Networking :: SSH Chaining (tunnelling) With Public Keys
Sep 30, 2010
I've been searching for a while in forums about the issue I'm facing but couldn't find anything clear, or at least my net search skills are pretty lame. I'm facing a problem with prompted user password in a SSH chain connection when using authorized_keys.
I have: (1) Client - (2) Server - (3) Testing machine (testing machine is connect to Server via usb network)I've created keys for Client and Server, and updated authorized_keys in host machines with the key values: Testing machine has Server public key, and Server has Client public key.Until now everything is fine, if I try to connect via ssh the user password prompt is not shown since public key is found in authorized_keys.
For example: from Client: Code: ssh server Works fine, no password prompt.from Server: Code: ssh testing_machine Works fine, no password prompt.But if try to do that from Client only: from Client: Code: client:$ ssh server Works fine, no password prompt.from Client: Code: server:$ ssh testing_machine Asks for password.Bellow the verbose output from previous ssh command:
Code: ssh -v root(at)192.168.100.2
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.100.2 [192.168.100.2] port 22.
[Code].....
View 1 Replies
ADVERTISEMENT
Aug 2, 2011
I'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive
View 2 Replies
View Related
Jul 18, 2010
I'm trying to setup iptables to send web (tcp?) traffic through Squid and Privoxy transparently (to save having to setup everything per browser and hoping they honor their settings). I know I have done this before but I can't find the old config nor remember the exact options needed to do this.What I am wanting specificially is for Privoxy to grab the data as it leaves the browser, do its thing then pass it on to Squid before sending it down the line, then doing the same incoming (Privoxy -> Squid -> requesting app).
View 1 Replies
View Related
Jun 21, 2009
I have two computers running Debian Squeeze. I'm trying to set up the public keys for them so that I don't need to use passwords to log in. As far as I know, I did the same thing for both, however only one is working.Here is the connection output for eachBroken:
Code:
OpenSSH_5.1p1 Debian-5+b1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
[code]...
View 2 Replies
View Related
Sep 23, 2010
I'm getting some errors while trying to do an update:How can I know which are the apps that are causing this, and how should I remove/update these?This is my /etc/apt/sources.list
Code:
deb http://archive.canonical.com/ubuntu lucid partner
deb-src http://archive.canonical.com/ubuntu lucid partner
deb http://linux.dropbox.com/ubuntu lucid main
deb-src http://linux.dropbox.com/ubuntu lucid main
[code]....
View 4 Replies
View Related
Mar 12, 2011
I've got a slight issue with logging into my server using public keys.
It was working fine, until I had to rebuild my desktop machine. I had the key copied to the server, and passwordless logins where fine.
However now I have rebuilt my desktop, I cant get to the login.
So heres whats happend.
Rebuilt id_rsa.pub, server will not allow login. Remove id_rsa.pub and the server allows password based login.
On the server, removed authorized_keys and known_hosts. makes no difference. Server still disallows keyfile, but will allow password when id_rsa is not present on the client.
Heres a -v of the login chat with keyfile
Code:
michael@eve:~$ ssh -v server
OpenSSH_5.5p1 Debian-6, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server [ser.ver.ip] port 22.
[Code]....
So, is there anyway of getting the server to forget the previous keys, it is remembering, As previousily said, I have completly removed the contents of ~/.ssh/ on both the clients and the server.
View 11 Replies
View Related
Feb 27, 2011
I'm trying to set up my laptop to ssh into my home server, but I'm trying to find how to generate the public/private keys. I was able to do it in Slack 12.2 by just running ssh-keygen, but that command is not in 13.x.
View 2 Replies
View Related
Feb 7, 2010
I started another thread on this (URl...), but the topic was not specific to what I now know the problem to be. So Ive started a more appropriately titled thread.In my local network I SSH (via Putty) to my Ubuntu 9.1 server and the tunnel a VNC connection through to it. No problems at all. I forward port 5900 through SSH to do this. My local servers have port 5900 blocked, so I know it is tunnelling correctly without trying to access port 5900. I cannot VNC directly to port 5900, as I would expect. Everything works just as expected.
When I SSH external to my router a I use a virtual server connection through port 22. This works just fine.I then start a VNC session, in the exact same way as I do localy, tunnelled through port 5900. Specifically I tunnel port 5900 to my.router.public.ip port 5900. However when I start up VNC it times out. The reason is that my firewall blocks a request to my routers public IP address from port 5900 on the server running SSH as follows :I have tried this both with the Ubuntu built in desktop and with x11vnc. Both give identical results. When I start x11vnc I tell it to listen on port 5900. This, as explained above, wokrs just fine in my internal network and does NOT put out any requests on port 5900.
View 3 Replies
View Related
Jul 19, 2010
Another question though...i have a fedora 12 server set up and i have created 3 sudo users. I have created 3 putty keys (public and private) using putty key gen and basedn my research i was told to put the public keys in /home/"user"/.ssh/authorized_keys .I did that but when i tried to log on using the key...the server is saying "server refused key" could anyone assist in this issue
View 4 Replies
View Related
Aug 10, 2010
My ISP has for a long time had a broken forward/reverese DNS so that my ADSL connection with static IP address resolves to a completely different IP address on a reverse query. This has not been a problem until I upgraded a remote server from 10.3 to 11.3 last weekend and now ssh connections from my ADSL connection to it using public/private keys are being rejected with the following message in /var/log/messages (IP addresses changed):
Aug 10 12:00:32 penguin1 sshd[1270]: Address 83.175.246.243 maps to 83-175-246-243.static.dsl.aupex.com, but this does not map back to the address - Possible Break in Attempt!
But if I log in interactively with username & password, the connection succeeds. I've changed the StrictModes setting in sshd_config to 'no' but this hasn't resolved the problem. Obviously something in 11.3 is being stricter about this IP mismatch than it was in 10.2 (and no, the server is not using a firewall). There must be something I can change to make sshd more permissive? I've tried before to get my ISP to fix their problem but no luck. This needs to be sorted as a server at my home (which does not run SuSE) retrieves backups from the remote OpenSuSE 11.3 server every night using scp and these are now failing.
View 3 Replies
View Related
Jan 26, 2010
I installed OpenSSH via tasksel and am using Webmin for administration. I'd like to be able to SSH externally and want to setup the necessary public/private keys to use in FileZilla. In Webmin, under Servers > SSH Server I can click 'Host Keys' and see an RSA key. Is this the public or private key for my server? Do I need to copy this into a text file to import it into FileZilla on my remote PC (that I want to connect from)? Is that all that needs to be done (aside from opening the port on my router/firewall)? Or, is there an automated way to set this up via Webmin?
View 1 Replies
View Related
Mar 26, 2010
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
View 5 Replies
View Related
Mar 31, 2010
I am using Nautilus to connect to an external server. Currently, I use password authentication, and all works fine. I just type sftp://SERVER and the connection is established after providing the login credentials. However, I changed the server to only accept Public Key Authentication and disabled password authentication, and as a consequence I could not login using Nautilus anymore. Is there some way to make this work?
View 9 Replies
View Related
Sep 9, 2010
My calling application will accept only strings and interger. we are replacing RSA bsafe library to openssl. using RSA bsafe, we have generated the private and public key in BER format. Then convert the keys, BER format into ASCII format to send the calling function. (these everything done by using RSA supplied bsafe library) same way i have to right using openssl..i m now able convert the RSA public and private key into DER format
rsa = RSA_generate_key(1024, 3, NULL, NULL);
{
size_t size;
[code]....
View 1 Replies
View Related
Aug 25, 2011
I am trying to configure my IPv6 network. My computers are behind a Fedora gateway IPv6-configured, which is working great. But for computers inside my network, it seems I am getting only internal addresses from DHCP. Here is my ifconfig for an internal computer:
Quote: em1 Link encap:Ethernet HWaddr F4:6D:04:34:92:2B inet addr:192.168.0.184 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::f66d:4ff:fe34:922b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:744250 errors:0 dropped:0 overruns:0 frame:0 TX packets:548987 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:841392242 (802.4 MiB) TX ytes:60384500 (57.5 MiB) Interrupt:18 Memory:f7100000-f7120000
he-ipv6 Link encap:IPv6-in-IPv4 inet6 addr: 2001:470:1c:611::3/64 Scope:Global inet6 addr: fe80::cea7:b778/128 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:61 dropped:0 overruns:0 carrier:61 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[Code]....
View 2 Replies
View Related
Feb 21, 2011
Not sure why this is happening. I've tried searching for a solution but it's not clear where I went wrong. I wasn't doing any real modifications to anything.
Attached is a picture of Nautilus not changing with one of the default themes, "High Contrast".
View 2 Replies
View Related
Apr 11, 2011
I'm trying to access a remote computer by tunnelling VNC through ssh. I've used VNC for years, but never through ssh. Both computers are running Fedora 14, installed by me. Doing a general Internet search, I found three articles, and they all had basically the same instructions. However, they don't seem to work. Here's what I did. Call my local computer "computer A," and the remote computer "computer B." I installed vncserver on B using yum:
(1) yum install tigervnc-server
(2) Then on B I started the server:
vncserver The first time you do this, you're asked to set up a password. Everything else was automatic. I did nothing to /etc/sysconfig/vncservers.
(3) With vncserver running on B, on A I issued the following command:
ssh -L 5901:localhost:5901 username-on-B@IP-address-for-B After giving the password, this logged me into a terminal session on B.
(4) At that prompt on B, I issued this command:
vncviewer localhost:1 According to the tutorials I found, this is the last step. The desktop window on B should open. It does not work. The following error was given: vncviewer: unable to open display "" What am I doing wrong? How does one tunnel VNC through ssh?
View 7 Replies
View Related
Jan 3, 2011
Today I tried using PuTTY to set up a socks proxy on my local machine, a procedure I used to do when I was not using Ubuntu which used to work flawlessly and out of the box... however, apparently putty is not able to set up a port on my PC, but if I use ssh -Dport, everything works smoothly. Again, this used to work out of the box on other distros... any hints?
P.S.: This is the third problem I'm having with standard operations in Ubuntu: pinentry-qt4 does not work, the scanner needs manual setting to permissions, now this... isn't this distribution supposed to be user friendly? I'm resorting to the terminal more than I ever did.
View 1 Replies
View Related
Sep 24, 2010
I run the following file with the >log.log redirector and it does not capture errors.
#!/bin/bash
echo ************************BEGIN LOG******************************
date +"%m/%d/%Y %H:%M:%S $HOSTNAME"
cp -f /scripts/original/clamscans.log /scripts
[code]....
The following errors show up when I run from the file from the term window, but are not written to log.log:
tar: /public/public/clamscans/*.txt: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors
mv: cannot stat `/public/public/clamscans/*.txt': No such file or directory
I know with windows you can add the 2>&1 to capture error data. Is there such a thing for Linux?
View 2 Replies
View Related
Mar 3, 2010
How can I forward all traffic from a public IP to another public IP. Let's say I have a first debian box named box1 with eth0 = 1.1.1.1 and eth0:1 = 1.1.1.2 and I want to forward all traffic from 1.1.1.2 to "box2" located somewhere else over the internet and having for eth0 2.2.2.2 Both 1.1.1.0/24 and 3.3.3.0/24 are public IP ranges.
View 1 Replies
View Related
Apr 17, 2010
I don't know if this is a configuration issue or a hardware issue, but I have a Kinesis Advantage USB keyboard and for some reason the F3-F5 keys aren't responding as they used to. They don't respond to anything and, when I tried using F5 on Emacs, it said <XF86AudioNext> is undefined, so I guess it's a weird mapping problem.
Any idea how I could remap them to the original meaning?
View 2 Replies
View Related
Apr 20, 2011
ls -al ../public-back
drwxrwxr-x 4 apache apache 4096 Apr 19 03:32 templates
ls -al ../public-back/templates
drwxrwxr-x 2 apache apache 4096 Apr 19 03:33 content
[code]....
How do I move the contents of /public-back/templates recursively with permissions into /public/templates ?
View 2 Replies
View Related
Jun 27, 2011
Just wondering if Ubuntu has an Accessibility equivalent for sticky keys and mouse keys.
View 1 Replies
View Related
Apr 7, 2011
I'm running Debian (Squeeze) and I have a toshiba portege m700. It has five buttons on the front just under the screen, which are the only ones accessible when you flip the screen over into tablet mode. One of them is for rotating the screen, and another is for switching to external display. I want to remap the remaining three to control, alt and super so that I can use shortcuts with the stylusThe problem is, when I used showkey to find out the key codes, I found out that each button generates more than one key code:Button 1:
key 126 press >> super_r, although this is distinct from the actual super key (125)
key 7 press >> 6
key 7 release
key 126 release
View 4 Replies
View Related
Nov 18, 2010
I set up an SSH server on my home machine and finally figured out that I needed to disable password authentication to get RSA authentication enabled. Now I'm having problems with that too.ssh -v -i id_rsa ashtray@x.x.x.83
Code:
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
[code]....
View 1 Replies
View Related
Jul 18, 2011
I want to use my personal computer remotely. The problem is my computer is connected to a local network that I can't modify. I can connect from my computer to another one that has public IP via ssh. Is it possible to login to the "proxy" computer from somewhere and somehow use the connection established before to connect to my PC?
View 3 Replies
View Related
Mar 22, 2010
How to do NAT in Iptables? ..I am trying to NAT IP public:Port to Internal IP:Port (202.a.b.c SMTP to 172.16.1.169 SMTP) ..
View 14 Replies
View Related
Apr 13, 2010
I have a PC which has a Public IP.It is a webserver but it is not a proxy server.I want to be ableto do an ssh to the machines which are behind this webserver on LAN in one step.Right now I do an SSH to this webserver and then do an SSH to any other machine on my LAN how can I do it in one step.
View 3 Replies
View Related
Jan 14, 2011
I just set up my ubuntu 10.10, which boot up by usb drive,
and I found a problem that I can't get my internet when I was
sitting in a public library. The firefox show me every website is
untrust. Normally, when first connect to this network, I need to
accept a library contract on webpage, which called spyder.local.
Does anyone could fix it? or there is something related to the
firefox setting. I currently keep every setting by default
View 1 Replies
View Related
Jan 4, 2011
I recently purchased a block of 5 IPs from Comcast. I have a computer running Arch Linux connected to the Comcast gateway they gave me. On my connected computer I have 2 Windows XP virtual machines running. Now I was wondering how can I make each of those virtual machines have a different public IP, because currently the only thing I can get working is have the computer and both virtual machines sharing the same public IP.
View 3 Replies
View Related
