CentOS - Dec 2018 - SFTP - Private/Public Authentication Keysets Beyond The First Set

On 12/12/2018 03:32 PM, Steve Clark wrote:
> On 12/12/2018 03:28 PM, Gary Braatz wrote:
>> Thanks for responding so quickly!  No but I will try.  Are you saying
the
>> first vendor connection worked because id_rsa and id_rsa.pub are the
>> defaults if not specified?  (I didn't use the -i flag for the first
vendor.)
>>
>>
>> -----Original Message-----
>> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Steve
Clark
>> Sent: Wednesday, December 12, 2018 2:23 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] SFTP - Private/Public Authentication Keysets
Beyond
>> The First Set
>>
>> On 12/12/2018 03:13 PM, Gary Braatz wrote:
>>> I'm new to SFTP and using this mailing list was able to
successfully
>> create
>>> my first Private/Public keyset for a vendor hosting the SFTP server
(I'm
>> the
>>> client).  I created the keyset by typing this:
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa
>>>
>>>  
>>>
>>> When asked for the password/passphrase I hit <Enter> and
afterwards
>> "id_rsa"
>>> and "id_rsa.pub" were created in "/root/.ssh/".
I provided "id_rsa.pub"
>> to
>>> the vendor and when told they were ready I initiated an SFTP
transfer.
>>> During the first connection I was asked for the vendor-provided
password
>> and
>>> after entering it was successfully connected to the vendor's
sftp server.
>>> During successive connections I was not again asked for the
password.
>> This
>>> allowed me to create fully automated batch file transfers.my
objective.
>>> Setting up my second vendor is not going as smoothly.
>>>
>>>  
>>>
>>> I did exactly the same thing for my second vendor with the
exception of
>>> typing "rsa_vendor2" during keyset generation (I assumed
I had to use a
>>> different name for the new keyset).
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa_vendor2
>>>
>>>  
>>>
>>> Files "id_rsa_vendor2" and "id_rsa_vendor2.pub"
were created in
>>> "/root/.ssh/" and I gave "id_rsa_vendor2.pub"
to the second vendor.  I
>>> initiated the first connection with the second vendor and was asked
for
>> the
>>> vendor-provided password which I entered and a successful
connection was
>>> made.  The problem is unlike with the first vendor I am asked for
the
>>> password every time I connect to the second vendor's server. 
Because I am
>>> being asked for the password I am unable to create fully automated
batch
>>> file transfers.
>>>
>>>  
>>>
>>> The second vendor is telling me they added the public key to their
server
>> as
>>> required.  Did I miss a step or do something wrong on my end?  Was
I
>> correct
>>> using a different name for the new keyset or would the new keyset
>>> information have been appended to the information already in id_rsa
and
>>> id_rsa.pub for the first vendor?
>>>
>>>  
>>>
>>> Any help you can provide will be greatly appreciated.
>>>
>>>  
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>> Are using the -i flag in your invocation of sftp to the second vendor?
>> >From the sftp man page:
>>
>>      -i identity_file
>>              Selects the file from which the identity (private key) for
>> public key authentication is read.  This option
>>              is directly passed to ssh(1).
>>
> In my experience - Yes.
>
To expand on my response - generally there is system wide default ssh_config
file in
/etc/ssh/ssh_config

and by default:
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Sr. Applications Architect 
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com

Thank You Sir!  The vendor is working on this as well and I believe may have
just changed the password.  The one I was using is no longer working (it
worked a few minutes ago).  I'll update you later on my progress.


-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Steve Clark
Sent: Wednesday, December 12, 2018 2:38 PM
To: CentOS mailing list
Subject: Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond
The First Set

On 12/12/2018 03:32 PM, Steve Clark wrote:
> On 12/12/2018 03:28 PM, Gary Braatz wrote:
>> Thanks for responding so quickly!  No but I will try.  Are you saying
the
>> first vendor connection worked because id_rsa and id_rsa.pub are the
>> defaults if not specified?  (I didn't use the -i flag for the first
vendor.)
>>
>>
>> -----Original Message-----
>> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Steve
Clark
>> Sent: Wednesday, December 12, 2018 2:23 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] SFTP - Private/Public Authentication Keysets
Beyond
>> The First Set
>>
>> On 12/12/2018 03:13 PM, Gary Braatz wrote:
>>> I'm new to SFTP and using this mailing list was able to
successfully
>> create
>>> my first Private/Public keyset for a vendor hosting the SFTP server
(I'm
>> the
>>> client).  I created the keyset by typing this:
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa
>>>
>>>  
>>>
>>> When asked for the password/passphrase I hit <Enter> and
afterwards
>> "id_rsa"
>>> and "id_rsa.pub" were created in "/root/.ssh/".
I provided "id_rsa.pub"
>> to
>>> the vendor and when told they were ready I initiated an SFTP
transfer.
>>> During the first connection I was asked for the vendor-provided
password
>> and
>>> after entering it was successfully connected to the vendor's
sftp
server.
>>> During successive connections I was not again asked for the
password.
>> This
>>> allowed me to create fully automated batch file transfers.my
objective.
>>> Setting up my second vendor is not going as smoothly.
>>>
>>>  
>>>
>>> I did exactly the same thing for my second vendor with the
exception of
>>> typing "rsa_vendor2" during keyset generation (I assumed
I had to use a
>>> different name for the new keyset).
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa_vendor2
>>>
>>>  
>>>
>>> Files "id_rsa_vendor2" and "id_rsa_vendor2.pub"
were created in
>>> "/root/.ssh/" and I gave "id_rsa_vendor2.pub"
to the second vendor.  I
>>> initiated the first connection with the second vendor and was asked
for
>> the
>>> vendor-provided password which I entered and a successful
connection was
>>> made.  The problem is unlike with the first vendor I am asked for
the
>>> password every time I connect to the second vendor's server. 
Because I
am
>>> being asked for the password I am unable to create fully automated
batch
>>> file transfers.
>>>
>>>  
>>>
>>> The second vendor is telling me they added the public key to their
server
>> as
>>> required.  Did I miss a step or do something wrong on my end?  Was
I
>> correct
>>> using a different name for the new keyset or would the new keyset
>>> information have been appended to the information already in id_rsa
and
>>> id_rsa.pub for the first vendor?
>>>
>>>  
>>>
>>> Any help you can provide will be greatly appreciated.
>>>
>>>  
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>> Are using the -i flag in your invocation of sftp to the second vendor?
>> >From the sftp man page:
>>
>>      -i identity_file
>>              Selects the file from which the identity (private key) for
>> public key authentication is read.  This option
>>              is directly passed to ssh(1).
>>
> In my experience - Yes.
>
To expand on my response - generally there is system wide default ssh_config
file in
/etc/ssh/ssh_config

and by default:
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Sr. Applications Architect 
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mailman/listinfo/centos

Inclusion of the -i flag and the location of the private key solved the
problem.

Thanks Steve!

-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Steve Clark
Sent: Wednesday, December 12, 2018 2:38 PM
To: CentOS mailing list
Subject: Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond
The First Set

On 12/12/2018 03:32 PM, Steve Clark wrote:
> On 12/12/2018 03:28 PM, Gary Braatz wrote:
>> Thanks for responding so quickly!  No but I will try.  Are you saying
the
>> first vendor connection worked because id_rsa and id_rsa.pub are the
>> defaults if not specified?  (I didn't use the -i flag for the first
vendor.)
>>
>>
>> -----Original Message-----
>> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Steve
Clark
>> Sent: Wednesday, December 12, 2018 2:23 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] SFTP - Private/Public Authentication Keysets
Beyond
>> The First Set
>>
>> On 12/12/2018 03:13 PM, Gary Braatz wrote:
>>> I'm new to SFTP and using this mailing list was able to
successfully
>> create
>>> my first Private/Public keyset for a vendor hosting the SFTP server
(I'm
>> the
>>> client).  I created the keyset by typing this:
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa
>>>
>>>  
>>>
>>> When asked for the password/passphrase I hit <Enter> and
afterwards
>> "id_rsa"
>>> and "id_rsa.pub" were created in "/root/.ssh/".
I provided "id_rsa.pub"
>> to
>>> the vendor and when told they were ready I initiated an SFTP
transfer.
>>> During the first connection I was asked for the vendor-provided
password
>> and
>>> after entering it was successfully connected to the vendor's
sftp
server.
>>> During successive connections I was not again asked for the
password.
>> This
>>> allowed me to create fully automated batch file transfers.my
objective.
>>> Setting up my second vendor is not going as smoothly.
>>>
>>>  
>>>
>>> I did exactly the same thing for my second vendor with the
exception of
>>> typing "rsa_vendor2" during keyset generation (I assumed
I had to use a
>>> different name for the new keyset).
>>>
>>>  
>>>
>>> # ssh-keygen -t rsa_vendor2
>>>
>>>  
>>>
>>> Files "id_rsa_vendor2" and "id_rsa_vendor2.pub"
were created in
>>> "/root/.ssh/" and I gave "id_rsa_vendor2.pub"
to the second vendor.  I
>>> initiated the first connection with the second vendor and was asked
for
>> the
>>> vendor-provided password which I entered and a successful
connection was
>>> made.  The problem is unlike with the first vendor I am asked for
the
>>> password every time I connect to the second vendor's server. 
Because I
am
>>> being asked for the password I am unable to create fully automated
batch
>>> file transfers.
>>>
>>>  
>>>
>>> The second vendor is telling me they added the public key to their
server
>> as
>>> required.  Did I miss a step or do something wrong on my end?  Was
I
>> correct
>>> using a different name for the new keyset or would the new keyset
>>> information have been appended to the information already in id_rsa
and
>>> id_rsa.pub for the first vendor?
>>>
>>>  
>>>
>>> Any help you can provide will be greatly appreciated.
>>>
>>>  
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>> Are using the -i flag in your invocation of sftp to the second vendor?
>> >From the sftp man page:
>>
>>      -i identity_file
>>              Selects the file from which the identity (private key) for
>> public key authentication is read.  This option
>>              is directly passed to ssh(1).
>>
> In my experience - Yes.
>
To expand on my response - generally there is system wide default ssh_config
file in
/etc/ssh/ssh_config

and by default:
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Sr. Applications Architect 
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mailman/listinfo/centos

On 12/12/18 4:40 PM, Gary Braatz wrote:
> Inclusion of the -i flag and the location of the private key solved the
> problem.
>
> Thanks Steve!
>
>
You really don't need multiple ppk pairs for different hosts. One for
all is what I do. As long as you keep the private key private you only
need distribute the one public key every where you need secure
identification.

Mike