Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [public-key]

283 questions
22
votes
1 answer

ssh command line specify server host key fingerprint

Using ssh command line (OpenSSH), can I specify the server's host key fingerprint? This is possible with winscp.com using (e.g.) -hostkey="ssh-rsa 2048 AA:BB:CC...etc I have read the man page a couple times, I apologize if I've missed the obvious…
payo
  • 323
  • 1
  • 2
  • 5
21
votes
6 answers

certutil: function failed: security library: bad database

when I'm using certutil it returns this error: certutil: function failed: security library: bad database. e.g. I can't list certs or keys How Can I fix this?
Zim3r
  • 1,454
  • 5
  • 24
  • 45
21
votes
5 answers

SSH Public Key Format

I have a public key in the format: ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "somename-20060227" AAAAB3NzaC1yc2EAAAABJQAAAIBmhLUTJiP[and so on]== ---- END SSH2 PUBLIC KEY ---- Usually I see keys in the format like this: ssh-rsa…
Björn
  • 425
  • 2
  • 4
  • 9
20
votes
8 answers

Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY

I have a catch 22 trying to: # apt-get update [... good lines omitted] W: GPG error: http://backports.debian.org lenny-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY…
David Bullock
  • 821
  • 3
  • 15
  • 21
17
votes
3 answers

OpenSSH with public keys from database

Is it possible to fetch the public keys from a database instead of the authorized_keys file? I would like to use such a setup to manage ssh access to things like git repositories for multiple users without the need to recreate the authorized_keys…
Fionn
  • 475
  • 5
  • 15
16
votes
1 answer

PEM File "CERTIFICATE" vs "PUBLIC KEY"

I have a PEM file that looks like: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- which I can convert to another PEM file using: openssl x509 -in key.crt -pubkey -noout. The new PEM file now looks like: -----BEGIN PUBLIC…
Alex Rothberg
  • 481
  • 2
  • 4
  • 8
16
votes
2 answers

Force SSH public key authentication for specific users

Is it possible to force specific users to login with public key, while allowing other users to login with password? Since public key authentication (with passphrase) is stronger than password-only authentication, we would like to require sudoers to…
Reci
  • 263
  • 1
  • 2
  • 4
14
votes
2 answers

Linux ssh: allow public-key authentication without giving user read rights to private key

Users logged in on my Linux server should be able to ssh to a specific remote machine with a default account. The authentication on the remote machine uses public key, so on the server the corresponding private key is available. I don't want the…
Philipp
  • 505
  • 1
  • 5
  • 13
14
votes
1 answer

User@host in a SSH-RSA public key

What role does the user@host that often appears at the end of a public ssh-rsa key play? Is it necessary? Does if serve any purpose in the authentication, or is it simply a record of who and where the key was created by for the information…
usedTobeaMember
  • 616
  • 15
  • 25
14
votes
2 answers

What do the different parts of "known_hosts" entries mean?

Below is an known_hosts entry. The part that starts with ssh-rsa and goes to the end is a public key. What are the other parts (the characters before ssh-rsa)? |1|KnbIIJIPrL/1p7ofUV74sK+j/Gc=|wrjOFnPgoF0afgH0PeRtRqSdgvc= ssh-rsa …
Emanuil Rusev
  • 901
  • 3
  • 10
  • 16
14
votes
5 answers

Why does a SSH public key sit on the server and not with the client?

I don't quite understand the theory behind keeping public keys on the server. In the lockbox analogy of public/private keys, to unlock Alice's box, Alice holds the private key while the public key is distributed to Bob. It would seem that the server…
rayhem
  • 255
  • 1
  • 2
  • 8
13
votes
3 answers

How to export my SSH's public key?

I need to set up ssh sessions between two servers and do not want to make the script fill in username and password everytime. However I cannot seem to find out where the SSH server is using its config from. bash-2.05# ssh -V Sun_SSH_1.1, SSH…
Chris Dale
  • 1,553
  • 2
  • 12
  • 22
12
votes
2 answers

Is it possible to use a gpg public key to encrypt a message without importing the key?

Sometimes I might want to use someone's gpg key to send a message but will have no need to ever use the key again. Importing the key in this instance seems unnecessary. I've searched, but can't find anything suggesting this is possible. It is a bit…
Patrick Keery
  • 123
  • 1
  • 4
12
votes
4 answers

ssh still accepts password authentication despite being configured for public-key only authentication (which works!)

I have configured an Ubuntu 10.04LTS desktop install to only allow public key authentication. RESULT: public key authentication works perfectly! QUESTION: The problem is that despite being configured to only accept public key authentication the…
rfreytag
  • 1,195
  • 1
  • 10
  • 11
12
votes
5 answers

How public should a public key be allowed to become?

I have a script that I use to setup new slices on slicehost and one of the steps is to add my public key to the authorized_keys file. At the moment I scp a key manually, but ideally I would have the script download the key. So if my public key was…
Peter Coulton
  • 231
  • 2
  • 7
1
2
3
18 19