You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2006-11-18 17:37:02
- viniosity
- Member
- From: New York, NY
- Registered: 2005-01-22
- Posts: 404
- Website
general ssh question
I have a customer who wants help maintaining his website.. no big deal except his host is only providing an IP and username.. no password. They say I need to generate a public/private keypair and send the private keypair to them. Anyone have any experience with this?
I figure I can generate the keys using
ssh-keygen -t rsa but I have a few questions:
1. Will the keypair be tied to my username? How would that affect the fact that they've given me a username I need to get access via ssh?
2. What if I want to access the server from a different computer? Do I copy the public key to the 2nd machine?
Thanks..
Offline
#2 2006-11-18 17:42:43
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: general ssh question
1. No, the keypair is independent from the username.
2. Yes, you need to copy the public key to any machines from which you need access.
Offline
#3 2006-11-18 17:46:31
- viniosity
- Member
- From: New York, NY
- Registered: 2005-01-22
- Posts: 404
- Website
Re: general ssh question
Ok, thanks.. I wonder why they gave me a username then? A port scan reveals ftp is open.. I wonder if they are just trying to be difficult!
One follow-up: how important is the passphrase when using ssh-keygen -t rsa? Does it just act as a salt or is there some other purpose to it?
Offline
#4 2006-11-19 01:23:59
- sh__
- Member
- Registered: 2005-07-19
- Posts: 272
Re: general ssh question
The public key goes to the server(s) you want to access, and you keep the private key to yourself.
If you want to access the server from an another computer, you should copy the private key to that computer unless you are using ssh-agent to forward your identity. It is also possible to generate another keypair for the other computer.
The passphrase protects the private key. If an attacker gets a copy of a private key that has no passphrase, it is trivial to hijack the identity (and then access all the servers that have the corresponding public key installed).
Offline
#5 2006-11-19 07:59:58
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: general ssh question
And the usrname they've given you is the name on the shell account that they've set up for you. Use the -l flag if it's different from your local username.
Offline
#6 2006-11-24 09:21:19
- IceRAM
- Member
- From: Bucharest, Romania
- Registered: 2004-03-04
- Posts: 772
- Website
Re: general ssh question
Err... I just stumbled on one thing...
As far as I know, there is "ssh-copy-id" on all systems I know. Now that I think of it, the other systems I know are Debian-based. I've looked over it right now and it looks like it is a script which "sends" a given public key using SSH to a remote account (=append the given public key to user@computer:~/.ssh/authorized_keys)
Now, my question is... why can't I find it in ArchLinux. Isn't it standard? It is VERY handy.
:: / my web presence
Offline
#7 2006-11-24 10:06:28
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: general ssh question
ssh-copy-id is in the /contrib subdirectory in openssh's source i.e. it's not actually part of openssh itself. You could post a feature request to have it included in the Arch package, and in the meantime, it's easy to find online.
Offline
#8 2006-11-24 14:55:18
- IceRAM
- Member
- From: Bucharest, Romania
- Registered: 2004-03-04
- Posts: 772
- Website
Re: general ssh question
ssh-copy-id is in the /contrib subdirectory in openssh's source i.e. it's not actually part of openssh itself. You could post a feature request to have it included in the Arch package, and in the meantime, it's easy to find online.
Thanks, I found a few months old bug entry in FlySpray on this.
:: / my web presence
Offline
Pages: 1