Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] encore:.. winscp& openssh
  • From: "Dirk Schreiner" <Dirk.Schreiner@xxxxxxx>
  • Date: Thu, 15 Dec 2005 11:42:26 +0100
  • Message-id: <43A14892.6000904@xxxxxxx>
Good Morning @all.

piet schrieb:

Michel Messerschmidt wrote:

Dirk Schreiner said:

Miguel ALBUQUERQUE wrote:

piet <prooroa@xxxxxxxxxx> wrote on 14.12.2005 17:04:19:

I made a public & private key with PuTTY, copy-paste the public to a
text file: renamed it public.pub
put it in /home/xxxx/.ssh

You did export it as openssh-key right?
[...]
Give it a try the other way:

use ssh-keygen on the linux box.

ssh-keygen -b 4096 -t rsa -C my_linux_box_key -f my_linux_box_key

Give a propper passphrase.

cat my_linux_box_key.pub >> authorized_keys

Copy the my_linux_box_key to youre win Box, and open
the key with puttygen.
Save it afterwards in ppk format and use this key to
connect to the linux box.


It's better to convert the public key from putty into openssh format.
This can be done by hand or with ssh-keygen:
ssh-keygen -i -f public.pub > ~/.ssh/public_openssh.pub
cat public_openssh.pub >>authorized_keys

I guess it doesn`t matter, if you convert Putty-->ssh or vice versa.
Putty-->ssh didn`t work with older putty versions, but this schould
be fixed today.

Important is --> it works for you.

And don't forget to remove the previous entries for this key from
authorized_keys.


What is the output if you try to connect with putty on your suse server?
Try: plink.exe -v -i <privatekey.ppk> <user>@<host>



goodmorning to All,

one thing that strikes me is the files generated on XP are executable
should this be changed? I frolliced with that without result

to avoid being trapped in some 4096 1024 bug, I am trying (without succes) a regular RSA 1024 key, as thats the default with putty of winscp.

This is no bug, but the level of security.
Nowadays there are 1024 Bit PPK Keys no longer
considered as secure. (This is not from me, but from B. Schneier.)

Use a minimum of 2048 Bit, or if you want to be secure in the Future
think of using 4096 Bit.
Btw. this is your`e Personal Key.
SuSE generates the Host-Key with a Size of 1024 Bit.
You can change this by substituting every 1024 by 2048 in
/etc/init.d/sshd
Removing every HostKey in /etc/ssh/
and restarting sshd
(Do this local, til you really know what you do ;-) )

Another thing Puttygen often Bluescreens generating
Keys with 4096 Bit ;-) (At least on my System.)

If I do Pam password on in the sshd_config I can logon, so I guess (?)
there is no firewall problem

Maybe it is an idea to let sshkeygen make the putty key too... is that possible?
piet
...................................................................
here is the plink output:

plink -v -i my_SuSE_pri
v_key.ppk piet@xxxxxxxxxxx
Server version: SSH-2.0-OpenSSH_3.9p1
We claim version: SSH-2.0-PuTTY_Release_0.58
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange
Host key fingerprint is:
ssh-rsa 1024 f8:e3:73:18:44:78:f8:48:0c:5c:89:c3:8a:01:f1:64
Initialised AES-256 client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "piet".
Reading private key file "my_SuSE_priv_key.ppk"
Offered public key
Server refused our key
Server refused public key
Keyboard-interactive authentication refused
No supported authentication methods left to try!
No supported authentications offered. Disconnecting
Server closed network connection

As you can see, the Server is refusing
the Key. So please Try a Login, and afterwards
mail the Output of:

grep "sshd" /var/log/* | tail -n 100

And just to be sure, make a

su - {user}
chmod -R 600 .ssh
exit

bevore.

Dirk




















TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de

Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx Nachricht an: suse-security@xxxxxxxx # Dateianhänge: 0






















< Previous Next >
Follow Ups