Difference between revisions of "GNU Linux/SSH"

From WhyAskWhy.org Wiki
Jump to: navigation, search
m (Added quick/dirty section content)
m (Added example of removing ssh host keys)
Line 93: Line 93:
 
* http://www.enricozini.org/2008/tips/ssh-host-key-fingerprint/
 
* http://www.enricozini.org/2008/tips/ssh-host-key-fingerprint/
 
* http://www.lysium.de/blog/index.php?/archives/186-How-to-get-ssh-server-fingerprint-information.html
 
* http://www.lysium.de/blog/index.php?/archives/186-How-to-get-ssh-server-fingerprint-information.html
 +
 +
 +
== KDE - Dolphin - SFTP connections (RSA) when existing key is present (ECSDA) ==
 +
 +
The problem shows itself with this error message:
 +
 +
<blockquote>
 +
The host key for this server was not found, but another type of key exists. An attacker might change the default server key to confuse your client into thinking the key does not exist. Please contact your system administrator.
 +
</blockquote>
 +
 +
The workaround is to remove the existing host keys (one for the hostname, one for the IP Address) and then connect again.
 +
 +
Example:
 +
 +
<syntaxhighlight lang="bash">
 +
$ ssh-keygen -R host.example.com
 +
$ ssh-keygen -R 123.123.123.123
 +
</syntaxhighlight>
 +
 +
 +
=== References ===
 +
 +
* http://askubuntu.com/questions/20865/is-it-possible-to-remove-a-particular-host-key-from-sshs-known-hosts-file
 +
* http://yuenhoe.com/blog/2011/06/the-host-key-for-this-server-was-not-found-but-another-type-of-key-exists-when-using-sftp-with-dolphinkio/

Revision as of 11:11, 28 August 2014

According to Wikipedia:

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).


Using Public and Private Keys with SSH

Here's an example of generating a public/private key pair for private key authentication on a remote server. I'm using 4096 bit key length at the suggestion of one of the tutorial author's sites below (added complexity in breaking it). If you enter a tough password for the key it will be encrypted and that much harder to use for malicious purposes. If you don't use a password however, it can be used for automated tasks. You'll need to carefully weight the costs/benefits of your choice before deploying the key to remote servers.

ubuntu@ubuntu:~$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -C "Chuck Norris tough"

Generating public/private rsa key pair.
Created directory '/home/ubuntu/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ubuntu/.ssh/id_rsa.
Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub.
The key fingerprint is:
50:a0:9d:eb:61:bf:c8:6e:7a:76:bb:5a:05:e1:2e:58 Chuck Norris tough
The key's randomart image is:
+--[ RSA 4096]----+
|      ..o        |
|     o + .       |
|    . E o        |
|     o + .       |
|    . = S .      |
|     o + .       |
|      . o        |
|     .+o..       |
|    .*=o+o       |
+-----------------+


ubuntu@ubuntu:~$ cat ~/.ssh/id_rsa.pub | ssh root@turtle 'cat - >> ~/.ssh/authorized_keys'

The authenticity of host 'turtle (192.168.0.32)' can't be established.
RSA key fingerprint is b2:5c:0d:27:ed:12:a2:0c:33:51:9a:45:2f:2d:2f:6d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'turtle,192.168.0.32' (RSA) to the list of known hosts.
root@turtle's password: 


The next time you connect from the user account where you're keeping the keys (in this case the ubuntu user) to the remote account where you deployed the keys, you should not be prompted for that user's password. Instead, you'll be prompted for the private key's password if you chose one, or let in without a password prompt at all if you chose an empty private key password. For the purposes of this entry, I did not choose a password (I'll use this approach for automated tasks).


ubuntu@ubuntu:~$ ssh root@turtle

Linux turtle 2.6.32-43-generic #97-Ubuntu SMP Wed Sep 5 16:43:09 UTC 2012 i686 GNU/Linux
Ubuntu 10.04.4 LTS

Welcome to Ubuntu!
 * Documentation:  https://help.ubuntu.com/

0 packages can be updated.
0 updates are security updates.

New release 'precise' available.
Run 'do-release-upgrade' to upgrade to it.

Last login: Fri Sep 21 20:51:29 2012 from ubuntu.local


References


Setting up a secure tunnel via SSH


How to view the fingerprint of the ssh host key


KDE - Dolphin - SFTP connections (RSA) when existing key is present (ECSDA)

The problem shows itself with this error message:

The host key for this server was not found, but another type of key exists. An attacker might change the default server key to confuse your client into thinking the key does not exist. Please contact your system administrator.

The workaround is to remove the existing host keys (one for the hostname, one for the IP Address) and then connect again.

Example:

$ ssh-keygen -R host.example.com
$ ssh-keygen -R 123.123.123.123


References