1

here is the situation: i have one machine which lives at my house (lets call it house_machine) and i have another machine at my office (call this one office_machine). im using ssh with dsa key authentication and without password authentication to access home_machine from office_machine. i have set up an ssh server on home_machine and added the public key generated on office_machine to the authorized_keys file on home_machine. this works fine - i can ssh in to home_machine from office_machine just using the key and no password.

now the question: i would like to be able to access home_machine when i visit other offices simply by using the public key belonging to office_machine. ie i would like to put the public key (id_dsa.pub) on a usb drive and just copy it to the .ssh directory at another office. from what i have read on this site, others seem to have been able to do this type of thing, however it isnt working. when i try simply placing id_dsa.pub on a new machine and doing ssh -v user@home_machine the debug message ends with:

debug1: Offering public key: .ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

my temporary solution has been to set "PasswordAuthentication yes" in sshd_config on home_machine, and just use a password to get to home_machine. however this voids the point of using key-authorisation.

thanks in advance!

mulllhausen
  • 4,225
  • 7
  • 49
  • 71

1 Answers1

2

You need to copy more than just the public key - you need the private key.

In ssh, you place the public on the server side but the client side needs to have the private key.

You want to copy over the id_dsa file (not id_dsa.pub) to your USB key (make sure it's protected with a passphrase, in case it gets lost!).

You can then use that key to login to home_machine from any machine that has access to the key:

ssh -i /path/to/id_dsa user@home_machine

(it looks like you might already have a different private key on office_machine, judging by what you pasted - You might look into using ssh-agent)

Also, check /var/log/secure to see why your sshd might be rejecting key authentication (it's often an issue of permissions on the .ssh directory and its ancestors).

Ari Gesher
  • 603
  • 4
  • 6
  • thanks mate - that did work. incase anyone else reads this, if you want to copy id_dsa to your /home/userX/.ssh/ directory you also need to run `exec /usr/bin/ssh-agent $SHELL` then `ssh-add` whilst logged in as userX, otherwise the client will not now about the new private key. – mulllhausen Nov 03 '10 at 04:37
  • Good call on the agent - the details of how different environments interact with the agent (assuming it's in use - it doesn't have to be) are pretty varied depending on OS and particular build. Alternatively, (and I don't suggest unless you're sure the account is very secure otherwise), you can remove the passphrase on your key and then obviate the need for agent. I use agent to start my window manager on linux, so all processes already have an agent connection. OS X handles the keychain integration and agent for you seamlessly. – Ari Gesher Aug 19 '11 at 00:59