AIX

 View Only
  • 1.  Creating and using SSH key pai

    Posted Wed May 17, 2023 06:46 PM

    Hello everyone, I need your help. I am going crazy trying to make an SSH key pair to work on the AIX hosts. I created the keys using puttygen. I copied the public key information to the ~/.ssh/authorized_keys and when I try to SSH to the host from another host I get the invalid format message. It looks like the issue is with private key. I am just using the key the way it was created by puttygen I didn't make any changes to it. I am getting the error message when I run the following command from the source server:  ssh user1@host2 -i ~/.ssh/privatekey
    Am I going about it the wrong way?
    Any help with this will be appreciated.



    ------------------------------
    Manny Rivera
    ------------------------------


  • 2.  RE: Creating and using SSH key pai

    Posted Thu May 18, 2023 02:51 AM

    Hello,

    Here is one simple procedure:
    1. You create keys on localhost: ssh-keygen -t rsa (all default)
    2. Copy public key from local home (~/.ssh/id_rsa.pub) to host2 and add to user1 home directory ~/.ssh/authorized_keys: cat  id_rsa.pub >> ~/.ssh/authorized_keys
    3. Only: ssh user1@host2

    If this passes then you can try other variants.

    Best regards,



    ------------------------------
    Bratislav Petkovic
    ------------------------------



  • 3.  RE: Creating and using SSH key pai

    Posted Thu May 18, 2023 01:04 PM

    Hi Bratislav,
    Thanks for the reply. Let me try that.
    FYI... I have tried a few different ways to get it to work but it just does not want to work. I keep on getting the Server refused our key message. Also, I forgot to mentioned, I am connecting to the hosts from a Windows server and Windows 10 computer.



    ------------------------------
    Manny Rivera
    ------------------------------



  • 4.  RE: Creating and using SSH key pai

    Posted Thu May 18, 2023 04:02 AM

    You need to convert SSH public key from putty format to OpenSSH one. AFAIR puttygent has "export key in OpenSSH format" option somewhere in its menus.



    ------------------------------
    Lech Szychowski
    ------------------------------



  • 5.  RE: Creating and using SSH key pai

    Posted Thu May 18, 2023 01:12 PM

    Hi Lech,
    I tried that but it didn't work. I am getting the "Refer refused key" message.



    ------------------------------
    Manny Rivera
    ------------------------------



  • 6.  RE: Creating and using SSH key pai

    Posted Fri May 19, 2023 03:14 AM

    Create SSH key pair using the algorithm supported/allowed by OpenSSH server you want to connect to.
    Convert public key to OpenSSH format.
    Transfer converted pubkey to destination server and place it in the appropriate authorized_keys file.
    Make sure that access right of the appropriate authorized_keys file (and the whole path to this file) are set in a way that modifications are possible only for root or the user that this key will be used to authenticate as.
    Make sure OpenSSH server settings allow pubkey authentication.
    Make sure user account you are trying to is not locked and is authorized for remote logins.
    Use ssh client to connect to ssh server, making sure that pubkey authentication will be attempted and specifying the the appropriate private key. If you have ssh agent running, make sure that total number of keys to be sent to server before the appropriate one is smaller than the number of authentication retries allowed by server.
    If TCP and SSH connection is established but authentication fails, look for OpenSSH server log entries in destination system and try to find the reason there. You may have to increase OpenSSH logging verbosity to get enough info to diagnose the problem. For obvious reasons ssh server simply tells client that authentication attempt failed and does not provide any details, so you have to diagnose problem from the server side.



    ------------------------------
    Lech Szychowski
    ------------------------------