Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssh-keys]

an authorization mechanism for SSH involving public-key cryptography.

SSH keys are an authorization mechanism for SSH involving public-key cryptography. It consists of

  • A private/public key pair generated by a utility like ssh-keygen.
  • A configured (in /etc/ssh/sshd_config) SSH daemon that allows public key authentication.
  • A configured user account that has the public key copied to ~/.ssh/authorized_keys.
760 questions
21
votes
9 answers

Trying to SSH in to remote computer but still asking for password

Trying to SSH in to remote computer but still asking for password. I have a number of computers running SElinux and only one of them is giving me a hard time using ssh without the password. I did a ssh-copy-id and I can see my key in the…
JMS1969SF
  • 211
  • 1
  • 2
  • 3
20
votes
7 answers

How to generate host SSH keys via ansible?

I'm trying to re-generate ssh host keys on a handful of remote servers via ansible (and ssh-keygen), but the files don't seem to be showing up. The playbook runs OK, but the files on the remote are not altered. I need to resort to the echo -e…
Server Fault
  • 3,454
  • 7
  • 48
  • 88
20
votes
2 answers

Receiving a private key from server admin: ok or not?

I am to get access to a remote SFTP server. The admin has created a user for me, and generated a public/private key pair for me. Then he securely sent me the private key file, which I use for authentication. I believe this is not good, I should be…
matthiash
  • 311
  • 1
  • 3
20
votes
1 answer

ssh command line specify server host key fingerprint

Using ssh command line (OpenSSH), can I specify the server's host key fingerprint? This is possible with winscp.com using (e.g.) -hostkey="ssh-rsa 2048 AA:BB:CC...etc I have read the man page a couple times, I apologize if I've missed the obvious…
payo
  • 303
  • 1
  • 2
  • 5
20
votes
4 answers

Publishing id_rsa.pub for easier setup of new environments?

To make setting up passwordless SSH easier on new machines and environments, is there any reason why the id_rsa.pub file (just the public half of the key pair) could not be published somewhere on the web? For example in a dotfiles GitHub…
DouglasDD
  • 442
  • 3
  • 11
20
votes
4 answers

How do I import a RSA SSH key into GPG as the _primary_ private key?

I currently have a SSH key that I've used for a while and I'd like to start using GnuPG with a new keyring. However, given that I've used my key for ages, I would like to still use that key in GPG as the main/primary key. I've tried importing the…
SineSwiper
  • 2,539
  • 3
  • 13
  • 10
17
votes
4 answers

SSH into NAT'd servers on the same public IP address

I am trying to SSH from in office X to a few Linux boxes in office Y. The Linux boxes in office Y are behind NAT and each run on their own ports. I can successfully reach all of them through SSH, but I cannot authenticate. I was able to SSH into the…
Copy Run Start
  • 724
  • 1
  • 9
  • 27
17
votes
2 answers

Are there any security benefits to deploying custom SSH DH groups to client-only systems?

One suggested mitigative strategy against Logjam-related attacks on SSH is to generate custom SSH Diffie-Hellman groups using something like (the below being for OpenSSH) ssh-keygen -G moduli-2048.candidates -b 2048 ssh-keygen -T moduli-2048 -f…
user
  • 4,267
  • 4
  • 32
  • 70
17
votes
4 answers

Turn off strict checking of ssh keys

Each user creates and destroys 15+ VM's per day. The VM's are created in the company's internal OpenStack cloud. Every time a new vm is assigned an ip address which has previously been handed out, the user gets the dreaded host key verification…
spuder
  • 1,695
  • 2
  • 25
  • 42
17
votes
4 answers

SSH Public Key Format

I have a public key in the format: ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "somename-20060227" AAAAB3NzaC1yc2EAAAABJQAAAIBmhLUTJiP[and so on]== ---- END SSH2 PUBLIC KEY ---- Usually I see keys in the format like this: ssh-rsa…
Björn
  • 385
  • 2
  • 3
  • 9
17
votes
2 answers

Load key "privkey.ppk" invalid format

What have I done: I'm trying to connect to my remote server with private key with ssh -i privkey.ppk root@ip But it's returning an error. Error message: Load key "privkey.ppk": invalid format root@ip: Permission denied (publickey). Expected…
AATHITH RAJENDRAN
  • 387
  • 1
  • 2
  • 11
16
votes
1 answer

SSH ForwardAgent multiple hops

I've been looking for a solution to the following problem for the past 2 hours with no luck. Development: I'm using publickey authentication to connect to my servers. I use ssh-agent forwarding in order to not have to manage public/privates…
liquidity
  • 408
  • 1
  • 7
  • 22
15
votes
2 answers

How to revoke an ssh certificate (not ssh identity file!)

I've generated an ssh certificate like this: ssh-keygen -f ca_key # generate a ssh keypair for use as a certificate generate a host key ssh-keygen -s ca_key -I cert_identifier -h host_key.pub specify the host key in the server's sshd config file:…
rorycl
  • 848
  • 1
  • 6
  • 10
14
votes
1 answer

AuthorizedKeysFile line commented out but still seems to work

I'm setting up a server on Linode and following their Securing Your Server guide. They recommend setting up ssh key pair authentication. I have already uploaded my public key to server and the key pair authentication seems to work fine, but how does…
Adam Johns
  • 315
  • 1
  • 2
  • 7
14
votes
1 answer

User@host in a SSH-RSA public key

What role does the user@host that often appears at the end of a public ssh-rsa key play? Is it necessary? Does if serve any purpose in the authentication, or is it simply a record of who and where the key was created by for the information…
usedTobeaMember
  • 616
  • 15
  • 25
1 2
3
50 51