Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSH login with other user's keys

6 views
Skip to first unread message

rahul

unread,
May 15, 2008, 2:37:38 AM5/15/08
to
I have an account called mdmbuild on my machine that does not have a
password. It's a headless account. I have ssh public and private keys
for the account. The public keys are already there on the machine I
want to log on to.
But the problem is the remote machine is not accepting my private keys
as they were generated on a different machine.

Say keys were generated on saturn and public keys copied to venus. My
mars machine has the private keys but venus won't accept it as it has
public keys generated on saturn. Is there any way I can login on venus
with the keys
I have got? mdmbuild does not have a password. The only way to login
is with the keys.

rahul

unread,
May 15, 2008, 2:41:01 AM5/15/08
to
Below it the error I am getting.

debug1: Trying RSA authentication with key
'/home/mdmbuild/.ssh/vault-identity'
debug1: Remote: Your host 'hostname.com' is not
permitted to use this key for login.
debug1: Server refused our key.

Barry Margolin

unread,
May 15, 2008, 10:36:10 PM5/15/08
to
In article
<368235fa-2308-4f60...@u12g2000prd.googlegroups.com>,
rahul <rahul...@gmail.com> wrote:

When you run ssh-keygen, it creates both a public and private key. You
have to use the private key that was made at the same time as the public
key, because key generation incorporates random data. Every time you
run ssh-keygen you'll get different keys, even if you enter the same
passphrase, and you can't mix and match them.

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

rahul

unread,
May 20, 2008, 5:10:15 AM5/20/08
to
On May 16, 7:36 am, Barry Margolin <bar...@alum.mit.edu> wrote:
> In article
> <368235fa-2308-4f60-907b-4927d3560...@u12g2000prd.googlegroups.com>,

Thanks Barry,
But I have got the matching private keys corresponding to public keys
on the server. But as the keys were not generated on my
host, server is not taking the keys. For the headless accounts, we
have public keys on servers and private key is given to
us for access.

rahul

unread,
May 20, 2008, 8:28:51 AM5/20/08
to

I found the problem. The host names are limited to the from= specified
in the authorized_keys file. So, only the host in the from= field can
have the key authentication for the copied public key.
Otherwise, it falls back to password authentication. In my case, the
account has no password. I got my machine name appended to the from
field.

0 new messages