Ssh authentication setup: Difference between revisions

From Genecats
Jump to navigationJump to search
 
Line 4: Line 4:


  ssh-keygen -t rsa  # (NOTE: Just press enter for all defaults)
  ssh-keygen -t rsa  # (NOTE: Just press enter for all defaults)
  cd ~/.ssh,
  cd ~/.ssh
  cp id_rsa.pub authorized_keys
  cp id_rsa.pub authorized_keys
  chmod 600 authorized_keys
  chmod 600 authorized_keys

Latest revision as of 19:41, 4 September 2024

Auto-Login setup:

On hgwdev

ssh-keygen -t rsa  # (NOTE: Just press enter for all defaults)
cd ~/.ssh
cp id_rsa.pub authorized_keys
chmod 600 authorized_keys
cd ..

Also put these in your local soe box or laptop (i.e. screech, pfft, whatever) (your-local-box:~/.ssh)

scp -r .ssh/ your-local-box:

The .ssh/ stuff should start out identical on the two machines.

Note that permissions on .ssh should be 700 and permissions on files in .ssh/ should be 600 (or you will have a message warning).

Steps to add to qateam@hgwdev

  1. Show your authorized_keys (cat authorized_keys, this looks like ssh-rsa .......encryption.... == user@hgwdev)
  2. In a new terminal ssh to qateam and cd to the .ssh directory (this has to be someone with existing permissions)
  3. Edit the qateam@hgwdev authorized_keys file, and add the displayed authorized key for the other person then save.

Please note you should update the genecats repository version to reflect the additions. For example, cp authorized_keys ../../brianlee/genecats/qa/ssh/authorized_keys.new to then check the differences and update.

Also please note, that if you created dsa keys in the past newer versions of ssh do not like old dsa keys. It was causing the ssh passphrase forwarding to fail. So it is best to remake and replace your dsa keys with new rsa keys.

Updating known hosts

Very rarely a machine may change, for example in 2015 hgw5 was updated to a new machine. When this happens, the known_hosts file needs updating to allow connecting to hgw5, as a mismatched key will disallow connection (the different keys will suggest that hgw5 is an imposter and is not the hgw5 you originally connected to long ago, which is true, since there is a new hgw5).

To update this situation go to the .ssh directory and find the machine line in question and remove it from known_hosts, then try to connect again to the machine and you'll be asked to save the new key. Below is an example using a change where hgw5 is a new machine.

cd ~/.ssh
cat known_hosts | grep hgw5

(this is the line to remove)

emacs known_hosts   or vi known_hosts 

(remove hgw5 line with editor)

ssh qateam@hgw5

Reconnect with hgw5 and your known_hosts will save the new correct key for hgw5.