob Williams wrote:

...

[...]

...
Do you use KDE? Have you tried fish in Konqueror? That is by far the easiest way to transfer files via ssh, and its graphical too. :-)

Yes, Joe. I'm on KDE 4.1.2 at the moment. I'll take a look at fish.

...
-- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64

Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS

Bob, Another thing I've found very useful in recent days is sshfs. This allows you to mount a remote path to a local mount point over ssh, which means you can then treat it as any other mounted folder (only slower, depending on the connection speed). The remote path is then available to all applications (graphical and CLI) as a local path until unmounted. I can't remember if I found it in the build service via one-click or if it is in one of the repositories. Regards, -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================

Bob Williams

15:15

On Saturday 01 November 2008 14:58:19 Rodney Baker wrote:

...

Bob, Another thing I've found very useful in recent days is sshfs. This allows you to mount a remote path to a local mount point over ssh, which means you can then treat it as any other mounted folder (only slower, depending on the connection speed). The remote path is then available to all applications (graphical and CLI) as a local path until unmounted. I can't remember if I found it in the build service via one-click or if it is in one of the repositories.

Regards,

Better and better. Thanks Rodney Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.2 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

5656

Age (days ago)

5666

Last active (days ago)

List overview

Download

27 comments

9 participants

participants (9)

Andrew Joakimsen
Anne Wilson
Bob Williams
Brian K. White
David C. Rankin
Joe Morris
Mads Martin Joergensen
Rodney Baker
Sampsa Riikonen