Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssh-keys]

an authorization mechanism for SSH involving public-key cryptography.

SSH keys are an authorization mechanism for SSH involving public-key cryptography. It consists of

  • A private/public key pair generated by a utility like ssh-keygen.
  • A configured (in /etc/ssh/sshd_config) SSH daemon that allows public key authentication.
  • A configured user account that has the public key copied to ~/.ssh/authorized_keys.
792 questions
14
votes
1 answer

AuthorizedKeysFile line commented out but still seems to work

I'm setting up a server on Linode and following their Securing Your Server guide. They recommend setting up ssh key pair authentication. I have already uploaded my public key to server and the key pair authentication seems to work fine, but how does…
Adam Johns
  • 315
  • 1
  • 2
  • 7
14
votes
1 answer

User@host in a SSH-RSA public key

What role does the user@host that often appears at the end of a public ssh-rsa key play? Is it necessary? Does if serve any purpose in the authentication, or is it simply a record of who and where the key was created by for the information…
usedTobeaMember
  • 616
  • 15
  • 25
14
votes
1 answer

Can Bash Tell Me Which SSH Public Key Was Used To Authenticate?

Let's say I want to track my root users. Each of them has a unique private key and their public keys have been stored in /root/.ssh/authorized_keys. Given that each user logs in with their unique key how can I tell from within a BASH session which…
PP.
  • 3,316
  • 6
  • 27
  • 31
14
votes
5 answers

Choose identity from ssh-agent by file name

Problem: I have some 20-30 ssh-agent identities. Most servers refuse authentication with Too many failed authentications, as SSH usually won't let me try 20 different keys to log in. At the moment, I am specifying the identity file for every host…
leoluk
  • 531
  • 6
  • 11
12
votes
6 answers

SSH access gateway for many servers

Managing multiple servers, in excess of 90 currently with 3 devops via Ansible. All is working great, however there is a giant security problem right now. Each devop is using their own local ssh key to gain access directly to the servers. Each devop…
John
  • 887
  • 4
  • 15
  • 25
12
votes
1 answer

generating ssh keys with openssl or ssh-keygen

I want to generate an ssh key-pair but i came across with two different ways of doing that.One is using openssl and the other is ssh-keygen. Is there any difference as to the outcome/the final key of those two methods?
giomanda
  • 1,754
  • 4
  • 21
  • 30
12
votes
3 answers

Distribute ssh public keys among hosts

I'm setting up some machines with Ansible and need to enable password less connections between them. I've got a database master and several slaves. For initial replication the slaves need to ssh into the master and get a copy of the database. I'm…
soupdiver
  • 807
  • 2
  • 9
  • 26
12
votes
2 answers

Changing the passphrase of a puttygen private key in Windows

I have a private key in Windows, created by puttygen.exe. I used default options to save it, the tool automatically gave it a .ppk extension, and it looks like this: PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment:…
janos
  • 808
  • 1
  • 6
  • 22
12
votes
1 answer

one ssh key file for multiple machines, instead of pair to single machine?

I am currently implementing key pair login to my server as following: generate key pair from my local laptop: me@macbook:~ $ ssh-keygen -t rsa transfer pub key from laptop to server: me@macbook:$ scp ~/.ssh/id_rsa.pub…
gilzero
  • 439
  • 4
  • 9
  • 20
12
votes
3 answers

How to prioritize explicit ssh key from commandline over ssh-agent keys?

I have a bunch of ssh keys loaded semi-permanently into ssh-agent. ssh-add -L lists 6 keys. I also have other keys which are stored separately; let's say, on a USB stick. I exactly don't want to keep them handy all the time. Let me call one of them…
ulidtko
  • 438
  • 4
  • 13
11
votes
4 answers

How does google compute engine create users and how to disable them?

I've got a CoreOS cluster running on GCE and one issue that I've noticed with all GCE instances is that as long as you're auth'd with the project on Google Cloud platform, you can login in as pretty much anything on the servers. This is an issue for…
Christian Grabowski
  • 559
  • 1
  • 5
  • 18
11
votes
3 answers

SSH key problems: Not a RSA1 key file unknown key type '-----BEGIN'

A backuppc server is able to sign into remote machines as root and backup them up, but if I sign in as the backuppc user and try to ssh into these machines using the same key, the key is rejected with the following debug output: OpenSSH_5.3p1,…
HAL9000
  • 149
  • 1
  • 3
  • 8
11
votes
2 answers

deploy ssh key from master to minion via salt pillars

I have two ssh keys that I'm trying to deploy to one of my minions. But I can't seem to get it to deploy. It errors out. Here is the init.sls in pillars: /xxx/yyy/zzz/id_rsa: file.managed: - source:…
secure212
  • 228
  • 1
  • 3
  • 10
11
votes
2 answers

Can I SSH into my Amazon EC2 server instance if I don't have .pem file from when instance was created?

I am working with some Amazon EC2 servers that are up and running, and I need to SSH into the servers. I don't have any keys that were generated when the servers were first set up (someone else did it long before I got here). Can I still get into…
Eric
  • 1,127
  • 3
  • 13
  • 24
11
votes
2 answers

What to do when someone logged as root on my server

I have a server running Debian 6.0 with logcheck installed. Yesterday ago, I received this message: Jan 19 19:15:10 hostname sshd[28397]: Authentication tried for root with correct key but not from a permitted host…
Ben
  • 213
  • 1
  • 3
1 2 3
52 53