View unanswered posts    View active topics

All times are UTC - 6 hours





Post new topic Reply to topic  [ 11 posts ] 
Print view Previous topic   Next topic  
Author Message
Search for:
PostPosted: Wed Dec 31, 2008 1:06 pm 
Offline
Joined: Fri Oct 20, 2006 12:04 pm
Posts: 905
Location: LA, CA
OK, I should remember this, but I can't even find what to search for!

I want to be able to ssh into a SBE from MBE. I forgot how to set this up, something with keys and authenticating?

I do ssh me@SBE and it pops
Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
99:ce:09:4b:e4:58:89:4a:a5:ef:c1:b4:fa:64:3e:fb.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for bigdog has changed and you have requested strict checking.
Host key verification failed.


I've recreated keys on the SBE, but I can't remember how to get them on the MBE. A simple copy/paste didn't work... ugh. If I could only remember...

Anyone, take mercy on a dumb soul?


Top
 Profile  
 
PostPosted: Wed Dec 31, 2008 1:41 pm 
Offline
Joined: Thu Sep 27, 2007 5:44 pm
Posts: 568
Too Many Secrets wrote:
...
Code:
...
Offending key in /root/.ssh/known_hosts:1
...

...


Are you trying to access it as root? I didn't think KM allowed remote access as root user. In any case, if I get a message like that I think it is usually if I have changed the network card, OS, etc. on that machine. I normally open that known_hosts file and remove the line with that key. When I attempt to ssh into it the next time it asks if I want to have the key added and select yes.

Hopefully this helps and I am on the right track of what you're looking for.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 1:42 pm 
Offline
Joined: Sat Sep 02, 2006 9:17 am
Posts: 359
You need to remove the SBE's old key from ~/.ssh/known_hosts on the MBE. Next time you ssh it will change the error to something more like "This is an unknown host, do you want to add it?" type "yes" and you're back.

If you're not sute which line, or if you totally dork the file, just delete it completely. This will delete the entire list of known hosts so you'll get that message the next time for each host. Again, just type 'yes'


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 2:04 pm 
Offline
Joined: Fri Oct 20, 2006 12:04 pm
Posts: 905
Location: LA, CA
jmckeown2 wrote:
You need to remove the SBE's old key from ~/.ssh/known_hosts on the MBE. Next time you ssh it will change the error to something more like "This is an unknown host, do you want to add it?" type "yes" and you're back.

If you're not sute which line, or if you totally dork the file, just delete it completely. This will delete the entire list of known hosts so you'll get that message the next time for each host. Again, just type 'yes'


Thanks, OK this got me
Code:
Permission denied (publickey).


uhh....


Top
 Profile  
 
PostPosted: Wed Dec 31, 2008 2:12 pm 
Offline
Joined: Fri Oct 20, 2006 12:04 pm
Posts: 905
Location: LA, CA
knappster wrote:
Too Many Secrets wrote:
...
Code:
...
Offending key in /root/.ssh/known_hosts:1
...

...


Are you trying to access it as root? I didn't think KM allowed remote access as root user. In any case, if I get a message like that I think it is usually if I have changed the network card, OS, etc. on that machine. I normally open that known_hosts file and remove the line with that key. When I attempt to ssh into it the next time it asks if I want to have the key added and select yes.

Hopefully this helps and I am on the right track of what you're looking for.


Thanks, tried this as root, mythtv and my other user. ie all users pop back the same.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 3:50 pm 
Offline
Joined: Wed Nov 16, 2005 8:55 pm
Posts: 1381
Location: Farmington, MI USA
"The same" being "Offending key in /root/.ssh/known_hosts:X" ? You need to adjust/remove each user's .ssh/known_hosts file to clear that up.

If "the same" means you are still getting "Permission denied (publickey)." then I would check the keys you generated for user "me" in "me@SBE". Does the user "me" exist on the MBE?

EDIT: See http://forums.fedoraforum.org/showthread.php?t=51543 for file/directory permissions /EDIT


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 6:05 pm 
Offline
Joined: Fri Oct 20, 2006 12:04 pm
Posts: 905
Location: LA, CA
well, I turned back on passwordauthentication and I can now ssh in from one box to the other, but with only a password... now great for running a script, but it's progress. i guess...


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 8:51 pm 
Offline
Joined: Sun Sep 25, 2005 3:50 pm
Posts: 1013
Location: Los Angeles
Too Many Secrets wrote:
well, I turned back on passwordauthentication and I can now ssh in from one box to the other, but with only a password... now great for running a script, but it's progress. i guess...


You can create a public-key by following the instructions here, ignoring the instructions about PuTTY. If you make a key w/o a passphrase, you may use the key to execute a command on the remote computer without user intervention.

Code:
ssh -i /home/user/.ssh/my-key 192.168.1.101 /path/to/mycommand.sh

This assumes 192.168.1.101 is the remote computer's IP address (you may also use the hostname if it exists in the local machine's /etc/hosts file). I use this method as a nightly cron job to mount and umount a remote RAID array before sending files to it for backup.

_________________
Mike
My Hardware Profile


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 9:12 pm 
Offline
Joined: Fri Oct 20, 2006 12:04 pm
Posts: 905
Location: LA, CA
mihanson wrote:
Too Many Secrets wrote:
well, I turned back on passwordauthentication and I can now ssh in from one box to the other, but with only a password... now great for running a script, but it's progress. i guess...


You can create a public-key by following the instructions here, ignoring the instructions about PuTTY. If you make a key w/o a passphrase, you may use the key to execute a command on the remote computer without user intervention.

Code:
ssh -i /home/user/.ssh/my-key 192.168.1.101 /path/to/mycommand.sh

This assumes 192.168.1.101 is the remote computer's IP address (you may also use the hostname if it exists in the local machine's /etc/hosts file). I use this method as a nightly cron job to mount and umount a remote RAID array before sending files to it for backup.

Thanks for the tip. Will this only work without a password? Isn't that a bit 'fast and loose'?


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 11:34 pm 
Offline
Joined: Sun Sep 25, 2005 3:50 pm
Posts: 1013
Location: Los Angeles
Too Many Secrets wrote:
Thanks for the tip. Will this only work without a password? Isn't that a bit 'fast and loose'?


If I understand you correctly, will what I do (ssh in to mount and umount) work with a passphrase? It would work with a passphrase, but I'd have to be there to enter it everytime. Is it less secure without a passphrase? Yes. The way my ssh is set up, a valid key is required to gain access. I don't allow any password authentication. The mount/umount is all done within my LAN, not over the 'net. I have a different key which does require a passphrase for access to my network from the WAN.

The computer that I have all WAN side ssh traffic forwarded to gets hammered all the time with attacks. i.e.
Quote:
Dec 28 23:05:20 mythbox-mbe sshd[4574]: Did not receive identification string fr
om 219.142.74.17
Dec 28 23:06:55 mythbox-mbe sshd[4575]: Invalid user admin from 219.142.74.17
Dec 28 23:06:57 mythbox-mbe sshd[4577]: User root from 219.142.74.17 not allowed
because listed in DenyUsers
Dec 28 23:06:59 mythbox-mbe sshd[4579]: Invalid user stud from 219.142.74.17
Dec 28 23:07:03 mythbox-mbe sshd[4581]: Invalid user trash from 219.142.74.17
Dec 28 23:07:05 mythbox-mbe sshd[4583]: Invalid user aaron from 219.142.74.17
Dec 28 23:07:10 mythbox-mbe sshd[4585]: Invalid user gt05 from 219.142.74.17
Dec 28 23:07:13 mythbox-mbe sshd[4587]: Invalid user william from 219.142.74.17
Dec 28 23:07:16 mythbox-mbe sshd[4589]: Invalid user stephanie from 219.142.74.1
7

Today alone I was hit 2133 times. (I really need to implement an IP table rule to ban IP's after a few tries.) IMO, if you absolutely need SSH access, using a key is the most secure way--on the LAN side or WAN side. No key = no access.

_________________
Mike
My Hardware Profile


Top
 Profile  
 
 Post subject:
PostPosted: Wed Dec 31, 2008 11:56 pm 
Offline
Joined: Fri Oct 20, 2006 12:04 pm
Posts: 905
Location: LA, CA
Thanks again for your tips on the key.

I've been able to make a bit of headway, but keep hitting a wall.

I've created 2 keys. 1 password protected, 2 no password. Using the above example ssh -i /home/me/.ssh/id_rsa myslavebackend /usr/local/bin/idle.sh
will return a request for key password.

When I run ssh -i /home/me/.ssh/id_rsa2 myslavebackend /usr/local/bin/idle.sh I get this:


Code:
buffer_get_ret: trying to get more bytes 4 than in buffer 0
buffer_get_int: buffer error


googling sends me in many directions, but nothing that has worked for me. still looking... :x

EDIT:OK the 2nd key had 2 line breaks in it and the key needs to be all in 1 line. Fixed this and it's ok now.


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 


All times are UTC - 6 hours




Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group

Theme Created By ceyhansuyu