Questions tagged [ssh-keys]

an authorization mechanism for SSH involving public-key cryptography.

SSH keys are an authorization mechanism for SSH involving public-key cryptography. It consists of

  • A private/public key pair generated by a utility like ssh-keygen.
  • A configured (in /etc/ssh/sshd_config) SSH daemon that allows public key authentication.
  • A configured user account that has the public key copied to ~/.ssh/authorized_keys.
792 questions
3
votes
3 answers

Administrative access to a server via SSH key

Is it a good idea to set the SSH key directly for the root user for administrative access to a server? Or is it better to use another user for SSH access via SSH key, followed by sudo command? Is the answer different if the server is publicly…
phanaz
  • 360
  • 2
  • 9
3
votes
1 answer

SSH agent: `sign_and_send_pubkey: signing failed for ECDSA-SK ... from agent: agent refused operation` except very first time

I have an ecdsa-sk keypair that I generated and added to my github account (tied to a yubikey). If I try any connection using that key, such as git push, I get: sign_and_send_pubkey: signing failed for ECDSA-SK "[...]/.ssh/id_ecdsa_sk" from agent:…
Allen
  • 131
  • 6
3
votes
2 answers

Setting up sftp on Amazon Linux 2 with ssh keys, user segregation (sftp vs ssh), different ports, and user directory constraints

TDLR: I have a Catch 22 where, depending on permissions on the user's home directory, I can get the SSH authentication to work, or the user directory constraints, but not both. BTW, I really want to roll my own SFTP server. Please don't recommend I…
Kevin Buchs
  • 353
  • 1
  • 3
  • 20
3
votes
0 answers

Using SSH key for install npm module from private repository inside docker

I make container for nodejs project. Inside the project I am using private repository. I need an access to it. For that I am using next Dockerfile FROM node:15 RUN echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config RUN mkdir -p -m 0600 ~/.ssh…
Eugene
  • 157
  • 1
  • 8
3
votes
1 answer

Adding ssh keys to a new server without having previously set up users on that server

I've setup a clean new VPS running Ubuntu 20.04 LTS with Hetzner and would like to access it via ssh. Here is what I've tried to do: I have added my public ssh key (passphrase-less) in Hetzner's online GUI. That looked something like this: ssh-rsa…
Karoh
  • 155
  • 2
  • 7
3
votes
1 answer

Can't connect to server via SSH using gpg-agent

I'm trying to connect to a VM on Google Cloud. I've created a public key to use for SSH and added the key to the cloud instance. I have SSH_AUTH_SOCK set to the file used by gpg-agent. ~/.gnupg/gpg-agent.conf default-cache-ttl 600 max-cache-ttl…
2
votes
1 answer

Correct configuration of the SSHD config file?

I'm using ssh on my linux box, I want to secure it to be as watertight as possible, only allowing ssh via ed25519 elliptic curve crypto sigs. I thought I had it setup correctly, disabling password, no PAM, etc. It seemed to be working properly but…
Woodstock
  • 103
  • 1
  • 1
  • 11
2
votes
1 answer

Unable to SSH to Synology NAS

Here is the sequence of events: I added my RSA key to .ssh/[my admin user], updated permission, and disabled SSH authentication by password months ago. I formatted my desktop and I forgot to re-enable the SSH authentication by password. Then, my…
HCSF
  • 245
  • 3
  • 14
2
votes
3 answers

Cannot find my generated SSH key

I'm trying to create an SSH key to eventually use to connect to a cloud based VM. (base) Mac:~ user$ ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/Users//.ssh/id_rsa):…
Ari
  • 143
  • 1
  • 1
  • 7
2
votes
3 answers

duplicity backup fails: "Private key file is encrypted"

I am trying to upload my first duplicity backup to a remote server and it fails. It is the first time I am using the tool and it did not work before. duplicity /home/me/Documents/ scp://me@//home/me/bak This is the answer I…
transient_loop
  • 499
  • 1
  • 4
  • 15
2
votes
1 answer

Can OpenSSH automatically disconnect session at end of cert-based key's valid period?

I'm aware of the ability to logout inactive SSH sessions after a period of time but leaving something like "top" open works around that. This question is more in the context of forceful disconnects and likely with cert-based keys. For example, take…
Rob Olmos
  • 2,240
  • 1
  • 15
  • 26
2
votes
3 answers

What can someone do with your SSH Private Key?

What exactly can someone do with my Private Key after they used my laptop to create a SSH Public Key? After reading a few websites, it looks like they can access a server pretending they are me when using their own computer. Is this right? Can they…
LWYMUFC
  • 21
  • 1
  • 2
2
votes
3 answers

Differing ssh host key in Container-Optimized OS instance

I created a Container-Optimized OS instance in the Google Cloud. When I try to connect to it via ssh from outside the ssh host key fingerprint shown differs from the output of ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub in the instance: What…
2
votes
1 answer

How to setup ssh for a couple of servers?

I'm pretty confused about how ssh really works, and I have already asked a couple of questions related to this, but I suspect I'm going in the XY-problem trap. So, what I want is this. I want to be able to login to a couple of servers from a client…
klutt
  • 167
  • 1
  • 8
2
votes
1 answer

How to fetch ssh keys from servers?

I need to login to a host via ssh, get a keyfile, close the connection and then use the key to login without password on several machines. The underlying problem is that I need to perform tests on a couple of servers via ssh. I have already…
klutt
  • 167
  • 1
  • 8