Wednesday, December 4, 2013

Using the same ssh key between linux and mac

If you are dual booting and you want to be able to ssh in (particularly by IP, or if the host names are the same) to both operating systems, then you'll want to set up ssh to share the same server keys between operating systems.

Otherwise, after a client connects with one operating system and then tries to connect again while you're booted in the other OS, they'll get this message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

To use the same ssh keys, copy them from one OS to the other. I chose to use the ones from linux in macos (in macos they're stored directly under /etc, in ubuntu/linux mint they're under /etc/ssh/):

 /etc/ssh $ ls -l
total 276
-rw-r--r-- 1 root root 242091 Nov  8 14:37 moduli
-rw-r--r-- 1 root root   1669 Mar 26  2013 ssh_config
-rw-r--r-- 1 root root   2489 Nov 11 12:57 sshd_config
-rw------- 1 root root    668 Nov 11 12:57 ssh_host_dsa_key
-rw-r--r-- 1 root root    600 Nov 11 12:57 ssh_host_dsa_key.pub
-rw------- 1 root root    227 Nov 11 12:57 ssh_host_ecdsa_key
-rw-r--r-- 1 root root    172 Nov 11 12:57 ssh_host_ecdsa_key.pub
-rw------- 1 root root   1679 Nov 11 12:57 ssh_host_rsa_key
-rw-r--r-- 1 root root    392 Nov 11 12:57 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root    338 Dec  2 15:52 ssh_import_id
 /etc/ssh $ sudo mkdir /macos/etc/ssh-backup
 /etc/ssh $ sudo mv /macos/etc/ssh_host* /macos/etc/ssh-backup/
 /etc/ssh $ sudo cp ssh_host* /macos/etc
 /etc/ssh $ ls -l /macos/etc/ssh*
-rw-r--r-- 1 root root    0 Nov  4 23:27 /macos/etc/ssh_config
-rw-r--r-- 1 root root    0 Nov  4 23:27 /macos/etc/sshd_config
-rw------- 1 root root  668 Dec  4 18:48 /macos/etc/ssh_host_dsa_key
-rw-r--r-- 1 root root  600 Dec  4 18:48 /macos/etc/ssh_host_dsa_key.pub
-rw------- 1 root root  227 Dec  4 18:48 /macos/etc/ssh_host_ecdsa_key
-rw-r--r-- 1 root root  172 Dec  4 18:48 /macos/etc/ssh_host_ecdsa_key.pub
-rw------- 1 root root 1679 Dec  4 18:48 /macos/etc/ssh_host_rsa_key
-rw-r--r-- 1 root root  392 Dec  4 18:48 /macos/etc/ssh_host_rsa_key.pub

 /macos/etc/ssh-backup:
total 24
-rw------- 1 root root  668 Nov 11 00:23 ssh_host_dsa_key
-rw-r--r-- 1 root root  590 Nov 11 00:23 ssh_host_dsa_key.pub
-rw------- 1 root root  965 Nov 11 00:23 ssh_host_key
-rw-r--r-- 1 root root  630 Nov 11 00:23 ssh_host_key.pub
-rw------- 1 root root 1679 Nov 11 00:23 ssh_host_rsa_key
-rw-r--r-- 1 root root  382 Nov 11 00:23 ssh_host_rsa_key.pub

Voila. You can ssh into either OS without any warnings.

You may also want to set the same ~/.ssh/authorized_keys under home dirs in both your OSes, to allow password-free authentication between the client and both servers. A reminder on how to set this up --
On the client:


cd ~/.ssh


ssh-keygen -f id_rsa -C 'comment to identify client' -N '' -t rsa -b 4096 -q





This creates a private and a public key. Copy the id_rsa.pub key to the server. (eg, scp id_rsa.pub user@serverhost:/home/user/ ). On the server:






cat ~/id_rsa.pub >> ~/.ssh/authorized_keys


rm id_rsa.pub



All set. You can repeat as desired for each client user/machine. Then just copy authorized keys to the other OS and it'll work without a password in either.








Posted by



at





















Labels:
,
,
,














No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)