On Fri, Jul 9, 2010 at 02:44, jmmckee <jmmckee@xxxxxxxxxxxxxx> wrote:
BEGIN RSA PRIVATE KEY
END RSA PRIVATE KEY
I was a bit concerned about the PRIVATE part.
Well, you don't need to be. The people who sent you, however, should
be, as their private key is now compromised. They need to create a new
one.
I sent several emails. ÂAnd, then was told that the original file was passphrased protected. ÂNow, I have been sent this edited file:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: imported-openssh-key
Public-Lines: 4
Private-Lines: 8
Private-MAC:
Looks like a private key again, but this time from putty (a Windows SSH client).
What do I do with this file? ÂSounds like a dumb question to me, BTW.
Nothing. It's the wrong file, you don't need it.
Here's a rundown how it works.
The SSH server (at the other company) has a public key and a private
key. The private key of the SSH server is private to the server (d'oh)
and the public key is what you see when you connect for the first
time. If they send you the public key of their server, you can verify
that you're connecting to the right server - this is then saved in
~/.ssh/known_hosts.
Basically, this:
% ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 50:53:bc:11:4f:a4:d4:d8:dd:b1:1c:0a:ea:cc:4b:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
% cat .ssh/known_hosts
|1|1J2QIidW7NisHQOsF8KJ9YX7n7A=|h9glYgEe1Sv2m1cfdr+0FOCGMXs= ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAsAk/EeXb5652ub2a2im3LQpIe/bEz+0+3YQEDarLZgFvzAX4ExJoYg9LBryCHNWCu3c2A1zYp5N2eK5VOwtiRR7/MZrereeQtUuJgQ81vdJJF4XV5xE3wrhqxCd9dkm2oCbOWVE5vjJPzbHz0xJXe4zWoSd643v+vhF3wEyDtMRgxL4uJ4OHrKGX7O3QrYd4Ti59KrpmYJzf3etqDgEWx72GTVV4xSzdeZsCsiQDQoBfFBnRHRFjFIXunxr4CRP/0oBp8JvGj8P49c+vG8SUgynd7g8KFmE3fLPLGKp9XHy7tf7iwjbhG1N9kxdjmBADMsteaX9XMKrR9BTynAg6+w==
This is only the first part of the whole public/private key stick
though - while this part has helped you to authenticate the server,
now you will need to authenticate to the server. For this, you'll need
a public and a private key yourself. You can generate one of these by
using ssh-keygen -t dsa:
% ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/lb/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/lb/.ssh/id_dsa.
Your public key has been saved in /home/lb/.ssh/id_dsa.pub.
The key fingerprint is:
13:d6:c4:a3:43:93:fb:6c:89:7a:33:48:14:7e:6d:82 lb@aerith
And from this, we also get an id_sa.pub file in the home directory,
that looks like this:
% cat .ssh/id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAKWR4DK89D8o4EWW6fTVVDiqWywHN9qm8Gia7zSR98wEmewtjAi8unUwp8nUyTvbyZPg1sZWRMn31nk/KzzD64HXCZY5RZlXzFGndLuy9LhpCegnAj8RWENVRfWKcZcbhPECDw4BQmvdjoH7qParqKDd1hLP6uhTT6GNmFXrVu+LAAAAFQDGw8kCAXDCcW+NnBSl72AqwRM2RwAAAIBdiXZz/Uq1DKOBPCYf6zoOyORwad9jJ4t2jVw5oX4m3qxho9lI57ZXkq802bXgs05i5SANWmb7li15z4+emQPXcENkdNDYGjBcCawPE3VJ1VhgzrYANx/v78SQnHa1Wt2Jgq6ezz9QAZrcKPr43BhOjrWJ5/FrX6XyWUG07wJk2AAAAIAD6A7sN9VU4JH5Wx34xNsMMFN4Wl5zgHSXX7IYQDxVQCplUVBbnh/j7wsqm8mtntKf9HMBDk0l5G1qFhoRywr77QjHbAZxfm/rt3e3mN+1fpT5+gc8YX0G9qyHKiY0CSvPgH3+npMe/V8H5dCkNA78x0606cyLWV65lKafxuKkjQ==
lb@aerith
Now, i can add this public key to my authorized_keys file:
And now, i can use this to logon automatically - here's an excerpt of
an ssh -v, which clearly shows the public key authentication working:
% ssh -v localhost
OpenSSH_5.3p1 Debian-3ubuntu3, OpenSSL 0.9.8k 25 Mar 2009
[ .. ]
debug1: Next authentication method: publickey
debug1: Trying private key: /home/lb/.ssh/identity
debug1: Trying private key: /home/lb/.ssh/id_rsa
debug1: Offering public key: /home/lb/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
[ .. ]
Last login: Fri Jul 9 08:31:53 2010 from hor-fw-02.acommit.ch
lb@aerith:lb [1|0] %
midrange.com
