05-20-2013
Ssh between servers - No DSA host key is known
It seems I can do ssh <IP> but not ssh <hostname>
If I try to ssh to hostname I get the error - No DSA host key is known for host1 and you have requested strict checking.
Host key verification failed.
Where do I set up the DSA keys? Is it ssh_known_hosts?
Assume afterwards I can ssh-keygen and copy the public key back as authorized_keys to allow passwordless access?
---------- Post updated at 12:21 PM ---------- Previous update was at 12:05 PM ----------
OK. Think I sorted the DSA host key issues. So now on host_A, as user_A, I ran:-
ssh-keygen -t rsa
copied id_rsa.pub to host B (user_A/.ssh directory) and rename it to authorized_keys
So going back to host A, ssh user_A@host_B
Still prompts me for password?
10 More Discussions You Might Find Interesting
1. Cybersecurity
Hi,
I have an cron-script running ssh every 5 minutes. After a reboot cron errors as ssh is wating for a DSA key fingerprint authenticy.
The request looks as following :
The authenticity of host '*** (*.*.*.0)' can't be established.
DSA key fingerprint is... (1 Reply)
Discussion started by: davidg
1 Replies
2. UNIX for Dummies Questions & Answers
Hello all,
My first post in this forum.
I am trying to download a file from a server to which I have been granted access. They setup a DSA public key and I have a local private key.
When i try to download the file it prompts me for my password.
How can I tell unix to use the DSA key... (1 Reply)
Discussion started by: who2
1 Replies
3. Solaris
i got this while trying generating a dsa key on solaris 10 x86 platform
how can i solve it? (0 Replies)
Discussion started by: conandor
0 Replies
4. UNIX for Advanced & Expert Users
I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key :
ssh-keygen -t rsa
Is there a similar command for the other servers as well.
If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies
5. UNIX for Advanced & Expert Users
I do a ssh to remote host(A1) from local host(L1). I then ssh to another remote(A2) from A1.
When I do a who -m from A2, I see the "connected from" as "A1".
=> who -m
userid pts/2 2010-03-27 08:47 (A1)
I want to identify who is the local host who initiated the connection to... (3 Replies)
Discussion started by: gomes1333
3 Replies
6. AIX
Hi,
A VMS server want to use SFTP to transfer files to our Unix server. We received their public key. Below is the process we followed to install this public key in our unix server.
1. Go to $HOME/.ssh
2. cat public_key_vms_server >> authorized_keys2
3. Ensure this folder and file has the... (1 Reply)
Discussion started by: devina
1 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I am trying to connect through SFTP. Though the DSA 2048 public key is installed in the server machine, the connection is established only with password authentication! When i turn off password authentication in sshd_config file the connection is not working.
Please advise,
Best... (0 Replies)
Discussion started by: Maharajan
0 Replies
8. UNIX and Linux Applications
Hi,
I am trying to connect through SFTP. Though the DSA 2048 public key is installed in the server machine, the connection is established only with password authentication! When i turn off password authentication in sshd_config file the connection is not working.
Please advise,
Best... (0 Replies)
Discussion started by: Maharajan
0 Replies
9. UNIX for Advanced & Expert Users
hi All,
this issue is regarding ssh key authentication, although i have performed this activity on two separate servers, now i have to configure the same again on 2 more servers. i did everything what i did earlier but this time i am getting some error, and i am unable to understand what exactly... (2 Replies)
Discussion started by: lovelysethii
2 Replies
10. Solaris
Hi,
I got instructions from Security audit team for Solaris-10 server. They mentioned - "The sshd configuration on the host supported weak host keys and allowed password authentication on Solaris server. Enable stronger keys (2048 or 4096 bit)".
I am not clear enough, what they mean by weak... (7 Replies)
Discussion started by: solaris_1977
7 Replies
LEARN ABOUT MOJAVE
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication.
ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about host-based authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if host-
based authentication is used.
/etc/ssh/ssh_host_dsa_key-cert.pub
/etc/ssh/ssh_host_ecdsa_key-cert.pub
/etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate information corresponding with the private keys above.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
February 17, 2016 BSD