Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssh-keys]

an authorization mechanism for SSH involving public-key cryptography.

SSH keys are an authorization mechanism for SSH involving public-key cryptography. It consists of

  • A private/public key pair generated by a utility like ssh-keygen.
  • A configured (in /etc/ssh/sshd_config) SSH daemon that allows public key authentication.
  • A configured user account that has the public key copied to ~/.ssh/authorized_keys.
792 questions
23
votes
3 answers

Putting RSA keys into azure key vault

How can I store my key pair (typically the id_rsa and id_rsa.pub) in azure key vault. I want to put the public key in my GIT service and allow a virtual machine to download the private key from Azure key vault -> So that it can access GIT…
MercilessMaverick
  • 397
  • 1
  • 2
  • 7
22
votes
7 answers

How to generate host SSH keys via ansible?

I'm trying to re-generate ssh host keys on a handful of remote servers via ansible (and ssh-keygen), but the files don't seem to be showing up. The playbook runs OK, but the files on the remote are not altered. I need to resort to the echo -e…
Server Fault
  • 3,714
  • 12
  • 54
  • 89
22
votes
1 answer

ssh command line specify server host key fingerprint

Using ssh command line (OpenSSH), can I specify the server's host key fingerprint? This is possible with winscp.com using (e.g.) -hostkey="ssh-rsa 2048 AA:BB:CC...etc I have read the man page a couple times, I apologize if I've missed the obvious…
payo
  • 323
  • 1
  • 2
  • 5
22
votes
9 answers

Trying to SSH in to remote computer but still asking for password

Trying to SSH in to remote computer but still asking for password. I have a number of computers running SElinux and only one of them is giving me a hard time using ssh without the password. I did a ssh-copy-id and I can see my key in the…
JMS1969SF
  • 221
  • 1
  • 2
  • 3
22
votes
4 answers

How do I import a RSA SSH key into GPG as the _primary_ private key?

I currently have a SSH key that I've used for a while and I'd like to start using GnuPG with a new keyring. However, given that I've used my key for ages, I would like to still use that key in GPG as the main/primary key. I've tried importing the…
SineSwiper
  • 2,629
  • 3
  • 14
  • 10
21
votes
5 answers

SSH Public Key Format

I have a public key in the format: ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "somename-20060227" AAAAB3NzaC1yc2EAAAABJQAAAIBmhLUTJiP[and so on]== ---- END SSH2 PUBLIC KEY ---- Usually I see keys in the format like this: ssh-rsa…
Björn
  • 425
  • 2
  • 4
  • 9
20
votes
2 answers

Receiving a private key from server admin: ok or not?

I am to get access to a remote SFTP server. The admin has created a user for me, and generated a public/private key pair for me. Then he securely sent me the private key file, which I use for authentication. I believe this is not good, I should be…
matthiash
  • 311
  • 2
  • 3
20
votes
4 answers

Publishing id_rsa.pub for easier setup of new environments?

To make setting up passwordless SSH easier on new machines and environments, is there any reason why the id_rsa.pub file (just the public half of the key pair) could not be published somewhere on the web? For example in a dotfiles GitHub…
DouglasDD
  • 513
  • 3
  • 16
20
votes
2 answers

Load key "privkey.ppk" invalid format

What have I done: I'm trying to connect to my remote server with private key with ssh -i privkey.ppk root@ip But it's returning an error. Error message: Load key "privkey.ppk": invalid format root@ip: Permission denied (publickey). Expected…
AATHITH RAJENDRAN
  • 467
  • 1
  • 3
  • 11
19
votes
4 answers

Turn off strict checking of ssh keys

Each user creates and destroys 15+ VM's per day. The VM's are created in the company's internal OpenStack cloud. Every time a new vm is assigned an ip address which has previously been handed out, the user gets the dreaded host key verification…
spuder
  • 1,725
  • 3
  • 26
  • 42
19
votes
4 answers

How to set public SSH key for root user on server?

I'm trying to follow Slicehost Document to setup my server. I reached SSH section. I made it as written, but when i logged out from root, i cant access root@IP_ADDRESS -p 30000 again! but i can access user@IP_ADDRESS -p 30000. So, the question is,…
amrnt
  • 359
  • 1
  • 3
  • 9
18
votes
4 answers

SSH into NAT'd servers on the same public IP address

I am trying to SSH from in office X to a few Linux boxes in office Y. The Linux boxes in office Y are behind NAT and each run on their own ports. I can successfully reach all of them through SSH, but I cannot authenticate. I was able to SSH into the…
Copy Run Start
  • 734
  • 1
  • 9
  • 27
17
votes
2 answers

Are there any security benefits to deploying custom SSH DH groups to client-only systems?

One suggested mitigative strategy against Logjam-related attacks on SSH is to generate custom SSH Diffie-Hellman groups using something like (the below being for OpenSSH) ssh-keygen -G moduli-2048.candidates -b 2048 ssh-keygen -T moduli-2048 -f…
user
  • 4,335
  • 4
  • 34
  • 71
16
votes
1 answer

SSH ForwardAgent multiple hops

I've been looking for a solution to the following problem for the past 2 hours with no luck. Development: I'm using publickey authentication to connect to my servers. I use ssh-agent forwarding in order to not have to manage public/privates…
liquidity
  • 418
  • 1
  • 7
  • 22
15
votes
2 answers

How to revoke an ssh certificate (not ssh identity file!)

I've generated an ssh certificate like this: ssh-keygen -f ca_key # generate a ssh keypair for use as a certificate generate a host key ssh-keygen -s ca_key -I cert_identifier -h host_key.pub specify the host key in the server's sshd config file:…
rorycl
  • 848
  • 1
  • 6
  • 10
1 2
3
52 53