[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh version 3.4p1-1and RSA authentification

 I've got problems with the new version of ssh and sshd.
> My cluster originally installed on potato 2.2r6 needed some upgrade of ssh.
> I installed ssh version 3.4p1.

This changes a lot of things. You must create new keys with the ssh-keygen
command, using the option -t option to select the type of key. The old one
used rsa1, the new one will use rsa (new format) by default, and dsa. Just
create/recreate all 3 keys on you account and for root. The host keys have
already been created when you installed the package.

> Because the host keys had changed, I proceeded like this:
> rm ~/.ssh/known_hosts
> ssh node1
> ...
> ssh node N
> cp ~/.ssh/known_hosts /etc/ssh/ssh_known_hosts

The relevant file here is authorized_keys, not known_hosts. You must put
the new rsa public keys of all hosts in it. Do not use the usual command
ssh-copy-id, it will give an error (agent has no identities), or put the
old rsa1 key instead of the rsa key which is looked up by default, so it
will not work. Just edit the file directly.  If you have hosts with both
versions of SSH mixed up in the same network, then you must include the
new or the old key as the case may be.

> Protocol 2

Note thay this forces protocol 2 and may lock out hosts with old versions
os SSH if there are still any in this network.

> #Privilege Separation is turned on for security
> UsePrivilegeSeparation yes

I thing you better turn this off...

        Jorge L. deLyra,  Associate Professor of Physics
            The University of Sao Paulo,  IFUSP-DFMA
       For more information: finger delyra@latt.if.usp.br

Reply to: