LinHES Forums
http://forum.linhes.org/

ssh from one computer to another?
http://forum.linhes.org/viewtopic.php?f=5&t=19383		 Page 1 of 1
Author:  Too Many Secrets [ Wed Dec 31, 2008 1:06 pm ]
Post subject:  ssh from one computer to another?
OK, I should remember this, but I can't even find what to search for!

I want to be able to ssh into a SBE from MBE. I forgot how to set this up, something with keys and authenticating?

I do ssh me@SBE and it pops
Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
99:ce:09:4b:e4:58:89:4a:a5:ef:c1:b4:fa:64:3e:fb.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for bigdog has changed and you have requested strict checking.
Host key verification failed.


I've recreated keys on the SBE, but I can't remember how to get them on the MBE. A simple copy/paste didn't work... ugh. If I could only remember...

Anyone, take mercy on a dumb soul?
Author:  knappster [ Wed Dec 31, 2008 1:41 pm ]
Post subject:  Re: ssh from one computer to another?
Too Many Secrets wrote:
...
Code:
...
Offending key in /root/.ssh/known_hosts:1
...

...


Are you trying to access it as root? I didn't think KM allowed remote access as root user. In any case, if I get a message like that I think it is usually if I have changed the network card, OS, etc. on that machine. I normally open that known_hosts file and remove the line with that key. When I attempt to ssh into it the next time it asks if I want to have the key added and select yes.

Hopefully this helps and I am on the right track of what you're looking for.
Author:  jmckeown2 [ Wed Dec 31, 2008 1:42 pm ]
Post subject: 
You need to remove the SBE's old key from ~/.ssh/known_hosts on the MBE. Next time you ssh it will change the error to something more like "This is an unknown host, do you want to add it?" type "yes" and you're back.

If you're not sute which line, or if you totally dork the file, just delete it completely. This will delete the entire list of known hosts so you'll get that message the next time for each host. Again, just type 'yes'
Author:  Too Many Secrets [ Wed Dec 31, 2008 2:04 pm ]
Post subject: 
jmckeown2 wrote:
You need to remove the SBE's old key from ~/.ssh/known_hosts on the MBE. Next time you ssh it will change the error to something more like "This is an unknown host, do you want to add it?" type "yes" and you're back.

If you're not sute which line, or if you totally dork the file, just delete it completely. This will delete the entire list of known hosts so you'll get that message the next time for each host. Again, just type 'yes'


Thanks, OK this got me
Code:
Permission denied (publickey).


uhh....
Author:  Too Many Secrets [ Wed Dec 31, 2008 2:12 pm ]
Post subject:  Re: ssh from one computer to another?
knappster wrote:
Too Many Secrets wrote:
...
Code:
...
Offending key in /root/.ssh/known_hosts:1
...

...


Are you trying to access it as root? I didn't think KM allowed remote access as root user. In any case, if I get a message like that I think it is usually if I have changed the network card, OS, etc. on that machine. I normally open that known_hosts file and remove the line with that key. When I attempt to ssh into it the next time it asks if I want to have the key added and select yes.

Hopefully this helps and I am on the right track of what you're looking for.


Thanks, tried this as root, mythtv and my other user. ie all users pop back the same.
Author:  slowtolearn [ Wed Dec 31, 2008 3:50 pm ]
Post subject: 
"The same" being "Offending key in /root/.ssh/known_hosts:X" ? You need to adjust/remove each user's .ssh/known_hosts file to clear that up.

If "the same" means you are still getting "Permission denied (publickey)." then I would check the keys you generated for user "me" in "me@SBE". Does the user "me" exist on the MBE?

EDIT: See http://forums.fedoraforum.org/showthread.php?t=51543 for file/directory permissions /EDIT
Author:  Too Many Secrets [ Wed Dec 31, 2008 6:05 pm ]
Post subject: 
well, I turned back on passwordauthentication and I can now ssh in from one box to the other, but with only a password... now great for running a script, but it's progress. i guess...
Author:  mihanson [ Wed Dec 31, 2008 8:51 pm ]
Post subject: 
Too Many Secrets wrote:
well, I turned back on passwordauthentication and I can now ssh in from one box to the other, but with only a password... now great for running a script, but it's progress. i guess...


You can create a public-key by following the instructions here, ignoring the instructions about PuTTY. If you make a key w/o a passphrase, you may use the key to execute a command on the remote computer without user intervention.

Code:
ssh -i /home/user/.ssh/my-key 192.168.1.101 /path/to/mycommand.sh

This assumes 192.168.1.101 is the remote computer's IP address (you may also use the hostname if it exists in the local machine's /etc/hosts file). I use this method as a nightly cron job to mount and umount a remote RAID array before sending files to it for backup.
Author:  Too Many Secrets [ Wed Dec 31, 2008 9:12 pm ]
Post subject: 
mihanson wrote:
Too Many Secrets wrote:
well, I turned back on passwordauthentication and I can now ssh in from one box to the other, but with only a password... now great for running a script, but it's progress. i guess...


You can create a public-key by following the instructions here, ignoring the instructions about PuTTY. If you make a key w/o a passphrase, you may use the key to execute a command on the remote computer without user intervention.

Code:
ssh -i /home/user/.ssh/my-key 192.168.1.101 /path/to/mycommand.sh

This assumes 192.168.1.101 is the remote computer's IP address (you may also use the hostname if it exists in the local machine's /etc/hosts file). I use this method as a nightly cron job to mount and umount a remote RAID array before sending files to it for backup.

Thanks for the tip. Will this only work without a password? Isn't that a bit 'fast and loose'?
Author:  mihanson [ Wed Dec 31, 2008 11:34 pm ]
Post subject: 
Too Many Secrets wrote:
Thanks for the tip. Will this only work without a password? Isn't that a bit 'fast and loose'?


If I understand you correctly, will what I do (ssh in to mount and umount) work with a passphrase? It would work with a passphrase, but I'd have to be there to enter it everytime. Is it less secure without a passphrase? Yes. The way my ssh is set up, a valid key is required to gain access. I don't allow any password authentication. The mount/umount is all done within my LAN, not over the 'net. I have a different key which does require a passphrase for access to my network from the WAN.

The computer that I have all WAN side ssh traffic forwarded to gets hammered all the time with attacks. i.e.
Quote:
Dec 28 23:05:20 mythbox-mbe sshd[4574]: Did not receive identification string fr
om 219.142.74.17
Dec 28 23:06:55 mythbox-mbe sshd[4575]: Invalid user admin from 219.142.74.17
Dec 28 23:06:57 mythbox-mbe sshd[4577]: User root from 219.142.74.17 not allowed
because listed in DenyUsers
Dec 28 23:06:59 mythbox-mbe sshd[4579]: Invalid user stud from 219.142.74.17
Dec 28 23:07:03 mythbox-mbe sshd[4581]: Invalid user trash from 219.142.74.17
Dec 28 23:07:05 mythbox-mbe sshd[4583]: Invalid user aaron from 219.142.74.17
Dec 28 23:07:10 mythbox-mbe sshd[4585]: Invalid user gt05 from 219.142.74.17
Dec 28 23:07:13 mythbox-mbe sshd[4587]: Invalid user william from 219.142.74.17
Dec 28 23:07:16 mythbox-mbe sshd[4589]: Invalid user stephanie from 219.142.74.1
7

Today alone I was hit 2133 times. (I really need to implement an IP table rule to ban IP's after a few tries.) IMO, if you absolutely need SSH access, using a key is the most secure way--on the LAN side or WAN side. No key = no access.
Author:  Too Many Secrets [ Wed Dec 31, 2008 11:56 pm ]
Post subject: 
Thanks again for your tips on the key.

I've been able to make a bit of headway, but keep hitting a wall.

I've created 2 keys. 1 password protected, 2 no password. Using the above example ssh -i /home/me/.ssh/id_rsa myslavebackend /usr/local/bin/idle.sh
 will return a request for key password.

When I run ssh -i /home/me/.ssh/id_rsa2 myslavebackend /usr/local/bin/idle.sh I get this:


Code:
buffer_get_ret: trying to get more bytes 4 than in buffer 0
buffer_get_int: buffer error


googling sends me in many directions, but nothing that has worked for me. still looking... :x

EDIT:OK the 2nd key had 2 line breaks in it and the key needs to be all in 1 line. Fixed this and it's ok now.
Page 1 of 1 All times are UTC - 6 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/