Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSH Keys

Posted on 2014-09-05
11
Medium Priority
?
297 Views
Last Modified: 2014-09-20
I followed the steps here and now I am locked out:

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

In putty do I need to some how upload my key file? What did I do wrong?

I am getting access denied when logging in as root.
0
Comment
Question by:Starquest321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 

Author Comment

by:Starquest321
ID: 40307041
What seems to mess me up is this step:

PermitRootLogin without-password

I changed the file from the orignal:
PermitRootLogin yes

I am trying to understand: do I need a saved copy of the public key on my (windows based ) laptop?
0
 
LVL 4

Accepted Solution

by:
Manfred Bertl earned 336 total points
ID: 40307235
No, the key will be stored after first login. After that, login works normal.
0
 

Author Comment

by:Starquest321
ID: 40307501
So when I do this on the cent os box:
ssh-copy-id user@123.45.56.78

I can "ADD" approved "users" and "ips" for login? Is that how this works?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:Starquest321
ID: 40307502
Also during the setup in their instructions I added a passpharse. How can I remove that?
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 1332 total points
ID: 40307628
>> I added a passpharse. How can I remove that?
You can't remove that passphrase, it is to protect your private key. That's what it is meant for.

Can you logon as a normal user? If so, do that, then su to root and undo that last PermitRootLogin change you made. Restart sshd and test with another session if you can logon now.

When changing sshd config, always keep the session open that you used to change the configuration. So if things go wrong you can undo the changes.
0
 

Author Comment

by:Starquest321
ID: 40307635
I undid that last PermitRootLogin .. and I can login fine. Does that still mean I have SSH enabled? How can I check?
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 1332 total points
ID: 40307650
>> How can I check?

You logon like this:

ssh your_user@your_host

and then you get a prompt on your_host

all without typing a password.
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 1332 total points
ID: 40307652
You are using PuTTY right? Are you running Putty Agent (Pagent) as well?
0
 

Author Comment

by:Starquest321
ID: 40307669
I am running Putty. What is Putty Agent ?
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 1332 total points
ID: 40307723
Putty Agent is installed with Putty. You use the agent to load your private ssh key(s) and enter the passphrase once. Then you configure Putty to use ssh keys (pointing to your private key) and putty will see that the agent has already loaded the private key. That way you only have to enter the passphrase once and just use putty (saved) sessions to connect to your hosts.
0
 
LVL 30

Assisted Solution

by:serialband
serialband earned 332 total points
ID: 40315466
If you use pageant.exe (Putty Agent), you'll be able to cache the key's passphrase and key your private keys loaded, until you restart pageant, usually when you reboot.
http://winscp.net/eng/docs/ui_pageant  <-- it's the same for putty & winscp.

You could also attach the key to your putty profile.  In the Putty Configuration, under the Connection --> SSH --> Auth, there's a place to attach your private key file.  You can save the profile.  This will load your key with each connection, but you'll have to enter a passphrase each time  http://www.howtoforge.com/ssh_key_based_logins_putty_p3

If you want to change your passphrase, you'll need to use puttygen.exe.  Load the private key.  Enter the current passphrase.  Then in the window change the Key Passphrase and Confirm.  You can also remove the passphrase, by setting it to a blank, but I don't recommend it.  It's much, much better to set a passphrase and use pageant.exe to keep your private key protected.

Make sure you get the putty "suite" either in the zip file or the exe installer.  I use the zip file so I can put it where I want and I don't need administrator permissions to "install" it.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question