Re: [debian-knoppix] How to ssh to Knoppix?

To: Larry Alkoff <labradley@mindspring.com>, debian-knoppix@lists.linuxtag.org
Subject: Re: [debian-knoppix] How to ssh to Knoppix?
From: "Stephen Samuel (leave the email alone)" <samnospam@bcgreen.com>
Date: Sun, 15 May 2005 20:45:10 -0700
Message-id: <[🔎] 42881746.4030603@bcgreen.com>
In-reply-to: <[🔎] 4283A51A.90604@mindspring.com>
References: <[🔎] 428386D0.7080002@mindspring.com> <[🔎] 20050512171136.GA20916@siisu.kleppe.newton> <[🔎] 4283A51A.90604@mindspring.com>

Larry Alkoff wrote:

Conrad Newton wrote:

From Larry Alkoff on Thursday, 2005-05-12 at 11:39:44 -0500:

I am trying to ssh into Knoppix from another Linux computer.


When I issue from the remote machine Linda:
   ssh -l knoppix Knoppix
the error message appears:
   ssh: connect to host Knoppix port 22: Connection refused

The firewalls are disabled on both while testing.

Even if the firewalls were running they allow both both source anddestination TCP packets on port 22.


On the remote machine Linda I have setup ssh with
ssh -keygen -t rsa to get a passphrase
and copied my authorized_keys file to Knoppix ~/.ssh/authorized_keys.

What dumb thing am I doing wrong?




Excuse me for asking a stupid question in response,
but do you have the ssh daemon running?


Certainly not a stupid question.
It is me that didn't know about starting the ssh daemon.

If you type

netstat -tpan

into a root shell on the Knoppix machine,
you will see if ssh is running.  If the output
does not mention sshd, you need to start it
by typing

/etc/init.d/ssh start

(also in a root shell) on the Knoppix machine.
Or from an xterm or konsole:

sudo /etc/init.d/ssh start



Thank you.  It's started now.

Now that sshd is started, how do I load it each time?
There is no rc.local.


  ln -s ../init.d/sshd /etc/rc5.d/S80sshd
  ln -s ../init.d/sshd /etc/rc3.d/S80sshd
  ln -s ../init.d/sshd /etc/rc1.d/K20sshd

That has sshd start up for run levels 3 and 5
and shutdown for single user mode.

My Knoppix loads /home/knoppix from a thumb drive.

When I started sshd some messages appeared about generating a key
and a new /etc/ssh directory was created with a bunch of files.


That happens the first time you start sshd on any given machine.
The key file is used to uniquely identify your machine (to prevent
man-in-the-middle attacks).

If you go:  ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
it will give you the 'fingerprint'  of your public. This should
match the fingerprint given in the 'warning' message below.

In addition I have copied my authorized_keys files from the client Lindato Knoppix in ~/.ssh.


Now the command
ssh -l knoppix Knoppix
gives the error command:
The authenticity of host 'knoppix (192.168.0.23)' can't be established.
RSA key fingerprint is a4:xxxxxxxxxxxxxxxxxxxxxxx:2d.
Are you sure you want to continue connecting (yes/no)?


This is also normal.

This message is for the professionally paranoid -- To avoid man-in-the-middle
attacks with certainty, you should copy the generated key file from
knoppix:/etc/ssh/ssh_host_rsa_key.pub (e.g. by sneaker net) and append it to
your .ssh/known_hosts file before your first connection attempt. Once you
have that file, it's incredibly difficult for someone to pretend to be that
machine.

It works like authorized_keys, but in reverse to identify the host box.

Somewhat less secure (but good enough for most of us plebes) is to compare
the signature that the above ssh-keygen prints out to the signature printed
out on your first connection attempt.  If the two match, then you're probably
fine.  If not, then something has DEFINITELY gone wrong.  If you accept the
fingerprint, then ssh will automatically append the host .pub file to known_hosts.

If the signature of a machine changes, SSH will refuse to connect -- assuming
an attempted interception.  If you have to regenerate your key (e.g. on
reinstall, then you should remove the associated key in ~/.ssh/known_hosts
and redo the host authentication process.  If doing a benign clean-and-load
(e.g. upgrade) of the OS, I usually copy the /etc/ssh/*key* files over.  If I
think that a machine may have been compromised, then I'll discard the key and
go thru the re-authentication process.

The .pub file is public. anybody with the file can use it to verify the
identify the associated machine (which should be the *only* place that
has the associated private (non-pub) key file.  It works in much

Please forgive me but I'm pretty new to ssh.
What to do now?


Thank you for your help in getting me this far Conrad.


--
Stephen Samuel +1(604)876-0426             samnospam@bcgreen.com
		   http://www.bcgreen.com/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.

Reply to:

References:
- How to ssh to Knoppix?
  - From: Larry Alkoff <labradley@mindspring.com>
- Re: [debian-knoppix] How to ssh to Knoppix?
  - From: Conrad Newton <conrad.newton@broadpark.no>
- Re: [debian-knoppix] How to ssh to Knoppix?
  - From: Larry Alkoff <labradley@mindspring.com>

Prev by Date: Re: [debian-knoppix] Knoppix change logs?
Next by Date: Re: [debian-knoppix] Knoppix change logs?
Previous by thread: Re: [debian-knoppix] How to ssh to Knoppix?
Next by thread: 3.8.2 sha1 and md5 files not signed
Index(es):
- Date
- Thread