Setting up ssh shared keys

Hi,
I'm trying to setup shared keys on my MacBook Pro OS X 10.4.11 so that I can rsync it with another linux box without entering a password. I was following instructions at http://freebsd.peon.net/quickies/21/ but couldn't find the /.ssh/authorized_keys on the mac. Creating that folder didn't make any difference.
Anyone knows where that "authorized_keys" file is or should go in OS X?
Btw, I'm very new to OS X and linux.
Thanks,
Alex

public key goes on the ssh server you are connecting to. It should be listed in the .ssh/authorized_keys
Private key stays stays on the machine(s) you are connecting from.
So as an example;
On the box you are connecting to,(well call it SSHserver) lets assume you have a user named "sshserveruser"
make a directory within "sshserveruser"'s home directory named .ssh (more than likely it is there)
If it is not there you can just mkdir .ssh
On either the mac or linux box create your public and private key set.
Get the public key you just made and on the "SSHserver" add it to the authorized_keys file located within the sshserveruser/.ssh directory
You can do this by;
"cat pathand_name_of yourpublickey >> homedirectory_of_sshserveruser/.ssh/authorizedkeys"
This will add the public key to authorized_keys file without overwriting anything.
Now back on the box you are going to connect FROM, (with your private key)
from terminal type
ssh -l sshserveruser@sshserver -i locationof_your_privatekey
that should make your connection.
If you want to restrict access to the SSH server to key only you must modify the sshd_conf in the etc directory.
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
PAMAuthenticationViaKbdInt no
But make sure your keys work first.

Similar Messages

  • ASA Pre shared key

    I am currently using an ASA 5550 version 8.2 anwith ASDM version 6.2.
    I have a ASA 5505 in remote area and cannot connect via VPN.
    My logs say maybe mismatched pre-shared key.
    On my 5550, via the ASDM I used the command more system:running-config and it will not show my pre shared key in plain text, only shows a *.
    Any help would be appreciated.

    Remote asa:
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.200.1.209 255.255.255.240
    interface Vlan2
    nameif outside
    security-level 0
    ip address 172.25.62.226 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    access-list nonat extended permit ip 10.200.1.208 255.255.255.240 10.199.1.0 255                                                                                                 .255.255.0
    access-list nonat extended permit ip 10.200.1.208 255.255.255.240 10.10.144.0 25                                                                                                 5.255.252.0
    access-list VPNL2L extended permit ip 10.200.1.208 255.255.255.240 10.199.1.0 25                                                                                                 5.255.255.0
    access-list VPNL2L extended permit ip 10.200.1.208 255.255.255.240 10.10.144.0 2                                                                                                 55.255.252.0
    access-list 100 extended permit tcp host 89.254.12.35 host 10.200.1.213 eq www
    pager lines 24
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0
    route outside 0.0.0.0 0.0.0.0 172.25.62.225 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set mytrans esp-des esp-md5-hmac
    crypto map mymap 10 match address VPNL2L
    crypto map mymap 10 set peer 65.181.59.210
    crypto map mymap 10 set transform-set mytrans
    crypto map mymap 10 set security-association lifetime seconds 3600
    crypto map mymap interface outside
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp nat-traversal  21
    telnet timeout 5
    ssh 10.199.1.0 255.255.255.0 inside
    ssh 10.10.144.0 255.255.252.0 inside
    ssh timeout 5
    console timeout 0
    tunnel-group 65.181.59.210 type ipsec-l2l
    tunnel-group 65.181.59.210 ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:65a0d93601b90ccc07830cddd673e13c
    : end
    Local ASA:
    ASA Version 8.2(1)
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    ip address 65.181.59.210 255.255.255.240
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    ip address 10.199.1.2 255.255.255.0
    interface GigabitEthernet0/2
    nameif insideNOV
    security-level 100
    ip address 10.10.144.47 255.255.252.0
    interface GigabitEthernet0/3
    shutdown
    no nameif
    security-level 100
    no ip address
    interface Management0/0
    shutdown
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    interface GigabitEthernet1/0
    shutdown
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet1/1
    shutdown
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet1/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet1/3
    shutdown
    no nameif
    no security-level
    no ip address
    ftp mode passive
    clock timezone MST -7
    clock summer-time MDT recurring
    dns server-group DefaultDNS
    domain-name Rignet
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group service WML tcp
    description Remote wits data access
    port-object range 1 65535
    access-list aclin extended permit object-group DM_INLINE_PROTOCOL_9 any host 65.181.59.219
    access-list aclin extended permit object-group DM_INLINE_SERVICE_3 any host 65.181.59.216
    access-list aclin extended permit object-group DM_INLINE_PROTOCOL_6 any host 65.181.59.220
    access-list aclin extended permit object-group DM_INLINE_PROTOCOL_5 host 10.199.1.2 host 65.181.59.210
    access-list aclin extended permit object-group DM_INLINE_SERVICE_1 any host 65.181.59.222
    access-list no-nat remark Local Rules
    access-list no-nat extended permit ip Rignet 255.255.255.0 10.10.144.0 255.255.252.0
    access-list no-nat remark Local Rules
    access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 10.200.1.80 255.255.255.240
    access-list no-nat extended permit ip Rignet 255.255.255.0 ENI 255.255.255.240
    access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 ENI 255.255.255.240
    access-list no-nat extended permit ip Rignet 255.255.255.0 Norway_Office 255.255.255.240
    access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 Norway_Office 255.255.255.240
    access-list no-nat extended permit ip Rignet 255.255.255.0 BobbyVPN 255.255.255.0
    access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 BobbyVPN 255.255.255.0
    access-list inside_access_in extended permit ip any any
    access-list inside_access_in extended permit tcp any any
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in extended permit tcp interface inside any
    access-list inside_access_in remark Block port 135 for port scanning
    access-list inside_access_in extended deny 135 any any
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 10.10.144.0 255.255.252.0 Rignet 255.255.255.0
    access-list test extended permit icmp any any echo
    access-list test extended permit icmp any any echo-reply
    access-list InsideNOV_access_in extended permit ip 10.200.0.0 255.255.0.0 10.10.144.0 255.255.252.0
    access-list InsideNOV_access_in extended permit object-group DM_INLINE_SERVICE_7 any any
    access-list InsideNOV_access_in extended permit object-group DM_INLINE_SERVICE_4 Rignet 255.255.255.0 10.10.144.0 255.255.252.0
    access-list InsideNOV_access_in extended permit object-group DM_INLINE_PROTOCOL_12 Norway_Office 255.255.255.240 10.10.144.0 255.255.252.0
    access-list InsideNOV_access_in extended permit object-group DM_INLINE_PROTOCOL_8 BobbyVPN 255.255.255.0 10.10.144.0 255.255.252.0
    access-list inside_acl extended permit object-group DM_INLINE_SERVICE_8 any any
    access-list inside_acl extended permit object-group DM_INLINE_SERVICE_5 10.10.144.0 255.255.252.0 Rignet 255.255.255.0
    access-list inside_acl extended permit object-group DM_INLINE_SERVICE_6 Rignet 255.255.255.0 10.10.144.0 255.255.252.0
    access-list inside_acl extended permit object-group DM_INLINE_PROTOCOL_10 10.200.0.0 255.255.0.0 Rignet 255.255.255.0
    access-list inside_acl extended deny object-group DM_INLINE_PROTOCOL_11 host 192.168.56.1 any
    access-list inside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any any
    access-list inside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_2 10.10.144.0 255.255.252.0 Rignet 255.255.255.0
    access-list inside_access_in_1 extended permit ip Rignet 255.255.255.0 Rignet 255.255.255.0
    access-list inside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_7 BobbyVPN 255.255.255.0 Rignet 255.255.255.0
    access-list inside_access_in_2 extended permit object-group DM_INLINE_SERVICE_11 Rignet 255.255.255.0 Rignet 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    no logging message 106015
    no logging message 313001
    no logging message 313008
    no logging message 106023
    no logging message 710003
    no logging message 106100
    no logging message 302015
    no logging message 302014
    no logging message 302013
    no logging message 302018
    no logging message 302017
    no logging message 302016
    no logging message 302021
    no logging message 302020
    mtu outside 1500
    mtu inside 1500
    mtu insideNOV 1500
    mtu management 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any insideNOV
    icmp permit any echo-reply insideNOV
    icmp permit any echo insideNOV
    asdm image disk0:/asdm-621.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    global (inside) 2 65.181.57.51 netmask 255.255.255.255
    nat (outside) 1 0.0.0.0 0.0.0.0
    nat (inside) 0 access-list no-nat
    nat (inside) 1 Rignet 255.255.255.0
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) 65.181.59.222 10.199.1.23 netmask 255.255.255.255
    static (inside,outside) 65.181.59.219 10.199.1.27 netmask 255.255.255.255
    static (inside,outside) 65.181.59.216 10.199.1.54 netmask 255.255.255.255
    static (inside,outside) 65.181.59.220 10.199.1.26 netmask 255.255.255.255
    access-group aclin in interface outside
    access-group inside_access_in_1 in interface inside
    access-group InsideNOV_access_in in interface insideNOV
    route outside 0.0.0.0 0.0.0.0 65.181.59.209 1
    route inside 153.15.156.217 255.255.255.255 65.181.57.51 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication http console LOCAL
    aaa authentication ssh console LOCAL
    aaa authorization command LOCAL
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    snmp-server enable traps syslog
    snmp-server enable traps ipsec stop
    snmp-server enable traps entity config-change
    sysopt connection tcpmss 1100
    sysopt noproxyarp inside
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set mySET esp-des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map myDYN-MAP 5 set transform-set mySET
    crypto dynamic-map myDYN-MAP 5 set security-association lifetime seconds 28800
    crypto dynamic-map myDYN-MAP 5 set security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map myMAP 65000 ipsec-isakmp dynamic myDYN-MAP
    crypto map myMAP interface outside
    crypto ca trustpoint Intelliserv.rignet.local
    enrollment terminal
    subject-name CN=Rignet5550
    keypair IntelliServ.rignet.local
    crl configure
    crypto ca trustpoint ASDM_TrustPoint3
    crl configure
    crypto ca trustpoint ASDM_TrustPoint0
    enrollment terminal
    subject-name CN=Rignet5550
    password *
    crl configure
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 1
    authentication pre-share
    encryption des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp nat-traversal 21
    telnet timeout 5
    console timeout 0
    management-access inside
    no threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
    group-policy myGROUP internal
    group-policy myGROUP attributes
    split-tunnel-policy tunnelspecified
    nem enable
    username GaileyB password 0oaTL6AGb4l6JKde encrypted privilege 15
    username rignetadmin password 3R8hQCl0jw5iU/r3 encrypted privilege 15
    tunnel-group DefaultL2LGroup ipsec-attributes
    pre-shared-key *
    tunnel-group mytunnel type remote-access
    tunnel-group mytunnel general-attributes
    default-group-policy myGROUP
    tunnel-group mytunnel ipsec-attributes
    pre-shared-key *
    tunnel-group 164.85.0.18 type ipsec-l2l
    tunnel-group 164.85.0.18 ipsec-attributes
    peer-id-validate cert
    chain
    tunnel-group-map default-group DefaultL2LGroup
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
    class class-default
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:a84cff45794fa5021237d51d5f87461e
    : end

  • [solved] Troubleshoot ssh with keys (works from LAN, not WAN)

    I'm trying to set up ssh so that I can connect to my work computer from home. It is pretty much essential that I keep the work box as secure as possible at all times. (So I can't disable the firewall, come home and test it because IT would not be at all happy.)
    I'm not sure if this is an Arch question, a Fedora question or a general Linux/networking question.
    The work box is running Fedora 17. It has a firewall eerily like the "simple stateful firewall" described on Arch's wiki. It is running sshd. Public key authentication is enabled. No other form of authentication is enabled. It has a rule allowing ssh connections.
    My laptop is running Arch. It has a firewall very like that described on the "simple stateful firewall" page. It has a couple of rules allowing stuff I need at home (printer and something I had to enable for the LAN).
    Initially, I was given an internal ip address. I got this working fine i.e. I could ssh into the box from my laptop while sitting next to it in my office over the LAN. I'm using the default form of key pair generated on Arch (i.e. rsa) and am using gpg-agent with ssh support in lieu of ssh-agent to manage keys. Pin entry is using the qt front end as I'm on KDE. (I adapted KDE's config so that it starts gpg-agent with ssh support for the session so that I didn't end up with two instances.)
    Once the firewall was in place and sshd was running, they gave me a public ip address. At this point, no port was opened in their firewall to allow WAN connections but I tested the public ip address from within the LAN and it once again worked fine.
    Once I'd confirmed the machine could connect out after getting a public ip, they arranged for the port to be opened for ssh. However, I cannot connect to the machine from home.
    $ ssh -vvi .ssh/id_rsa [email protected]
    OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 22: Applying options for xxx.xxx.xxx.x
    debug1: /etc/ssh/ssh_config line 32: Applying options for *
    debug1: auto-mux: Trying existing master
    debug1: Control socket "/home/username/.ssh/[email protected]:nn" does not exist
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to xxx.xxx.xxx.x [xxx.xxx.xxx.x] port nn.
    debug1: connect to address xxx.xxx.xxx.x port nn: Connection timed out
    ssh: connect to host xxx.xxx.xxx.x port nn: Connection timed out
    xxx.xxx.xxx.x is the public ip (works fine from LAN)
    nn is the port number
    username is my user name (same on both machines)
    The options for the host from ssh_config are:
    AddressFamily inet
    Compression yes
    ControlMaster auto
    ControlPath ~/.ssh/socket-%r@%h:%p
    and the only generic option applied to all hosts is just a line to insist on protocol 2 which I think is default now anyway but I followed the wiki and specified it to be sure.
    What have I missed? My networking knowledge is pretty basic at best. (I got this far using Arch's wiki, Fedora's documentation and a little trial and error. That seemed to work well but now I've added google and still can't figure it out. All the hits I get concern cases where the LAN connection works but authentication fails over WAN. But I'm not getting that far - it looks like my work box doesn't respond at all...)
    Last edited by cfr (2012-09-25 22:12:06)

    So I discovered I'd also managed to kill off LAN access as well as the machine's ability to use any sort of DNS... (I did say it needed to be secure...)
    Anyway, I fixed that, reestablished working ssh from LAN but still can't get it to work from WAN.
    Question: if ShieldsUp! reports the port as stealthed does that mean that the port has not actually been opened? So the campus firewall is blocking the connection? Because if so, I'm knocking my head against a brick (fire)wall to no purpose whatsoever...
    I figure it can't be the software firewall else I'd not be able to connect on the LAN. And it is a public ip address so there's no NAT translation required...

  • SSH public key issue?

    Hi all,
    I've been trying to set up public key authentication for SSH recently, and have come across a problem which has left me stumped. I want to be able to SSH into computer A (iBook G4, 10.5.1) from computer B (iMac G4, 10.5.0), and vice versa. At the moment, both these machines are on the same LAN, and SSH-ing to their respective local addresses works fine - A can connect to B, and B can connect to A (e.g. ssh -l username computerA.local). So far so good.
    The end goal is to allow SSH access between my two machines over the web, using No-ip.com's dynamic DNS app. Both machines have this daemon installed and running. When SSh-ing to the machines using their no-ip DNS names (e.g. ssh -l username computerA.no-ip.org) for some reason connecting from B to A works fine, but from A to B throws up a "Permission denied (publickey)" error.
    As far as I'm aware, I've set up all the ssh_config and sshd_config files on both machines correctly, specifying the correct protocols and key files, and neither machine is firewalled. Both are running OpenSSH 4.5p1.
    Can anyone think of a reason why this is happening?
    Thanks in advance,
    Pete

    Are both A and B behind the same home router? If so, it is likely that both the computerA.no-ip.org IP address is the same as the computerB.no-ip.org IP address, and you have only configured your home router to forward ssh connections to computerA.no-ip.org.
    You home router would typically only have 1 internet WAN IP address. The no-ip client is going to figure out the router's WAN IP address and give that address to computerA.no-ip.org and computerB.no-ip.org DNS names.
    If my guess is correct, then when telling A to connect to B, the name lookup for B gives an IP address which is your router, and your router then forwards port 22 traffic to back to A, and since you most likely have not put A's ssh .pub key into A's .ssh/authorized_key2 file, it fails to connect.
    One way to verify my guess is to ask http://whatismyip.com from both A and B. If you get the same IP address, then computerA.no-ip.org and computerB.no-ip.org DNS names will have the same IP address and thus from the DNS name level there is no way to tell the difference between computerA.no-ip.org and computerB.no-ip.org.
    Again, if I am correct, then what you want to do is configure your router to
    forward port 22100 to A port 22
    forward port 22101 to B port 22
    Then when you want to make an ssh connection use
    ssh -p 22100 [email protected]
    ssh -p 22101 [email protected]

  • Best Way To Set Up Screen Sharing Over The Internet

    What is the best/simplest way to set up screen sharing over the internet so I can remotely control my Mac at home from my Mac at work? My Mac at work is running 10.5.6, my Mac at home is running 10.4.11.

    simplest
    Get both Macs up to Mac OS X (Leopard). Then use Apple's MobileMe Back-to-my-Mac service.
    Or, use iChat screen sharing along with the iChat free 3rd party Chax add-on which allows selected iChat Buddies to auto-accept an iChat screen sharing request. Free AOL Instant Messaging accounts can be used as the iChat accounts.
    If you do not want to upgrade all systems to Leopard...
    Next would be using the free LogMeIn.com account, or similar service. This will work
    The above avoid needing to figure out how you get through the home routers, and provide encrypted screen sharing sessions.
    After that you need to arrange for router port forwarding. If you want secure connections, then you should arrange to port forward the SSH port 22, then use ssh tunnels for VNC based screen sharing connections. There are GUI based utilities that will help setting up SSH tunnels. Do some searches over at VersionTracker.com or MacUpdates.com

  • Netcfg problem with wep shared key

    hello guys,
    I would like to connect to a wireless device with netcfg. The device has a WEP encryption with shared key authentication. I'm able to connect using the gnome nm-applet, but with netcfg i keep getting the "Wireless association failed" error.
    My config file for netcfg:
    CONNECTION="wireless"
    DESCRIPTION="A simple WEP encrypted wireless connection"
    INTERFACE="wlan0"
    SECURITY="wep"
    ESSID="[essid]"
    KEY="s:[password]"
    IP="dhcp"
    May the problem lie in the shared key authentication? I tried 
    IWCONFIG="enc restricted"
    but it still  doesn't work. I have an intel  3945 wireless card.
    Any help is appreciated,
    thanks.

    what puzzles me is that
    1) i'm able to connect to the same device if I set the open authentication,
    2) I'm able to connect if I set the WPA protection, and
    3) I'm even able to connect (with WEP and shared key authentication) using gnome nm-applet.
    The only problem I have is with netcfg and iwconfig, so i'm asking if iwconfig has a specific problem with shared authentication and if there is a way to handle it.

  • Wlan Pre-shared key

    I have an n97 mini and I'm trying to get access to a wireless open network ( there is no padlock next to the strenght signal) but it is showing 'enter wlan pre-shared key' but if its open why should I enter a password. Help please

    You could try setting up your access point as follows.
    Goto Settings>Connectivity>Settings>Destinations>Add new access point. If it still does not store your passphrase, select the access point you have just set up then goto WLAN security settings>Pre-shared key and enter it here manually.

  • Windows 8 WEP shared key resolution?

    Yesterday I purchased a new laptop with Windows 8 pre-installed.  I have spent many hours trying to set up my new system, including a long telephone call to the PC manufacturers 'phone support to no avail, and could not get past the WiFi setup and consequently
    could not even register Windows.  Finally, I discovered that there was
    no shared key option in the properties dialog, even though there is provision for WEP encryption and a field in which to enter a key???  I've waded through the various topics on this issue but have not found a solution, only admonitions not to
    use WEP.   I understand that WEP is weak encryption compared to WPA, and eventually I will upgrade my other hardware, but that doesn't solve TODAY's problem.  This is NOT a laptop hardware issue as I can connect if I set my access point to "open",
    but no security is certainly worse than weak security (and unacceptable to me). 
    If there is no solution, I must return my new computer to the store since the new laptop is but one of many devices on my network and a laptop without WiFi is useless to me.  Please help!

    Hey folks, I know how frustrating it can be when something doesn't work right. I also have a computer, and sometimes the thing is annoying enough that I want to throw it out the window.  But it's tough to hear people conclude that we don't care about
    you, our customers, because that can't be further from the truth.
    I work hard making Windows better.  I've helped make recent versions of Windows do more things, use less memory, use less battery, crash less often, and cost less to manufacture (a savings that
    does get passed on to you -- new laptops are less than USD$300 now, a price that would be unheard of when I started working here).
    Usually, we are able to make these improvements, without breaking anything.  That's the best situation for everybody.  For example, I spent several weeks redesigning part of Windows 8.1 to make it more reliable.  When we tested it, we discovered
    that certain types of applications weren't compatible with the new architecture.  So I spent another 3 weeks working nights and weekends adding some compatibility code to make these applications work correctly -- all because I don't want a single customer
    to lose functionality.  (And the new architecture is indeed more reliable, by the way.  We see much fewer crashes in that area.)
    But sometimes, there's not any way to improve the product without leaving some functionality behind.  We're forced to make a hard decision.  Believe me, we agonize over these decisions.  We don't make them lightly.
    So, you're not happy that open WEP is no longer available, and I understand that.  But please don't conclude that we don't care about our customers; it's painful to read that invective.

  • Nokia 5800 and wpa shared key problem

    I've got an Orange livebox as a router. When trying to connect the wi-fi I'm asked for a WPA shared key. I input the WEP key of the Live box and it comes up as invalid WPA key. I have put in the right number and 'paired' the livebox with pressing button 1. I've also reset the phone and livebox with no result. Is the WPA key the same as the WEP key? Anyone know the answer?

    Hi,
    I've got a livebox also. When I was setting up my wifi I was asked for "pre shared key" on the 5800 which is your WEP No on the bottom on the livebox.
    I tapped that in (make sure you use caps) pressed "1" on the livebox then select on the phone.
    Worked first time for me.

  • Storing ssh passwords/keys in keychain

    Can anyone tell me how to set up ssh and keychain so when I connect to the remote system it uses keychain for the password or public key? The remote system is FreeBSD 8.0. Do I need to setup anything else on that end?
    Cheers.

    For anyone else trying to do the same thing I found some useful info at http://www.stocksy.co.uk/articles/Mac/sshon_mac_osx.

  • The VTY sessions are set for SSH, is telnet still open?

    I'm in the process of enabling SSH on all of my routers, switches and firewalls.  After upgrading the IOS to one that supports SSH, generating the crypto key and then setting all of the VTY sessions to SSH only, my security team informs me that telnet is still vulnerable to IP spoofing.  They can demonstrate that when they launch a telnet session to one of my routers, the telnet session will pause for maybe 2 seconds before receivign the message that the session was terminated by the router.  They claim this indicates that the router is responding to the telnet session and before the actual disconnect is forced they could IP spoof the box and cause a DOS.
    I say boulderdash but without any proof I am forced to create a bunch of ACL's to specifically deny telnet.  Here is an example of my VTY's:
    line vty 0 4
    access-class 23 in
    exec-timeout 30 0
    password 7 xxxxxxxxxxxxx
    logging synchronous
    transport preferred ssh
    transport input ssh
    transport output ssh
    *The access list here is limiting access from a certain internal set of IP's.
    Any thoughts?

    Marcos,
    Thank you for your time on this.  I believe I have found and corrected my issue.  In my first post I showed what the vty 0 4 sessions were set as.  What I failed to show was that the "vty 5 15" sessions were only set to "no exec".  So what was happening is that when I would telnet to the router, the session attempt would either walk down the list of VTY sessions looking for an open port or the router just bypassed the ones that were set for SSH and tried the first VTY port that was set for no exec.  This would allow for the telnet session to attempt to open but because the router was not allowing access to the command line interpreter, the router would reject the session attempt.
    To correct this I simply set up all of my VTY sessions the same way, transport SSH in & transport SSH out.  The next attempt closed the telnet session immediately.  I still maintain there is no need for additional access-lists as I'm trying to keep my processor's free from any additional load to allow them to process the payload traffic as efficiently as possible.
    If anyone has any best practices they would care to leave here, I would be interested.
    Sam

  • I use a SpeedPort W700V as WiFi Router. SpeedPort encrypt the WiFi data and iPAD doesn't deencrypt the WiFi data. How to initialize the Encrypt / Deencrypt function of iPAD ? (including shared keys)

    I use SpeedPort W700V from German Telekom as router for my WiFi and DSL access. DSL connection to Internet is proper running, WiFi with iPAS does only work if I switch of the Encryption mode of SpeedPort (Standard parameter in SpeedPort is WPA2 with shared key PSK).  Who can give a hint how to switch on the encryption / deencryption mode of iPAD 2. 3G Sim Card is currently not installed.

    Thanks for the quick response. No, I did not get any error messages or any terms-of-usage screen. The employee I told my problem to was not computer savvy either. She just suggested I move to different spots w/in the library to see if that would make a difference. It didn't. When I connected to the library WiFi it did change the Verizon 3G that is usually in the upper left corner to iPad with two to three emanating arcs. I may have to go to the library in the next town. I was able to connect to theirs in the past when I had to download something greater than 20 MB. Unless I really want it, I will probably not even try to download something more than 20 MB due to the hassle. Yeah, I may have been better off getting a normal desktop or laptop and getting WiFi at home. To do that now would mean having my iPad 2 and a desktop computer, which I feel is extravagant. (I know there are a lot of big spenders out there who got the iPad as additional gadget for fun. This is a rich country.) A Verizon rep told me I couldn't set up a WiFi router at home just using an iPad. So it seems like a person who just uses 3G is limited to surfing the net (not even much YouTube because it eats a lot of data) and using email. I read about an app that helps print wirelessly using 3G, but a reviewer said you had to be an engineer to get it done right. BTW, I like the Steelers. I'm old enough to remember Franco Harris and that blond guy whose name escapes me back in the '70s. Since I live in North Jersey I feel I have to support the Giants. But I know football about as well as computers.

  • I want to set up home sharing on a laptop but it won't let me. Error code (-3252) comes up. Please help.

    I want to set up home sharing on a laptop (nothing on this iTunes library apart from the purchases from the iTunes store made on my ipod touch) but it won't let me. Error code (-3252) comes up. Please help.

    What version of iPhoto?
    As a Test:
    Hold down the option (or alt) key and launch iPhoto. From the resulting menu select 'Create Library'
    Import a few pics into this new, blank library. Is the Problem repeated there?

  • Configuring a Pre-Shared Key on gateway device

    Mr. VRuhil thank you for taht link that you sent me but unfortunately it did not help. ( the link for cisco vpn client v5.0)
    What i really need is CISCO SECURE VPN CLIENT v1.0 or v1.1. Yes i know that its in the EOS/EOL now
    Am using this configuration on my gateway device
    Task 1—Configuring a Pre-Shared Key
    And this configurations on the client side is what i wanted to do.
    Task 2---Network Security policy:
    1- Myconn
             My Identity = ip address
                     Connection security: Secure
                     Remote Party Identity and addressing
                             ID Type: IP subnet
                             10.21.1.0 (range of inside network)
                             Port all Protocol all
                     Connect using secure tunnel
                             ID Type: IP address
                             99.99.99.1
                             Pre-shared key = cisco1234
             Authentication (Phase 1)
             Proposal 1
                     Authentication method: pre-shared key
                     Encryp Alg: DES
                     Hash Alg: MD5
                     SA life: Unspecified
                     Key Group: DH 1
             Key exchange (Phase 2)
             Proposal 1
                     Encapsulation ESP
                     Encrypt Alg: DES
                     Hash Alg: MD5
                     Encap: tunnel
                     SA life: Unspecified
                     no AH
    2- Other Connections
                 Connection security: Non-secure
                 Local Network Interface
                     Name: Any
                     IP Addr: Any
                     Port: All
    With Xauth enabled on the router, when the user tries to connect to a device inside the router (here a ping -t #.#.#.# was performed), a gray screen appears:
    User Authentication for 3660
    Username:
    Password:

    In order to use your USB ADSL modem as a Wlan you will need to get a wireless router. Alternative is to replace your current modem with a wireless modem/router.
    The Pre-shared key is set on the wireless router and acts as a password to protect against uninvited access.

  • Setting up SSH on a 3845 router?

    Greetings everyone!
    Just curious, how does one set up SSH on a cisco 3845 router? Specifically, how does one generate the RSA keys?
    It seems to be missing the "generate" subcommand for crypto. When I type crypto key the only sub-commands are lock and unlock. I'm unfamiliar with this and don't want to mess around too much since it's a production box.
    I'm running c3845-spservicesk9-mz.124-11.T2.bin so I should have the ability, yes? Any guidance would be appreciated. I really would prefer not to use telnet.

    you have k9 image , it should support crypto commands, are you sure you were at the configuration mode?
    try again.., here is a link for setting up ssh in IOS.
    http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
    way to do it is open two telnet sessions to the router, in one session be in the enable mode and leave the session opened. On the other telnet session work with the SSH configuration implementation. When finished do not save the config , exit the session and open a new session using ssh to ensure you can connect and login to the router via ssh... if for any reason fails you still have the other telnet session opened to undo the ssh changes or correct them.
    also for making sure your telnet sessions do not time out while working with configs permit yourself more time by entering exec-time out 60 <-- one hour for your vty lines.
    line vty 0 4
    exec-timeout 60
    you can also do the complete ssh implementation via console port as well.
    Regards
    PLS rate any helpful posts if it helps

Maybe you are looking for

  • Urgent, How to Populate List?

    I'm developing an application using Developer 2000 and I'm using a menu to call other forms within the application. My problem is that I have a Main-Form with a foreign-key from another table (e.g. CITY_ID is the foreign key and the DESCRIPTION is in

  • Quick List of Quick Fixes???

    Does anyone have a resource for quick hardware fixes? My G5 is having problems starting and waking (go figure). It's getting a little worse, and I'm looking for options. Not necessairily the right options, but just things to try. Such as cracking her

  • HT4946 can I do software update from ios 4.2.1. to iOS 4.3.3 on my I phone ?

    Can anybody answer me If I can do software update for my Iphone  from ios 4.2.1. to ios 4.3.3. I need it for updating Whatsup messaging

  • Using Adobe creative loud but I think my older version of PS is pirated

    Hello, i want to use Adobe creative  cloud, expecially Photoshop but now on my used comptuter i have all ready photshop CS4 (i'm not sur) but I think this version is pirated. If i buy adobe creative cloud, i can installing my good version of creative

  • Having trouble adding music to slide shows

    I've always been able to add specific songs from itunes to a iphoto slide show. Now when I go to add music the viewer just lists my playslists but won't open to show songs in the playlist. My only option is to play the entire playlist. I am using Itu