Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssh-keys]

an authorization mechanism for SSH involving public-key cryptography.

SSH keys are an authorization mechanism for SSH involving public-key cryptography. It consists of

  • A private/public key pair generated by a utility like ssh-keygen.
  • A configured (in /etc/ssh/sshd_config) SSH daemon that allows public key authentication.
  • A configured user account that has the public key copied to ~/.ssh/authorized_keys.
792 questions
218
votes
11 answers

"Add correct host key in known_hosts" / multiple ssh host keys per hostname?

Trying to ssh into a computer I control, I'm getting the familiar message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! …
Samuel Edwin Ward
  • 2,363
  • 3
  • 14
  • 12
176
votes
5 answers

What's the difference between authorized_keys and authorized_keys2?

Just wanted a quick summary of the differences between them and why there are two?
Jon
  • 2,121
  • 2
  • 13
  • 13
132
votes
4 answers

What significance does the user/host at the end of an SSH public key file hold?

I can’t figure out why does an SSH public key file generated by ssh-keygen have a user and host at the end of it. Example: id_rsa.pub ssh-rsa ... rest of file ... /CA9gyE8HRhNMG6ZDwyhPBbDfX root@mydomain Notice the root@mydomain at the end of the…
Basil A
  • 2,060
  • 3
  • 18
  • 18
132
votes
4 answers

how do you create an ssh key for another user?

I'm trying to create an ssh key for another user. I'm logged in as root. Can I just edit the files generated by ssh-keygen and change root to the user I want?
user962449
  • 1,447
  • 2
  • 12
  • 6
111
votes
8 answers

Why does my OpenSSH key fingerprint not match the AWS EC2 console keypair fingerprint?

When I import my OpenSSH public key into AWS EC2's keyring the fingerprint that AWS shows doesn't match what I see from: ssh-keygen -l -f my_key It is a different length and has different bytes. Why? I'm sure I uploaded the correct key.
Craig Ringer
  • 11,083
  • 9
  • 40
  • 61
96
votes
1 answer

How do I validate an RSA SSH public key file (id_rsa.pub)?

Is there a command I can use to verify the public key (id_rsa.pub), just the format only. Sometimes I have added a new linebreak, sometimes the file missed the ssh-rsa prefix, so is there a command to validate with?
Ryan
  • 5,831
  • 24
  • 72
  • 91
82
votes
1 answer

SSH Allow Password For One User, Rest Only Allow Public Keys

Is it possible with ssh to allow passwords from a certain user, but deny using passwords for everybody else? Basically I want to allow password auth for user justin but everybody else must use public keys. PasswordAuthentication no Seems to be…
Justin
  • 5,328
  • 19
  • 64
  • 84
82
votes
15 answers

What causes SSH error: kex_exchange_identification: Connection closed by remote host?

I setup a SSH server online that is publicly accessible by anyone. Therefore, I get a lot of connections from IPs all over the world. Weirdly, none actually try to authenticate to open a session. I can myself connect and authenticate without any…
soliz
  • 922
  • 1
  • 5
  • 7
74
votes
11 answers

Why is SSH password authentication a security risk?

Most guides for OpenSSH configuration advise to disable password authentication in favor of key-based authentication. But in my opinion password authentication has a significant advantage: an ability to connect from absolutely anywhere without a…
Septagram
  • 937
  • 1
  • 8
  • 13
66
votes
3 answers

Temporarily disable ssh public key authentication from client

Is there a way to temporarily disable public key authentication when ssh'ing, and use password authentication instead? I currently want to access remote server, but I'm using another laptop, not mine. Browsing that link, I found that the command ssh…
Nsukami _
  • 771
  • 1
  • 5
  • 8
64
votes
7 answers

How to change a SSH host key?

I cloned a server and so they've the same RSA key fingerprint. It seems to be defined in /etc/ssh/ssh_host_rsa_key.pub. What is the correct way to change that? Thanks.
Pascal Polleunus
  • 1,353
  • 2
  • 11
  • 14
56
votes
11 answers

Is there an equivalent to ssh-copy-id for Windows?

Is there any equivalent or port of ssh-copy-id available for Windows? That is, is there an easy way to transfer SSH keys from a local machine to a remote server under Windows? In case it helps, I'm using Pageant and Kitty (a Putty alternative)…
Matt V.
  • 837
  • 1
  • 9
  • 12
50
votes
7 answers

How to get all fingerprints for .ssh/authorized_keys(2) file

Is there a simple way to get a list of all fingerprints entered in the .ssh/authorized_keys || .ssh/authorized_keys2 file? ssh-keygen -l -f .ssh/authorized_keys will only return fingerprint of first line / entry / publickey hack with awk: awk…
childno͡.de
  • 642
  • 1
  • 5
  • 14
44
votes
1 answer

What is the meaning of an equal sign = or == at the end of a SSH public key?

I just noticed that most of the ssh pubkeys in my authorized_keys end on == or = E.g. ssh-rsa…
Lukas Loesche
  • 960
  • 1
  • 7
  • 11
41
votes
5 answers

Smoothest workflow to handle SSH host verification errors?

This is a simple issue that we all face and probably resolve manually without giving much thought. As servers change, are re-provisioned, or IP addresses reallocated, we receive the SSH host verification message below. I'm interested in…
ewwhite
  • 197,159
  • 92
  • 443
  • 809
1
2 3
52 53