Good Morning @all. piet schrieb:
Michel Messerschmidt wrote:
Dirk Schreiner said:
Miguel ALBUQUERQUE wrote:
piet
wrote on 14.12.2005 17:04:19: I made a public & private key with PuTTY, copy-paste the public to a text file: renamed it public.pub put it in /home/xxxx/.ssh
You did export it as openssh-key right? [...] Give it a try the other way:
use ssh-keygen on the linux box.
ssh-keygen -b 4096 -t rsa -C my_linux_box_key -f my_linux_box_key
Give a propper passphrase.
cat my_linux_box_key.pub >> authorized_keys
Copy the my_linux_box_key to youre win Box, and open the key with puttygen. Save it afterwards in ppk format and use this key to connect to the linux box.
It's better to convert the public key from putty into openssh format. This can be done by hand or with ssh-keygen: ssh-keygen -i -f public.pub > ~/.ssh/public_openssh.pub cat public_openssh.pub >>authorized_keys
I guess it doesn`t matter, if you convert Putty-->ssh or vice versa. Putty-->ssh didn`t work with older putty versions, but this schould be fixed today.
Important is --> it works for you.
And don't forget to remove the previous entries for this key from authorized_keys.
What is the output if you try to connect with putty on your suse server? Try: plink.exe -v -i
<user>@<host> goodmorning to All,
one thing that strikes me is the files generated on XP are executable should this be changed? I frolliced with that without result
to avoid being trapped in some 4096 1024 bug, I am trying (without succes) a regular RSA 1024 key, as thats the default with putty of winscp.
This is no bug, but the level of security. Nowadays there are 1024 Bit PPK Keys no longer considered as secure. (This is not from me, but from B. Schneier.) Use a minimum of 2048 Bit, or if you want to be secure in the Future think of using 4096 Bit. Btw. this is your`e Personal Key. SuSE generates the Host-Key with a Size of 1024 Bit. You can change this by substituting every 1024 by 2048 in /etc/init.d/sshd Removing every HostKey in /etc/ssh/ and restarting sshd (Do this local, til you really know what you do ;-) ) Another thing Puttygen often Bluescreens generating Keys with 4096 Bit ;-) (At least on my System.)
If I do Pam password on in the sshd_config I can logon, so I guess (?) there is no firewall problem
Maybe it is an idea to let sshkeygen make the putty key too... is that possible? piet ................................................................... here is the plink output:
plink -v -i my_SuSE_pri v_key.ppk piet@192.168.0.3 Server version: SSH-2.0-OpenSSH_3.9p1 We claim version: SSH-2.0-PuTTY_Release_0.58 Using SSH protocol version 2 Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange Host key fingerprint is: ssh-rsa 1024 f8:e3:73:18:44:78:f8:48:0c:5c:89:c3:8a:01:f1:64 Initialised AES-256 client->server encryption Initialised HMAC-SHA1 client->server MAC algorithm Initialised AES-256 server->client encryption Initialised HMAC-SHA1 server->client MAC algorithm Using username "piet". Reading private key file "my_SuSE_priv_key.ppk" Offered public key Server refused our key Server refused public key Keyboard-interactive authentication refused No supported authentication methods left to try! No supported authentications offered. Disconnecting Server closed network connection
As you can see, the Server is refusing the Key. So please Try a Login, and afterwards mail the Output of: grep "sshd" /var/log/* | tail -n 100 And just to be sure, make a su - {user} chmod -R 600 .ssh exit bevore. Dirk TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl-------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: suse-security@suse.com # Dateianhänge: 0