-1

Hello and thanks for reading,

Basically, I'm taking over for someone on some system admin duties, learning as I go, but one problem I've run into is not having my public RSA key put onto a particular server--one that already has RSA-only access enabled.

So, basically, I can't SSH remotely into the server, but I do have physical access to the server in question and can log in directly, with superuser powers and everything. I need to get my own public key into the directory of authorized_keys on the server, or perhaps instead generate a new key from the command line and somehow send the new private key to my laptop.

I've tried copying my public key that is on other servers connected to this one already that I can remotely SSH into, but due to the RSA key restrictions, scp doesn't seem to want to be able to connect (permission denied: publickey).

Any ideas on how best to go about this? Not sure if something like loading the public key file to the server via USB is an option, either. Like I said, kind've a noob at Ubuntu.

Thanks much in advance.

Update: Firstly, thank you all for your contribution. I've got the file onto the server now, used a USB and figured out how to mount it to the server physically and copy the file over. Now the problem is when I try to cat the public key file into the .ssh/authorized_keys file, nothing happens--it reads out the SSH key, but the authorized_keys file remains blank.

The permissions should all be set properly according to tutorials--chmod 600, 700, 755, all that, but maybe I did it wrong. No error messages pop up.

Community
  • 1
Anon
  • 1
  • I think you're overthinking this. Unless I'm misreading something you simply need to find a way to get a file onto this previously secured server, right? Stick your public key on a web server or ftp site and log in locally, then download it. –  Aug 25 '14 at 23:06
  • See: `ssh-import-id` on Ubuntu. – MikeyB Aug 27 '14 at 17:55

2 Answers2

0

This article in ubuntu's knowledge base tells you all of the steps required. https://help.ubuntu.com/community/SSH/OpenSSH/Keys

Here is the relevant information (I used this method myself on my company server, editing the file on my box):

(First, copy the file to a memory stick or to a location where you can download it once you are on the server - please read the comments below for other various methods provided by yoonix) - wget, curl, scp, ftp to a remote location where it is stored if you do not have a usb port. Another method is to email it to an account on the server.

After copying the file to the server:

The key you need to transfer to the host is in fact the public one. If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:

Copy the public key file to the server and concatenate it onto the authorized_keys file manually. It is wise to back that up first:

cp authorized_keys authorized_keys_Backup

cat id_rsa.pub >> authorized_keys

You can make sure this worked by doing:

ssh <username>@<host>

You should be prompted for the passphrase for your key:

Enter passphrase for key '/home/<user>/.ssh/id_rsa':

Enter your passphrase, and provided host is configured to allow key-based logins, you should then be logged in as usual.

Jeff Clayton
  • 128
  • 7
  • This doesn't answer the question asked. –  Aug 25 '14 at 23:08
  • He said he has physical access to the box. The second method, editing the file EXACTLY answers the question asked. – Jeff Clayton Aug 25 '14 at 23:09
  • The server is set for key authentication only. How do you expect him to use ssh-copy-id without having a key on the server already? He can't since passwords are disabled. –  Aug 25 '14 at 23:10
  • Please reread his statements, unless I misread it he stated he has physical control of the box as an admin, just not remotely. "but I do have physical access to the server in question and can log in directly" I gave multiple methods. To actually have the key to copy he would have to have it on a flash drive, etc... – Jeff Clayton Aug 25 '14 at 23:12
  • ... or he can just download the key while he's logged into the system in question. This is the public key, there's no need for a memory stick here. –  Aug 25 '14 at 23:14
  • Before counting my answer negatively - reread my posting starting at: "Another alternative is to copy the public key file to the server and concatenate it onto the authorized_keys file manually." it appears you did not read it completely. Or remotely from the inside, correct. – Jeff Clayton Aug 25 '14 at 23:14
  • His problem is he can't copy the file to the server. Read the question. –  Aug 25 '14 at 23:15
  • Back to putting it on a memory stick... – Jeff Clayton Aug 25 '14 at 23:17
  • Or curl, or wget, or ftp, or scp the file from another host... –  Aug 25 '14 at 23:18
  • So then again, you and I both answered his question, I am not saying you didn't do it right as well... – Jeff Clayton Aug 25 '14 at 23:18
  • His question was simply *how* to copy it. Most of your post is not about that. Someone else coming here to look for a solution for the answer proposed will not be able to see it easily. –  Aug 25 '14 at 23:23
  • I just added a point about skipping to that including a message about your additional methods, but I am thorough. I do not like to give partial answers. He said he was new and that says to me that he needed a complete answer. – Jeff Clayton Aug 25 '14 at 23:24
0

Thanks, everyone, for your answers, they were very helpful.

Ultimately my solution was to figure out how to mount a USB drive onto the physical server and copy over the public key file.

For whatever reason, doing the traditional concatenating of the file to the authorized_key folder wasn't working, even though I'm 99% sure I did the permissions properly, but I found out how to use Shift-Insert to just put the RSA key file info directly into authorized_keys, and it works like a charm now.

user3687873
  • 1
  • 2
    Between this and "Now the problem is when I try to cat the public key file into the .ssh/authorized_keys file, nothing happens--it reads out the SSH key, but the authorized_keys file remains blank", maybe you shouldn't have access to this server. – MikeyB Aug 27 '14 at 17:56
  • Too late, I've breached the server's RSA security, and with the nuclear launch codes I've obtained, I can now start WW3 remotely--all thanks to serverfault. – user3687873 Aug 27 '14 at 20:57