Questions tagged [ssh-keys]
an authorization mechanism for SSH involving public-key cryptography.
797
questions
0
votes
0
answers
16
views
Custom Linux AMI: How does AWS know where to install account SSH .PEM files when an AMI is provisioned?
We are building a custom AMI from a template EC2 EBS instance snapshot (Oracle Linux 8). This page shows there are many different user names depending on the AMI you choose:
https://docs.aws.amazon....
1
vote
1
answer
64
views
Remote Linux server GitHub permission denied publickey issues
I am experiencing publickey permission issues when trying to pull a private repo from GitHub to a remote Linux server.
Update
Ran ssh -v -o IdentitiesOnly=yes -i ~/.ssh/id_rsa [email protected] command ...
0
votes
0
answers
32
views
How safely obtain and check host public key for `known_hosts`?
For a newly deployed instance I get the following message for the first time SSH connection:
The authenticity of host '[hostname] ([IP address])' can't be established.
RSA key fingerprint is [key ...
10
votes
4
answers
3k
views
How do I prevent users from messing with their own .ssh folder?
I'm administrating a RedHat server where users log in through SSH with private/pub key based authentication.
I'd like to prevent them from accidentally changing / deleting /chmoding the content of ...
0
votes
1
answer
68
views
How to prevent OpenSSH from creating a new known_hosts file every time it updates it?
It seems that every time I accept a new host key, ssh (I've tested 8.6p1 and 9.3p2) does the following steps:
Move the known_hosts file to known_hosts.old;
Create a new known_hosts file;
Copy the ...
0
votes
0
answers
40
views
Can not SSH to GUI Ubuntu on Login Screen
I have a laptop with Ubuntu installed, and I've set up SSH using a key, and everything was working fine (I could SSH into the laptop from another computer).
Then, I rebooted the laptop, and on the ...
0
votes
2
answers
141
views
How to remove all lines with the same public key from known_hosts?
Let's imagine the following scenario.
I have an host key ABCDEF1234 for a given hostname, so my known_hosts file looks like this (unhashed version):
example.com ssh-rsa ABCDEF1234
Now I connect to it,...
0
votes
1
answer
38
views
Home directory, user database and key-based authentication
I want to share it NFS share with my users just like the home-directories (traditional way), but I don't want to create the users instead I want to get the server integrated with the github or google ...
-2
votes
2
answers
58
views
the theory of SSH public and Private key and its application in realworld machines [closed]
there.
In this question, I have a very specific one about public and private keys. So Public keys should be put on the opposite side. For example, if we have a server, the public key of the server ...
0
votes
1
answer
46
views
SSH tries other keys despite specifying a key with -i option
For the same user, I have two keys on the local machine. On the remote server, both keys are in the authorized_keys file.
I delete one of the keys in the authorized_keys file.
I then try to ssh with ...
0
votes
0
answers
64
views
SSH CA-signed key does not work from certain hosts
I've tried to setup CA signed ssh user keys.
I got my configuration working on most clients, there seems to be problem on a few specific ones.
The key verification fails and they are prompted for ...
0
votes
0
answers
11
views
GCP VM instance not showing LESS keys as GCP editing instance metadata?
authorized_keys is missing AFTER I add my ssh key to an instance in GCP so then I connect via browser and authorized_keys is generated with 1. 'TWO keys'. I then click edit on instance and I see 2. '...
0
votes
2
answers
148
views
How does SSH host verification for github.com provide any value?
Running git clone [email protected]/repo.git warns me of a potential man-in-the-middle attack when GitHub change their SSH key, and that's cool. I then get the new key by running ssh-keyscan -t rsa ...
0
votes
0
answers
120
views
Linux server ssh connection wont authenticate my account using ssh key gen and prompts me for password
I am facing an issue in Ubuntu 22.04.2. where I am unable to SSH into a remote server using a copied public key. I have generated an SSH key pair on my local machine using a bash terminal, and I have ...
0
votes
1
answer
884
views
What is the host key (the one from ssh connection) and how is it different from public-private key pair?
The situation is that I've had a VPS created previously. It was all set up, private-public key authentication, root login turned off, password login turned off. Everything was set up.
Then this server ...
3
votes
0
answers
7k
views
What is the meaning of this line from ssh output: 'Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling'?
Everything works, ssh connects using private-public ssh key pair.
Just few things in ssh -v Ora2 output isn't clear for me.
This is complete ssh -v Ora2 output:
PS C:\Users\roeslermichal> ssh -v ...
0
votes
1
answer
450
views
Permission denied (publickey) error when managing GCP machine via Ansible (running on GCP VM) despite successful SSH connection
I deployed two machines to GCP via Terraform. Let's call them control-host and target-host. I want to manage the target-host via Ansible installed on the control-host.
Unfortunately, I keep getting ...
2
votes
2
answers
1k
views
Why I can not ssh to my Vagrant host? [email protected]: Permission denied (publickey)
I created 5 VMs for my project
vagrant status
Current machine states:
master-1 running (virtualbox)
master-2 running (virtualbox)
master-3 running (...
0
votes
1
answer
34
views
SSH key for 2 client users to 1 server user
If this is a duplicate, I'm sorry.
I have searched my case but I couldn't find the right scenario that resembles my situation, although I thought that this situation must have come up before for ...
1
vote
1
answer
270
views
Validate all public keys in authorized_file
In my authorized_file i have multiple public keys against one private key. Now i want to add a task in ansible which will validate that all public keys are valid keys and good for connection. My aim ...
2
votes
2
answers
421
views
Avoid SSH AgentForwarding of incompatible keys
Good morning,
I have one ed25519-sk key (using a hardware token), which I need only on my personal machine for some high security servers (all Debian). This key type is supported by OpenSSH 8.3+. We ...
0
votes
1
answer
257
views
sshd not providing ecdsa/ed25519 host key algos
we have setup'd a bastion that only responds with the ssh-rsa host key algorithm when querying:
ssh-keyscan bastion.ops.dev.xxx.com
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
# bastion.ops.dev....
1
vote
1
answer
889
views
Adding my SSH key to new user with only SSH access through key
I'm quite new to this, and I've looked through questions but haven't found one that quite matches my problem, or rather I didn't sufficiently understand them to be able to solve this issue.
I have a ...
0
votes
0
answers
588
views
ssh illegal option while trying to connect to remote server
trying to ssh from my macbook pro, to a remote server,
ssh ayan@ServerIPAddress
gives the following error
ssh: illegal option -- ?
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
...
0
votes
1
answer
228
views
Needs a clarification for the ssh-copy-id command
Say I have two computers connected to the same Wifi network. Let's call them computer-A & computer-B.
I am using computer-A, I can ping computer-B without issues.
Now, on computer-A, I have ...
2
votes
0
answers
64
views
User account auto-creation using SSH certificate authentication
My SSH server is configured to use certificate authentication, so it will trust anyone who presents a certificate issued by the user CA when they connect.
For reasons related with audit logs, I don't ...
0
votes
1
answer
43
views
Install SSH key in an account that has no "usable" shell
A remote SSH server has a guest account with a known, non-blank password, that when logged in directly executes a text-based terminal game (not sure if via command, shell, or another method). The ...
0
votes
1
answer
30
views
Github Deploy Key Pattern
My Deployment Pattern
I have a setup as shown in the diagram above, where have a github account which owns a number of private repositories. I have a number of machines in the field that each include ...
0
votes
0
answers
140
views
Using PasswordAuthentication yes in sshd config but password is not accepted during login
I tried to enable password authentication in CentOS 7 only for one user - auditor, by having this lines in my sshd.config (at the end of file):
PubkeyAuthentication yes
ChallengeResponseAuthentication ...
2
votes
1
answer
227
views
Use OpenSSH to make a key exchange with NTRU Prime
I would like to make a key exchange for a symmetric key from the client to the server with the NTRU Prime algorithm (for test reasons). I already installed OpenSSH 9.1 on both sides and checked ...
0
votes
0
answers
50
views
how to use systemctl with pem file for remote commands
I am wondering an anyone tell me how to use a pem file with the systemctl command in order to be able to issue a remote command whilst logging in using the pem?
I am running it on Ubuntu 22.04
...
4
votes
3
answers
3k
views
Why the RHEL8 system do not generate SSH host keys automatically when missing?
On the RHEL 8 and previous it is usual, that the SSH host keys in /etc/ssh are generated automatically by sshd service when missing. Usually there should be:
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/...
3
votes
1
answer
2k
views
How to ssh-copy-id through a jump-host? Something similar to the -J option with ssh command
I use a jump host to connect to the remote servers through SSH.
I use the following linear command for the connection.
ssh -J jumpuser@jumphost:2455 remoteuser@remotehost
It works fine.
But for new ...
0
votes
1
answer
68
views
Cannot add passwordless private key with ssh-add on remote server
I can add a passwordless id_ed25519 file locally using ssh-add -k, but not on my remote server.
Locally:
☁ ~ ssh-add -l
The agent has no identities.
☁ ~ ssh-add -k ~/.ssh/id_ed25519
Identity added:...
1
vote
1
answer
949
views
Why do i need to restrict permissions on a PEM key?
I have a .pem key file that i use to ssh to my ec2 server. I've moved this key file to an encrypted external SSD disk. This has caused the owner of the pem key to be set to 'everyone'.
When i try to ...
11
votes
2
answers
4k
views
ssh how to allow a very limited user with no home to login with pubkey
I have a very restricted user in my ssh server created with --no-create-home and --shell /bin/false.
I know I can define authorized_keys file in sshd_configs for the user's public key. But how can I ...
1
vote
0
answers
695
views
Connection closed by remote host when copying client public key to sftp server
I want to copy the client public keys for a container to a remote sftp server and after that attempt do some uploads to the server via bash script(the bash script will be invoked when the container ...
0
votes
1
answer
559
views
back up and restore host ssh_keys using cloud init autoinstall ubuntu
I am trying to automate VM installations for ubuntu 22.04 using autoinstall,cloud-init, qcow2 and virt-install. When I am reinstalling the OS on the same qcow2 file, I have a script that is run in ...
0
votes
0
answers
51
views
Tentative of shh->rsync to wrong IP; potential security risk?
I have set up a little RPI backup 'server' (with rpi OS) on my LAN. I use it to create a backup of my main personal machine data using rsync, and I reach it from outside my network through SSH (key-...
0
votes
2
answers
422
views
After install last version on ubuntu server 22 i can`t make ssh key connect to remote server
I did all the steps to create the key as I normally do:
ssh-keygen -t ed25519
next
ssh-copy-id -i /home/derbauer/.ssh/id_rsa.pub -p 12122 [email protected]
here everything goes normally
But in the ...
3
votes
3
answers
694
views
Administrative access to a server via SSH key
Is it a good idea to set the SSH key directly for the root user for administrative access to a server?
Or is it better to use another user for SSH access via SSH key, followed by sudo command?
Is the ...
0
votes
1
answer
2k
views
SSH Permission denied (public key)
I am trying to create my own SSH key to connect from one VM A to another VM B (both are Debian/bullseye64 systems).
Both VMs are configured to be on a public network using vagrant on my system with A ...
0
votes
1
answer
115
views
Pull ssh key from github server
Many users have their own public ssh keys on github. Is there an easy way to get it knowing someone else's username?
I know it's possible - the ubuntu installer gets the keys somehow - but I can't ...
0
votes
1
answer
2k
views
SSH permission denied
I have problem logging using ssh to company server.
I have my local ~/.ssh/config;
Host target
HostName xx.yy.zzz.aaa
User abcd
IdentityFile ~/.ssh/id_ed25519
IdentitiesOnly=yes
I have other ...
2
votes
1
answer
2k
views
SSH2 fails authentication with a working key converted with PuttyGen (due to deprecated ssh-rsa?)
I have an EC2 instance authenticated with a key-pair generated by AWS.
With Putty, I can connect to the instance by providing the private key in a PPK file.
When I try to use SSH2 (via one of the ...
1
vote
0
answers
25
views
no passphrase asked on copied ssh-key
I used an id_ed25519 key on a Debian Bullseye to connect to our remote servers, which had a passphrase. My laptop crashed so I recovered the key from a backup and started using it on an Ubuntu 22.04.
...
1
vote
1
answer
425
views
Ansible file lookup works for debug, but doesn't work for authorized_key module — how to implement taking key from a file?
I am trying to build a playbook which includes distributing authorized SSH keys.
Each user's key is put into its own file named after the username. Users who need to be distributed are set in the ...
0
votes
1
answer
132
views
How to enable ssh for supporters with intelligent key management?
My situation is the following:
Am having a lot of customers in a VPN network.
Each supporter is having a computer which is also in the VPN.
Each supporter should be able to log in into all systems ...
4
votes
1
answer
2k
views
SSH agent: `sign_and_send_pubkey: signing failed for ECDSA-SK ... from agent: agent refused operation` except very first time
I have an ecdsa-sk keypair that I generated and added to my github account (tied to a yubikey). If I try any connection using that key, such as git push, I get:
sign_and_send_pubkey: signing failed ...
0
votes
1
answer
141
views
Why does SSH complain about key file permissions even though the key file is passwort protected? [closed]
I have a private key file, which is password protected. But when i try to use it, ssh complains about the permissions:
ssh -i example.pem root@myserver
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...