0

I'm trying to connect to my remote machine from my local machine using SSH. I have done the following steps:

  • I opened the terminal on my local machine (ubuntu 20.04 LTS) and typed ssh-keygen -b 4096 (path: ~)
  • I pressed enter for every step until the key was generated (no passphrase)
  • There was then a .ssh file created. I then did cd .ssh/
  • By typing the ls -la command my private and public keys were displayed. I then do cat id_rsa.pub and copy the public key to my clipboard
  • I move to my virtual machine which is supposed to have a role as a remote one (Kali)
  • I open my terminal and do mkdir .ssh (path: ~) and then cd .ssh/
  • I then do nano authorized_keys and paste the public key which I had previously copied to the clipboard into it, save the file, and exit.
  • I then go back to my original (local) machine, change directory to home (~), and type ssh [my_remote_hostname]

But this is what I get in the terminal as result: ssh: Could not resolve hostname kali: Temporary failure in name resolution

What have I missed? What am I doing wrong?

Mate Mrše
  • 103
Liana
  • 133
  • 2
    "could not resolve hostname kali" is a network issue, not an ssh issue. Your machine has no idea where to find the machine that you named "kali". Consider using an IP address instead to reach that machine, at least for testing whether your ssh key works. It "kali" will retain the same IP address permanently, you can add it to your local /etc/hosts file (see man hosts for the format). – user535733 Sep 24 '20 at 15:50
  • @Liana - did you installed open ssh server on your remote? after installing open ssh server you can find the .ssh directory in /root/.ssh/(create here authorized_keys). – johncli Sep 24 '20 at 17:09
  • @johncli I have ssh installed, isn't it the same? – Liana Sep 24 '20 at 17:11
  • to connect a remote host you need to install on the host the ssh open server then start the ssh service to apply "listening" on port 22 by the remote host, after installing the open ssh server you will find sshd_config file, then you will have to configure that file, after that you need to add your pub-key to authorized_keys on the remote host /root/.ssh/ directory. try to follow this link to install the ssh server https://www.ssh.com/ssh/authorized_keys/openssh – johncli Sep 24 '20 at 17:16
  • 2
    @Liana did you see/do user535733's reply first? at first glance, ssh does not seem to be the problem.... resolving your hostnames does... if you cannot ping by the name "kali" then that is at least part of your problem (and that is not ssh related). With that said, you will need to have ssh installed on the kali box, but that is problem 2, if it is even a problem at all. – WU-TANG Sep 24 '20 at 19:19
  • Does this answer your question? Connect two computers with SSH in a home LAN – user68186 Sep 24 '20 at 19:21

2 Answers2

0

If you want to ssh to a machine using the remote hostname you need to define the IP address of the remote hostname in your config file in the .ssh directory.

vi ~/.ssh/config

Host [hostname]
    HostName [ip_address]
    PreferredAuthentications publickey
    IdentityFile [path_to_ssh_key]
    User [username]
    Port [port]
    AddKeysToAgent yes
    ForwardAgent yes

The HostName, PreferredAuthentcations and IdentityFile are obligated if you want to ssh to a machine using a ssh key. The User, Port, AddKeysToAgent and ForwardAgent are not required.

Watista
  • 1
  • I just did what you said, and yet here's what I get: ssh: connect to host 127.X.X.X port 22: Connection refused – Liana Sep 24 '20 at 17:12
  • @Liana read the answer to this question. – user68186 Sep 24 '20 at 19:50
  • Hello @Liana where did you put this configuration and where did you try to ssh to... and from??? connection to host 127.anything (is the local host) is saying you cannot ssh into the same machine that you are trying to ssh from. There is very very little configuration to set up ssh to work with authorized keys. What you did in your initial question, along with having an ssh server installed on the kali machine should have been enough. So I would be hesitant doing all of these other configurations before solving your name resolution problem. – WU-TANG Sep 24 '20 at 21:27
  • to keep things simple: just add a line to your /etc/hosts file. It needs your kali VM's IP, a space, and your kali VM's hostname.... It should look like: XXX.XXX.XXX.XXX your-kali-VM-hostname ...save it and exit.(The kali VM IP should not start with 127.) Now you should be able to ping your-kali-VM-hostname. Once that it working, then you can try ssh your-kali-VM-hostname. This, your authorized keys, and installing the ssh server on the kali is all you should have done as far as ssh. Firewalls and perhaps NAT/routing may be causing additional problems, but the ping should indicate – WU-TANG Sep 24 '20 at 21:45
  • @WU-TANG Answering your first comment, asking me where I put the configuration. I put it right in the .ssh directory on my local machine. So right besides the public and private keys, there's my file called 'config'. I tried to ssh both from my home and also in the path to my .ssh directory. Nothing changed. It's refused anyway. I wonder why it wouldn't work. – Liana Sep 25 '20 at 14:22
  • @WU-TANG Answering you second comment, about my Kali. A quick and simple sudo ifconfig shows me two interfaces: eth0 and lo. The IP referring to lo starts with 127. It's something inet 127.X.X.X netmask 255.X.X.X. The IP referring to eth0 is like this: inet 10.0.X.XX netmask 225.255.255.X broadcast 10.0.X.255. – Liana Sep 25 '20 at 14:28
  • @WU-TANG My VM is on NAT mode, should I disable this mode? I believe I have ssh installed on both my remote and local machine. – Liana Sep 25 '20 at 14:30
  • @WU-TANG One more thing, by trying to ssh the other way around (from my kali to my ubuntu) gives me this: Permission denied (publickey,password).. It first asked me if I'm sure I want to connect to the remote machine, after pressing enter, it asked me to enter the password. I entered my root password, and it said it was wrong. Now every other time I run ssh ubuntu command, it shows me the same Permission denied (publickey,password). thing without asking for a password again. – Liana Sep 25 '20 at 15:09
  • I would pretty much undo any "config" that you have done (except: add the hostname and IP to /etc/hosts, install ssh on kali, and your initial authorized keys steps).... and that's just to be sure there is nothing there that causes a problem. The 2ND problem you have is NAT, there is a way to create a route to talk to your host, but it may be easier to just switch to "bridge interface mode". When you do that, you need to set the kali IP to be on the same subnet as the host. 127.ANY.THI.NG is not a real IP, it is the localhost, only accessible by itself. – WU-TANG Sep 25 '20 at 19:47
  • if anything, you could try to ssh 10,0.X.XX IP, but I'm not sure if the routing is set automatically when you choose NAT for VMs.... Maybe it is???? try it. I am just assuming it won't work, I always use bridged adapters..... BUT, since you got permission denied from your host, it seems you at least have a route back to your host from your VM... and shell in as a user, not root... so the main things... use the eth0 IP and ssh username@10.0.x.xx... also hopefully you did your authorized keys in user directories, not the root directory? if not, you can redo them as the users. – WU-TANG Sep 25 '20 at 20:10
-1

  1. to connect remote server you first need to install open ssh server.

    • use sudo apt-get openssh-server to install the openssh-server on your remote server.

  2. now you need to change the configuration of your openssh-server.

    • the file name is sshd_config and its located in /etc/ssh/sshd_config.
    • root permissions are needed to access this directory

  3. now you need to allow user and password connection (to connect on the first time to the remote machine).

    • on the sshd_config find #PasswordAuthentication change it to PasswordAuthentication yes careful after creating a key to connect the remote host it is recommended to unable this option because encrypted key is safer then login password.
    • you can use existing user or create a new one.
    • the login command from your host to the remote machine is ssh existuser@ip.
    • the ssh server will ask for password, the password is the user password.
    • if you want to change the ssh port you can do i by deleting the # from #Port 22 on the sshd_config and write another port number that you want to use.

  4. after accessing first time to your remote server you can use an encrypted key to connect the server.

    • run this command on your host computer ssh-keygen -t <encryption type> - it will then generate a private and a public-key, copy your public key to the authorized_keys file on the ssh server.
      • you can copy the public key manual or with ssh-copy-id command by this syntax ssh-copy-id -i ~/.ssh/<keyname> user@hostip
      • after adding your public key to the authorized_keys file witch have to be located in the remote ssh server on this path /<user-home-folder>/.ssh/authorized_keys.
      • now you have to enable the option to connect with authorizedkey on the sshd_config change the #PubkeyAuthentication yes to PubkeyAuthentication yes (just delete the # sine).
      • now you can try to connect the server with your generated private key, after you check that is working, you can remove the option to connect the server with password as a security step.

  5. if you want to improve the security on your ssh server here are few links with more details:

it should work out, if you have any issues during this explain you can ask for more information in the comments and i will help you out.

johncli
  • 199
  • 1
  • 9
  • The commented out configuration options such as #Port 22 are the default. There is no need to remove the # unless you want to change the option from 22 to something else. -1 for unnecessary configuration advice and allowing password based root login. – user68186 Sep 24 '20 at 19:25
  • @user68186 - you know you could guide me by comment and help me to edit the answer instead of hammer down a new user like me that just trying to help, it could be more helpful to improve the forum activity, and i bold out to remove root option after activating private-key, thank you anyway. – johncli Sep 24 '20 at 19:33
  • 1
    OK, first, get rid of the point about PermitRootLogin yes this is an unnecessary security risk. Second, ssh existinguser@ip should work fine. If not, allow access to the existinguser but not root. Third, the point about removing # from PubkeyAuthentication yes is unnecessary fiddling with sshd_config. One should be able to use passward based remote access with the command ssh existinguaser@ip without any modification to the sshd_config in Ubuntu. The OP's problem is with resolving the hostname which he is using instead of the IP. Your answer does not address that issue. – user68186 Sep 24 '20 at 19:44
  • got that, maybe i did not fully understand his question but i thought he got troubles because he did not even install open ssh on his remote server, i will fix all your recommends. – johncli Sep 24 '20 at 19:48
  • I think you may have got the part about installing the openssh-server part right. But that was not clear from the question. The first problem was not being able to resolve the hostname to IP. The other guy's answer solved that initial problem. Then only OP got the "connection refused" error pointing to no open port 22. Which can mean either there is no ssh server running (because it was not installed) or the server is installed but the port 22 was blocked by a firewall rule. – user68186 Sep 24 '20 at 19:57
  • @user68186 i guess you are right, i am really appreciating your help. – johncli Sep 24 '20 at 19:59