Advertisement

02.18.2008 at 06:34PM PST, ID: 23173224
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.6

Understanding SSH

Zones: BSD Unix, SSH / Telnet Software, Leopard (MAC OS 10.5)
I am trying to understand how SSH connections and keys work, but I can't seem to work out the logic exactly.  Please read and correct these statements as necessary.

1) It is possible to connect to server via SSH using password authentication, no keys.
2) It is possible to disallow password authentication by altering the the ssh_config file.
3) It is possible to connect to a server via SSH without using a password if you use a key pair.
4) A key pair can be generated on any machine.
5) You can use DSA or RSA keys - you don't need to use both.
6) DSA keys are more secure than RSA keys.
7) The mechanics of connecting with DSA keys are the same as connecting with RSA keys.
8) In order to use key-based authentication, the private key must be stored in the  ~/.ssh directory/
9) The text of the private key must be appended to the authorized_keys text file.

OK so far?  Now what?
1) What do I need to do with the public key on the client side?
2) Do I need to generate another set of keys each time I want to connect?
3) I am using a Mac.  How do I create a user ID to log in with?  Are the SSH users synonymous with the system users, i.e. the users that can log in to the Mac OS GUI?
4) When I try to connect with SSH is the username case-sensitive?

Cheers,

Mike
Start your free trial to view this solution
Question Stats
Zone: OS
Question Asked By: shacho
Solution Provided By: ravenpl
Participating Experts: 1
Solution Grade: A
Views: 17
Translate:
Loading Advertisement...
02.18.2008 at 11:56PM PST, ID: 20926461
ravenpl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.27.2008 at 03:25PM PST, ID: 20999643
shacho:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.27.2008 at 09:40PM PST, ID: 21001447
ravenpl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.28.2008 at 02:08PM PST, ID: 21008716
shacho:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.28.2008 at 10:45PM PST, ID: 21011403
ravenpl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.01.2008 at 08:07PM PST, ID: 21024902
shacho:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.01.2008 at 08:35PM PST, ID: 21024975
shacho:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.02.2008 at 12:20AM PST, ID: 21025343
ravenpl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.02.2008 at 05:12AM PST, ID: 21025863
shacho:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.02.2008 at 06:41AM PST, ID: 21026091
ravenpl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.02.2008 at 01:56PM PST, ID: 21027797
shacho:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.02.2008 at 10:23PM PST, ID: 21029344
ravenpl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.03.2008 at 03:38PM PST, ID: 21036886
shacho:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • Automotive
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Displays / Monitors
  • Handhelds / PDAs
  • Components
  • Peripherals
  • Laptops/Notebooks
  • Servers
  • Misc
  • Apple
  • Embedded Hardware
  • Networking Hardware
  • Storage
  • Desktops
  • New Users
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMware
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Virtualization
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • Web Computing
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Consulting
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMware
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Automation
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Web Services
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Web Computing
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Lounge
  • Business Travel
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
  • Automotive
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
02.18.2008 at 11:56PM PST, ID: 20926461
ravenpl:
1) yes
2) with sshd_config - the server config, ssh_config is for client
3) yes
4) yes
5) yes, but if ssh version1 is used, only rsa keys can be used
6) they say so
7) yes
8) no, ssh has the -i option to select key location
9) the public key, not private. client have the private key, server knows the public part

OK,
1) nothing. Keep it.
2) no
3) there's the same
4) on *nix based system (I consider OSX *nix based), yes
Assisted Solution
 
02.27.2008 at 03:25PM PST, ID: 20999643
shacho:
Great!  That solves most of the mystery.  I seem to have things working now.  I want the SSH server to accept connections on Port 80 - not Port 22.  How can I do this?  I tried added "Port 80" to  the ssh_config file, but it doesn't seem to do anything.  I can't connect on 80, and I CAN still connect on 22.

Mike
 
02.27.2008 at 09:40PM PST, ID: 21001447
ravenpl:
Add
Port 80
to /etc/ssh/sshd_config
on server side - restart ssh.
Assisted Solution
 
02.28.2008 at 02:08PM PST, ID: 21008716
shacho:
As I mentioned, that isn't working.
 
02.28.2008 at 10:45PM PST, ID: 21011403
ravenpl:
Do You have port 80 already taken by other service (httpd)?

Can You run sshd by hand in debug mode?
sshd -d -d
 
03.01.2008 at 08:07PM PST, ID: 21024902
shacho:
>Do You have port 80 already taken by other service (httpd)?
I don't think so.  How can I check?

>sshd -d -d
System returns:
sshd re-exec requires execution with an absolute path

I don't know the path.  Also, what is the difference between ssh_config and sshd_sonfig?
I have added "Port 80" to both, but still no change.

Mike

 
03.01.2008 at 08:35PM PST, ID: 21024975
shacho:
I gather ssh_config is the client configuration file and sshd_config is the server configuration file, yes?  I have tried changing a few things in sshd_config, but nothing seems to have any effect.  I tried turning off password authentication by adding "PasswordAuthentication no".  No change.  It still accepts password authentication.

Mike

 
03.02.2008 at 12:20AM PST, ID: 21025343
ravenpl:
> >Do You have port 80 already taken by other service (httpd)?
> I don't think so.  How can I check?
netstat -ltnp

> sshd re-exec requires execution with an absolute path
/usr/sbin/sshd

or run "whereis sshd" if it's in another location

> Also, what is the difference between ssh_config and sshd_sonfig?
One is for ssh server, the other contains defaults for ssh client.

> I have tried changing a few things in sshd_config
In /etc/ssh/sshd_config - right?
And every time sshd server was restarted - right?

Also, if running sshd in debug mode, You can specify the config file
/usr/sbin/sshd -d -d -f /etc/ssh/sshd_config
 
03.02.2008 at 05:12AM PST, ID: 21025863
shacho:

>netstat -ltnp
My system doesn't recognize that switch:
Usage:      netstat [-AaLlnW] [-f address_family | -p protocol]
      netstat [-gilns] [-f address_family]
      netstat -i | -I interface [-w wait] [-abdgt]
      netstat -s [-s] [-f address_family | -p protocol] [-w wait]
      netstat -i | -I interface -s [-f address_family | -p protocol]
      netstat -m [-m]
      netstat -r [-Aaln] [-f address_family]
      netstat -rs [-s]

>/usr/sbin/sshd
Definitely getting close!  Here's the output:
fz233:~ abcd$  /usr/sbin/sshd -d -d
debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 226
debug2: parse_server_config: config /etc/sshd_config len 226
debug1: sshd version OpenSSH_4.5p1
Could not load host key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_dsa_key
debug1: setgroups() failed: Operation not permitted
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-d'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 80 on ::.
Bind to port 80 on :: failed: Permission denied.
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 80 on 0.0.0.0.
Bind to port 80 on 0.0.0.0 failed: Permission denied.
Cannot bind any address.

>And every time sshd server was restarted - right?
Yes
 
03.02.2008 at 06:41AM PST, ID: 21026091
ravenpl:
> debug2: load_server_config: filename /etc/sshd_config
That's what used. Have You modified /etc/sshd_config or /etc/ssh/sshd_config? I know I suggested the bad one ;)

> Bind to port 80 on :: failed: Permission denied.
Aaaa, You running it as root (superuser) account?
This is MACOSX there? Is there something similar to SELinux?
Assisted Solution
 
03.02.2008 at 01:56PM PST, ID: 21027797
shacho:


>That's what used. Have You modified /etc/sshd_config or /etc/ssh/sshd_config?
I updated /etc/sshd_config.  /usr/sbin/sshd appears to be the same file.

>Aaaa, You running it as root (superuser) account?
Yes.  Should I try a different account?

>This is MACOSX there? Is there something similar to SELinux?
Yes, Mac OS X.  Not sure about security, but ssh does work on port 22.

Mike
 
03.02.2008 at 10:23PM PST, ID: 21029344
ravenpl:
Accepted Solution
 
03.03.2008 at 03:38PM PST, ID: 21036886
shacho:
You, my friend, are amazing!  Thank you VERY much!

Cheers,

Mike
 
 
20080236-EE-VQP-29 / EE_QW_2_20070628