Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ ssh-keygen -t rsa -f ~/.ssh/production-key.id_rsa
- .ssh$ ls -l
- total 36
- -rw-rw-r-- 1 viggy viggy 234 Dec 22 15:21 config
- -rw------- 1 viggy viggy 1766 Dec 22 15:03 development-key.id_rsa
- -rw-r--r-- 1 viggy viggy 397 Dec 22 15:03 development-key.id_rsa.pub
- -rw------- 1 viggy viggy 1766 Dec 22 13:12 production-key.id_rsa
- -rw-r--r-- 1 viggy viggy 397 Dec 22 13:12 production-key.id_rsa.pub
- -rw------- 1 viggy viggy 1766 Sep 5 20:36 id_rsa
- -rw-r--r-- 1 viggy viggy 403 Sep 5 20:36 id_rsa.pub
- -rw-r--r-- 1 viggy viggy 4422 Dec 22 11:45 known_hosts
- vim config
- Host production
- HostName xx.xxx.xx.xxx
- User myuser
- IdentityFile ~/.ssh/production-key.id_rsa
- Host development
- HostName xx.xxx.xx.xxx
- User myuser
- IdentityFile ~/.ssh/development-key.id_rsa
- cd ~/.ssh
- vim authorized_keys // deleted contents of this file and copied my development-key.id_rsa.pub into it and saved file
- cat authorized_keys // looked at contents to confirm it matched my development-key.id_rsa.pub
- $ ls -l | grep home
- drwxr-xr-x 6 root root 4096 Aug 7 2012 home
- $ ls -l | grep myuser
- drwxr-xr-x 16 myuser myuser 4096 Dec 22 17:47 myuser
- $ ls -la | grep .ssh
- drwx------ 3 myuser myuser 4096 Dec 22 15:32 .ssh
- ~/.ssh $ ls -l | grep authorized_keys
- -rw------- 1 myuser myuser 396 Dec 22 15:32 authorized_keys
- $ cd /etc/ssh
- $ head -n 1000 sshd_config | grep 'PasswordAuthentication'
- #PasswordAuthentication yes
- $ head -n 1000 sshd_config | grep 'AllowUsers'
- $ head -n 1000 sshd_config | grep 'DenyUsers'
- head -n 1000 sshd_config | grep 'PubkeyAuthentication'
- PubkeyAuthentication yes
- $ head -n 1000 sshd_config | grep 'RSAAuthentication'
- RSAAuthentication yes
- RhostsRSAAuthentication no
- sudo restart ssh
- ls -A /home
- .directory lost+found quota.group someuser
- myuser passenger quota.user
- / $ locate sshd_config
- /etc/ssh/sshd_config
- /usr/share/doc/openssh-client/examples/sshd_config
- /usr/share/man/man5/sshd_config.5.gz
- ssh -vv myuser@xx.xxx.xx.xxx
- OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
- debug1: Reading configuration data /home/viggy/.ssh/config
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: /etc/ssh/ssh_config line 19: Applying options for *
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to xx.xxx.xx.xxx [xx.xxx.xx.xxx] port 22.
- debug1: Connection established.
- debug1: identity file /home/viggy/.ssh/id_rsa type 1
- debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
- debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
- debug1: identity file /home/viggy/.ssh/id_rsa-cert type -1
- debug1: identity file /home/viggy/.ssh/id_dsa type -1
- debug1: identity file /home/viggy/.ssh/id_dsa-cert type -1
- debug1: identity file /home/viggy/.ssh/id_ecdsa type -1
- debug1: identity file /home/viggy/.ssh/id_ecdsa-cert type -1
- debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
- debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
- debug2: fd 3 setting O_NONBLOCK
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: mac_setup: found hmac-md5
- debug1: kex: server->client aes128-ctr hmac-md5 none
- debug2: mac_setup: found hmac-md5
- debug1: kex: client->server aes128-ctr hmac-md5 none
- debug1: sending SSH2_MSG_KEX_ECDH_INIT
- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
- debug1: Server host key: RSA 42:f0:18:ae:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
- debug1: Host 'xx.xxx.xx.xxx' is known and matches the RSA host key.
- debug1: Found key in /home/viggy/.ssh/known_hosts:3
- debug1: ssh_rsa_verify: signature correct
- debug2: kex_derive_keys
- debug2: set_newkeys: mode 1
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug2: set_newkeys: mode 0
- debug1: SSH2_MSG_NEWKEYS received
- debug1: Roaming not allowed by server
- debug1: SSH2_MSG_SERVICE_REQUEST sent
- debug2: service_accept: ssh-userauth
- debug1: SSH2_MSG_SERVICE_ACCEPT received
- debug2: key: /home/viggy/.ssh/id_rsa (0xb8bab790)
- debug2: key: viggy@teamviggy (0xb8bb1e18)
- debug2: key: viggy@teamviggy (0xb8bb1cb8)
- debug2: key: /home/viggy/.ssh/id_dsa ((nil))
- debug2: key: /home/viggy/.ssh/id_ecdsa ((nil))
- debug1: Authentications that can continue: publickey,password
- debug1: Next authentication method: publickey
- debug1: Offering RSA public key: /home/viggy/.ssh/id_rsa
- debug2: we sent a publickey packet, wait for reply
- debug1: Authentications that can continue: publickey,password
- debug1: Offering RSA public key: viggy@teamviggy
- debug2: we sent a publickey packet, wait for reply
- debug1: Authentications that can continue: publickey,password
- debug1: Offering RSA public key: viggy@teamviggy
- debug2: we sent a publickey packet, wait for reply
- debug1: Authentications that can continue: publickey,password
- debug1: Trying private key: /home/viggy/.ssh/id_dsa
- debug1: Trying private key: /home/viggy/.ssh/id_ecdsa
- debug2: we did not send a packet, disable method
- debug1: Next authentication method: password
- myuser@xx.xxx.xx.xxx's password:
- ssh -vv myuser@xx.xxx.xx.xxx
- OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
- debug1: Reading configuration data /home/viggy/.ssh/config
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: /etc/ssh/ssh_config line 19: Applying options for *
- #============= sshd_t ==============
- allow sshd_t home_root_t:file { read getattr open };
- Host production
- HostName xx.xxx.xx.xxx
- User myuser
- IdentityFile ~/.ssh/production-key.id_rsa
- Host development
- HostName xx.xxx.xx.xxx
- User myuser
- IdentityFile ~/.ssh/development-key.id_rsa
- Host development
- HostName xx.xxx.xx.xxx
- User myuser
- IdentityFile ~/.ssh/development-key.id_rsa
- Host production
- HostName xx.xxx.xx.xxx
- User myuser
- IdentityFile ~/.ssh/production-key.id_rsa
Add Comment
Please, Sign In to add comment