generating a ssh key without ssh-keygen

Discussion in 'Linux Networking' started by Abi, Jan 12, 2004.

  1. Abi

    Abi Guest

    I have a server that runs linux (REDHAT) and a client running Solaris.
    I'd like to connect to the server sshd using a ssh client but the I
    don't have ssh-keygen in the client.
    Is there a way in which I can generate the required public and private
    keys on my server and then put it on my client?

    abi
     
    Abi, Jan 12, 2004
    #1
    1. Advertisements

  2. Abi

    Carl Guest

    ? I don't quite follow. You know how to use ssh-keygen, and if you have
    said program on your server you can use it to create a key-pair. Use a
    floppy and take it to your client. Are you asking how to do this whole
    process? are you asking how to initiate a ssh connection using a key?

    clg
     
    Carl, Jan 12, 2004
    #2
    1. Advertisements

  3. I could send you one. What are the username and IP address where you
    intend to install it ?

    Or you could generate them on the server and save them to filenames not
    already in use.
     
    all mail refused, Jan 12, 2004
    #3
  4. Hopefully that's a joke. In case it's not obvious, doing this would
    be the equivalent of giving out the password to the account in question.
    There's a good chance ssh-keygen really is on the client (it's required
    to generate the host keys if sshd is installed) but you can generate
    keys on the server and copy them:

    [Server]
    $ ssh-keygen -t rsa -f $HOME/.ssh/tmp_rsa
    (Enter pass phrase)
    $ cat $HOME/.ssh/tmp_rsa.pub >>$HOME/.ssh/authorized_keys
    (if you want to allow the new key to access the server)

    [Client]
    $ scp server:.ssh/tmp_rsa $HOME/.ssh/id_rsa
    $ scp server:.ssh/tmp_rsa.pub $HOME/.ssh/id_rsa.pub

    Once you've tested it, delete the tmp files from the server.
     
    Darren Tucker, Jan 12, 2004
    #4
  5. OpenSSH works well on Solaris as well. Why dont you upgrade the solaris
    box?


    P.Krumins
     
    Peteris Krumins, Jan 12, 2004
    #5
  6. I don't think it matters what Unix like system you generate ssh keys on,
    any more than it matters (it doesn't) which systems you use your public
    key (authorized_keys) on. I use the same authorized keys generated in
    Linux for Linux, Solaris, FreeBSD and NetBSD servers.

    However, if you generate private keys on a server, you probably want to
    remove them promptly for safe keeping, especially if you use any without a
    strong passphrase.
     
    David Efflandt, Jan 13, 2004
    #6
  7. Abi

    Abi Guest

    Thanks for all your replies.
    the problem was that when I generate a private and public key pair on
    the server, I get the server name added to the private key. So, when
    I copied that file on to the client and ran

    $ ssh server -l username

    it still asked me for a password. this is what I ran on the server

    $ ssh-keygen -t dsa -f ./private
    $ cat ./private.pub >> ./ssh/authorized_keys
    $ ftp client
    mput ./private

    and in the client

    $ mv ./private .ssh/id_dsa

    is there something wrong in what I do.
    Hope I am clear

    abi
     
    Abi, Jan 13, 2004
    #7
  8. Abi

    Carl Guest

    they name of the key is irrelevant. You can rename it at your leisure.

    did you enter an empty passphrase for your key you generated?
    try this

    ssh -2v server -l username

    that should force protocol 2 and give more detail about the failure.

    oh and be sure to check the permissions on your key files on both the
    server and the client.

    my authorized_keys file is 700

    I tested exactly what you did, sans the file transfers and it works
    fine, with the -2.

    Also note that dsa has issues and perhaps the server admin disabled dsa
    keys, try it with rsa.


    cl



    im using a windows client so I cant help there...
     
    Carl, Jan 13, 2004
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.