Tag Archives: RSA

First step is to create an openssh key.

On Linux:

ssh-keygen -t rsa

 

#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/serverlogin
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/serverlogin.
Your public key has been saved in /root/.ssh/serverlogin.pub.
The key fingerprint is:
7a:ce:aa:43:er:7c:bb:10:4b:88:84:63:ac:fa:61:74 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
| .               |
|o..              |
|.o.. .           |
| .o A o R        |
| ... . +         |
| .o0.  + .       |
|...oo0 .*        |
|...o++oo+        |
+-----------------+

Next you might need to transfer this openssh key to Windows. You can use pscp:

pscp [email protected]:/root/.ssh/serverlogin D:\Software\MyKeys\

Now from the server, transfer the public key to multiple servers:

cat ~/.ssh/serverlogin.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'
cat ~/.ssh/serverlogin.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'

 

If you have a VPS/server and reinstall it, you may see a message similiar to the below while logging in to it:

scp .ssh/ [email protected]:~/
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
43:ab:e2:c8:66:c3:c3:b7:b3:49:6d:01:57:4b:cd:39.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:4
RSA host key for 192.145.45.167 has changed and you have requested strict checking.
Host key verification failed.
lost connection

 

To fix this, you need to delete the offending host key from .ssh/known_hosts.

You can do this with sed:

sed -i '4d' .ssh/known_hosts[/code]
The "-i" option means, do an "in-place" modification of the file. The "4d" means to delete line number 4 from the file.

So after doing it, try again:
[[email protected]] ~ #sed -i '4d' .ssh/known_hosts
[[email protected]] ~ #scp -r .ssh/ [email protected]:~/
The authenticity of host '192.145.45.167 (192.145.45.167)' can't be established.
RSA key fingerprint is 43:ab:e2:c8:66:c3:c3:b7:b3:49:6d:01:57:4b:cd:39.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.145.45.167' (RSA) to the list of known hosts.
[email protected]'s password:
authorized_keys~                              100%  399     0.4KB/s   00:00
authorized_keys                               100%  801     0.8KB/s   00:00
id_rsa                                        100% 1679     1.6KB/s   00:00
known_hosts                                   100% 1768     1.7KB/s   00:00
id_rsa.pub                                    100%  391     0.4KB/s   00:00

 

I encountered this error while connecting recently too Goo buildserver:

[[email protected] ~]$ ssh2gooserver
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
73:1b:ca:05:7d:e5:10:b2:48:d0:be:70:3a:0f:08:47.
Please contact your system administrator.
Add correct host key in /home/droidzone/.ssh/known_hosts to get rid of this message.
Offending key in /home/droidzone/.ssh/known_hosts:10
RSA host key for buildbot1.snipanet.com has changed and you have requested strict checking.
Host key verification failed.

Solution:

1. Execute the following to remove the key for the server:

$ ssh-keygen -R buildbot1.snipanet.com
/home/droidzone/.ssh/known_hosts updated.
Original contents retained as /home/droidzone/.ssh/known_hosts.old

Now I tried again, and got a different message:

[[email protected] ~]$ ssh2gooserver
The authenticity of host 'buildbot1.snipanet.com (199.167.135.246)' can't be established.
RSA key fingerprint is 73:1b:ca:05:7d:e5:10:b2:48:d0:be:70:3a:0f:08:47.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'buildbot1.snipanet.com' (RSA) to the list of known hosts.
Warning: the RSA host key for 'buildbot1.snipanet.com' differs from the key for the IP address '199.167.135.246'
Offending key for IP in /home/droidzone/.ssh/known_hosts:10
Are you sure you want to continue connecting (yes/no)? yes
[email protected]'s password: 
Creating directory '/home/droidzone'.

I wanted to remove this error message.

So:

emacs /home/droidzone/.ssh/known_hosts

Jump to the offending line: Alt-GG 10

That’s for line number 10, and copy from beginning to end of Line 10 (easier if you have line numbering turned on iin emacs).

Generating the SSH key

ssh-keygen -t rsa

 

[[email protected]]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/droidzone/.ssh/id_rsa): /home/droidzone/.ssh/id_rsa_hostgator_ubuntu
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.
Your public key has been saved in /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.pub.
The key fingerprint is:
1a:24:ff:8d:f0:8a:64:c4:7a:de:d1:8f:15:5a:55:c5 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
+-----------------+

Now, you can view your public key with:

cat /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.pub

Logging in to the server

You can login to the server using your password with:

ssh -p 2222 [email protected]

Here, myusername is my user name (obviously), and 174.12.1.7 is the ip address of the host.

[[email protected]]$ ssh -p 2222 [email protected]
[email protected]'s password: 
Last login: Thu Sep 2 12:06:19 2012 from 9.3.34.8

[hostgator ~]$

Adding the key to the remote server

Now, that you can confirm the server credentials and generated a public/private key pair, you wish to create a passwordless login to access the server quickly from your machine.

You have already created the pair, so the next step is to transfer your public key to the server. You can do this by manually adding the public key to your server’s ~/.ssh/authorized_keys2 or ~/.ssh/authorized_keys (newer). Just do a:

ls -l ~/.ssh

and see which file your server uses.

You should now copy the entire text shown by:

cat /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.pub[/code]
and append it to the end of the remote server's ~/.ssh/authorized_keys2 or ~/.ssh/authorized_keys. For this you can open the relevant file in emacs.
emacs ~/.ssh/authorized_keys2

At the end of the current last line (last letter), press Enter.

Paste with Ctrl-Shift-V (i.e paste the new public key as the last line).

Save the file with Ctrl-X Ctrl-C.

Now, you can do a passwordless login to the server with:

ssh -i ~/.ssh/id_rsa_hostgator_ubuntu -p 2222 [email protected]

Here, id_rsa_hostgator_ubuntu is your private key file. You can of course automate this with this a bash script.

Adding a ssh key to remote server with a single command:

Generate key:

ssh-keygen -t rsa

Add the key:

cat ~/.ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'