2

Again I have a question about an ssh issue:

On a embedded system (no display, no keyboard) my only login interface was ssh. Telnet is disabled too. (I am currently trying to enable it with only little hope...)

My only interaction at the moment is receiving a ping answer and browsing my shared files via smb://!

ssh's answer is always:

$ ssh -vvvvl root 192.168.0.3
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.3 [192.168.0.3] port 22.
debug1: Connection established.
debug1: identity file /home/simon/.ssh/id_rsa type -1
debug1: identity file /home/simon/.ssh/id_rsa-cert type -1
debug1: identity file /home/simon/.ssh/id_dsa type -1
debug1: identity file /home/simon/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-8
debug1: match: OpenSSH_4.3p2 Debian-8 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer

But I direct access to the hdd through pulling it out of the device and manipulating files on it while it is connected to another machine.

One of my last steps before I logged off and get locked out was sudo rm /etc/ssh/*host*key* followed by dpkg-reconfigure openssh-server, what failed because dpkg-reconfigure was not found. So I guess the problem is, that the keys are deleted.

My question is now: how can I off-shore create keys and provide them to sshd without running any command on the target system OR how can I make sshd let me log in without having a key?

Thanks for your help if there is any..?!

Simon
  • 4,395
  • 8
  • 33
  • 50
  • Would it be possible to mount `/etc/ssh/` of my targets hdd onto my `/etc/ssh/` and run `dpkg-reconfigure openssh-server` on my machine, or do those keys have to match anything on the 'real' setup (kernel-version, user-names, architecture…)? – Simon Feb 03 '11 at 07:57

2 Answers2

3

You can generate a new set of host keys on a handy Linux system as follows:

ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key

When ssh-keygen asks you for a passphrase, hit Enter without typing anything. Host keys must have an empty passphrase.

This creates the following files in your current directory:

ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub

You can then mount your device's hard drive and copy these four files into etc/ssh.

Note that when you try to ssh to the system afterwards, your ssh client will complain that the keys are different than expected, and probably refuse to connect. If you're running the OpenSSH client, you can correct this by using ssh-keygen again:

ssh-keygen -R <your_server_hostname>
Jander
  • 5,359
  • 1
  • 22
  • 21
  • Oh, thanks a lot! Didn't expect it that simple! This would indeed solve the problem! But it came a bit late. I suddenly had the idea to create a script in `/etc/init.d/` that runs `dpkg-reconfigure openssh-serve` on the host during boot. It created the keys successfully already and I am connected via ssh again. But many thanks for your help! – Simon Feb 03 '11 at 08:45
0

ssh -vvvvl root 192.168.0.3

should be:

ssh -vvvvl root@192.168.0.3

I don't know if that is just a typo you made while posting on stackoverflow or if you typed it in on the command line.

checkandy
  • 27
  • 2
  • `ssh -l login_name hostname` is doning the same as `ssh user@hostname`, I guess. At least it worked before I got locked out... ;-) – Simon Feb 03 '11 at 07:47