FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 12-18-2009, 08:25 AM
Tim Frost
 
Default How to set up ssh connection to another system using "Passwords and Encryption Keys"?

On Thu, 2009-12-17 at 17:03 +0000, Chris G wrote:
> Can anyone point me at some instructions which show how to set up an
> ssh connection using the Passwords/Keys kept in "Passwords and
> Encryption Keys" (that's actually seahorse).

If you have an SSH user key that is loaded, then you can use that key
for any/all hosts that you want to log in to. On the initiating side,
there are several factors that need to be considered:
1: If the remote end needs particular settings, they can be
set in .ssh/config:
- you can set the remote userid
- you can force the SSH protocol version
- you can explicitly force the X11 and pot forwarding settings

2: To get 'passwordless' authentication, you need to ensure that the
public key matching the private SSH key loaded into seahorse (or an
alternative SSH key agent) is in place for all servers that you need
access to. Servers that run openssh support this, with a list of SSH
public keys in file '$HOME/.ssh/authorized_keys', which can be used to
log in without supplying a password

Ubuntu provides a tool, ssh-copy-id, which takes the list of private
keys in your agent (which may be seahorse, ssh-agent or an alternative
program), and appending the corresponding public keys to the file
'.ssh/authorized_keys' on the server. That tool asks once for your
password on the server.


If the correct key (or keys) have been copied, then you should be able
to use SSH to access the remote system without providing the password
for the remote system.



>
> I've hunted and hunted but can't find anywhere that gives step by step
> instructions on how to do it. E.g. I want something like:-
>
> 1 - Create a new XXX entry in "Passwords and Encryption Keys"
> 2 - Copy the public key to the remote system
> 3 - Logout and log back in again
> 4 - ssh to the remote system should now work 'passwordless'
>
> I need to know what needs to be installed and running on the system as
> well as a "what the user does" sequence. Currently I have done
> something like the sequence outlined above but it simply doesn't work
> at all.
>
> --
> Chris Green
>
>


--
Tim Frost <timfrost@xtra.co.nz>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-18-2009, 10:03 AM
Chris G
 
Default How to set up ssh connection to another system using "Passwords and Encryption Keys"?

On Thu, Dec 17, 2009 at 11:05:20PM +0100, Tom H wrote:
> > Can anyone point me at some instructions which show how to set up an
> > ssh connection using the Passwords/Keys kept in "Passwords and
> > Encryption Keys" (that's actually seahorse).
> >
> > I've hunted and hunted but can't find anywhere that gives step by step
> > instructions on how to do it. *E.g. I want something like:-
> >
> > * *1 - Create a new XXX entry in "Passwords and Encryption Keys"
> > * *2 - Copy the public key to the remote system
> > * *3 - Logout and log back in again
> > * *4 - ssh to the remote system should now work 'passwordless'
> >
> > I need to know what needs to be installed and running on the system as
> > well as a "what the user does" sequence. *Currently I have done
> > something like the sequence outlined above but it simply doesn't work
> > at all.
>
> Hope these help:
> http://www.debianadmin.com/ssh-key-authentication-using-seahorse-gui.html

Well that confirms that I was doing the right thing, as I have since
reported it's broken and simply does nothing useful after you have
entered the key as described above.

Seahorse itself works OK, it creates the keys in the right places on the
local and the remote system. What doesn't work at all is the gnome
keyring which is supposed to replace ssh-agent. It is fixable though,
I think.


> https://bugs.launchpad.net/seahorse/+bug/201786
>
I think this is one error I'm not seeing!

Thanks for the links.

--
Chris Green


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-18-2009, 10:10 AM
Chris G
 
Default How to set up ssh connection to another system using "Passwords and Encryption Keys"?

On Fri, Dec 18, 2009 at 10:25:52PM +1300, Tim Frost wrote:
> On Thu, 2009-12-17 at 17:03 +0000, Chris G wrote:
> > Can anyone point me at some instructions which show how to set up an
> > ssh connection using the Passwords/Keys kept in "Passwords and
> > Encryption Keys" (that's actually seahorse).
>
> If you have an SSH user key that is loaded, then you can use that key
> for any/all hosts that you want to log in to. On the initiating side,
> there are several factors that need to be considered:
> 1: If the remote end needs particular settings, they can be
> set in .ssh/config:
> - you can set the remote userid
> - you can force the SSH protocol version
> - you can explicitly force the X11 and pot forwarding settings
>
> 2: To get 'passwordless' authentication, you need to ensure that the
> public key matching the private SSH key loaded into seahorse (or an
> alternative SSH key agent) is in place for all servers that you need
> access to. Servers that run openssh support this, with a list of SSH
> public keys in file '$HOME/.ssh/authorized_keys', which can be used to
> log in without supplying a password
>
> Ubuntu provides a tool, ssh-copy-id, which takes the list of private
> keys in your agent (which may be seahorse, ssh-agent or an alternative
> program), and appending the corresponding public keys to the file
> '.ssh/authorized_keys' on the server. That tool asks once for your
> password on the server.
>
>
> If the correct key (or keys) have been copied, then you should be able
> to use SSH to access the remote system without providing the password
> for the remote system.
>
Yes, I understand the ssh basics. In addition I can now confirm that
seahorse does its job correctly, creates the keys and puts them in the
right places. What *doesn't* work at all is gnome-keyring-daemon
which is supposed to replace ssh-agent. It's all very broken on my
xubuntu 9.10 system and I suspect it's not much different on ubuntu 9.10.

There are two problems. Firstly by default (I think) you end up with
both ssh-agent *and* gnome-keyring-daemon running which is decidedly
not a good idea.

So I've configured ssh-agent not to run. It then turns out that
gnome-keyring-daemon isn't set up to work as a ssh-agent replacement,
I'm still working on getting that side of things working. I have now
at least got to the stage where running ssh pops up a window asking
for my ssh key passphrase. What I'm ultimately after is getting it
all to work completely transparently using my login password as the
ssh key passphrase.
>
>
> >
> > I've hunted and hunted but can't find anywhere that gives step by step
> > instructions on how to do it. E.g. I want something like:-
> >
> > 1 - Create a new XXX entry in "Passwords and Encryption Keys"
> > 2 - Copy the public key to the remote system
> > 3 - Logout and log back in again
> > 4 - ssh to the remote system should now work 'passwordless'
> >
> > I need to know what needs to be installed and running on the system as
> > well as a "what the user does" sequence. Currently I have done
> > something like the sequence outlined above but it simply doesn't work
> > at all.
> >
> > --
> > Chris Green
> >
> >
>
>
> --
> Tim Frost <timfrost@xtra.co.nz>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
Chris Green


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-18-2009, 03:54 PM
Chris G
 
Default How to set up ssh connection to another system using "Passwords and Encryption Keys"?

On Fri, Dec 18, 2009 at 11:10:01AM +0000, Chris G wrote:
> >
> > If the correct key (or keys) have been copied, then you should be able
> > to use SSH to access the remote system without providing the password
> > for the remote system.
> >
> Yes, I understand the ssh basics. In addition I can now confirm that
> seahorse does its job correctly, creates the keys and puts them in the
> right places. What *doesn't* work at all is gnome-keyring-daemon
> which is supposed to replace ssh-agent. It's all very broken on my
> xubuntu 9.10 system and I suspect it's not much different on ubuntu 9.10.
>
> There are two problems. Firstly by default (I think) you end up with
> both ssh-agent *and* gnome-keyring-daemon running which is decidedly
> not a good idea.
>
> So I've configured ssh-agent not to run. It then turns out that
> gnome-keyring-daemon isn't set up to work as a ssh-agent replacement,
> I'm still working on getting that side of things working. I have now
> at least got to the stage where running ssh pops up a window asking
> for my ssh key passphrase. What I'm ultimately after is getting it
> all to work completely transparently using my login password as the
> ssh key passphrase.

I've finally got it all working. :-)

It doesn't actually need a *lot* of fixes/changes/workarounds.

Basically (if I have remembered it all) the changes are:-

Delete "use-ssh-agent" from the file /etc/X11/Xsession.options,
this prevents ssh-agent from starting which you don't want because
gnome-keyring-daemon is trying to do teh same thing.

Add the following to your .profile (or .xprofile, or whatever is
needed to get it to run after you log in)

eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK
export GNOME_KEYRING_SOCKET

That's it, I then deleted the existing Passwords entries I had in
"Passwords and Encryption Keys" and set up an ssh key in My Personal
Keys for ssh login to other systems. Log out, log back in again and
when you ssh to a system you have set up it asks for the passphrase to
the ssh key and, when you have entered it, asks if you want to store
it in the login keyring, say 'yes' and you're there.

Most of my pain was because it's difficult to follow how it's all
supposed to work and there's very little good documentation. Then,
given that there's a bug in it, it becomes really painful to sort out.

The bug (or several closely related ones) *has* been reported, that's
what set me on the trail to getting it to work for me.

--
Chris Green


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org