Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssh-keys]

an authorization mechanism for SSH involving public-key cryptography.

SSH keys are an authorization mechanism for SSH involving public-key cryptography. It consists of

  • A private/public key pair generated by a utility like ssh-keygen.
  • A configured (in /etc/ssh/sshd_config) SSH daemon that allows public key authentication.
  • A configured user account that has the public key copied to ~/.ssh/authorized_keys.
792 questions
11
votes
4 answers

SSH: one authorized_keys for multiple service accounts

Is there a way to configure SSH to check a single authorized_keys file for multiple users? I know I can copy the public key into each user's authorized_keys file but for ease of management I'd like an additional authorized_keys file for the…
ctlq
  • 141
  • 1
  • 1
  • 5
11
votes
2 answers

ssh how to allow a very limited user with no home to login with pubkey

I have a very restricted user in my ssh server created with --no-create-home and --shell /bin/false. I know I can define authorized_keys file in sshd_configs for the user's public key. But how can I allow public key authentication for this user…
Mojtaba Rezaeian
  • 451
  • 5
  • 14
10
votes
3 answers

SFTP with chroot depending on public key of connecting user

I want to build a server (running Debian or FreeBSD) that receives backups from different clients via sshfs. Each client should be able to read and write its own backup data, but not the data of any of the other clients. I had the following idea:…
Xykon42
  • 103
  • 1
  • 6
10
votes
2 answers

Method to deprecate SSH key Pair locally

I've using my ssh-keys for a while. I'm thinking about to upgrade my ssh key pair to a stronger encryption and i dont know all devices where my keys are registered. Is it posible to "deprecate" a SSH Key locally so, that I receive a warning if I…
tim0_o
  • 133
  • 6
10
votes
2 answers

SSH: Safe for client to host private RSA key?

Is it safe to generate a public/private key pair on the server, add the public key to the authorized_keys list, and then copy the private key to each client, as described here (http://www.rebol.com/docs/ssh-auto-login.html) Assuming you maintain…
user345807
  • 101
  • 4
10
votes
1 answer

SSH_ORIGINAL_COMMAND variable not getting set

I am working with two servers, both of which run FreeBSD 8.4-RELEASE-p1 and OpenSSH_6.1p1. Both servers' ssh_config files, located in /etc/ssh, are identical. Both servers are configured to allow users to remote into a jailed environment using…
dtg
  • 201
  • 2
  • 3
10
votes
3 answers

Is there any reason to use fail2ban with SSH password logins disabled?

I am setting up an Ubuntu server hosted by Linode. I am stepping through their security guide and they recommend installing fail2ban after disabling password based SSH logins. I don't see the point in installing fail2ban if dictionary attacks are…
dbasch
  • 407
  • 1
  • 5
  • 12
10
votes
2 answers

Which is the maximum number of keys in authorized_keys file?

I'm developing a solution which inserts a big number of SSH-keys into the authorized keys files of my SSH-server. Does anyone know the limit of keys that you can insert into that file? Are we talking about a hundred, thousand or tens of thousands?…
enedebe
  • 1,066
  • 3
  • 11
  • 18
10
votes
2 answers

ssh-keyscan - still promoted with The authenticity of host '[hostname] ([IP address])' can't be established

I am scripting a remote rsync setup, and need to add a remote server to the local known_hosts file to avoid getting prompted wit the below when the script is first ran: The authenticity of host '[hostname] ([IP address])' can't be established. RSA…
morleyc
  • 1,150
  • 13
  • 47
  • 89
10
votes
3 answers

Process to move SSH server keys to new server

Going to be moving a server to new hardware in a new datacenter soon, and of course this means a new IP. What is the correct process (if at all) to move the SSH keys from the original server to the new one so that connecting clients don't get any…
Daniel Huckstep
  • 539
  • 2
  • 8
  • 19
9
votes
6 answers

Manage SSH keys

We have around 2500 Linux servers. We have a Jumpstart server, from which we can SSH to any server for system administrator related tasks. We have deployed a single private key and have deployed the matching public key to all servers, but this is a…
Akshay
  • 123
  • 1
  • 2
  • 5
9
votes
3 answers

How to use OpenSSH certificates on Windows?

OpenSSH supports signing user keys with a certificate authority. From man ssh-keygen: ssh-keygen supports signing of keys to produce certificates that may be used for user or host authentication. Certificates consist of a public key, some identity…
Stephane Martin
  • 227
  • 1
  • 2
  • 9
9
votes
1 answer

ssh - retrieve public key from ssh-agent

I am searching for a way to extract the public key from the authentication agent. I want to be able to write the public key out into a file, after i added the key to the ssh-agent (ssh-add ~/.ssh/id_rsa). ssh-add -l displays the fingerprint for me,…
scones
  • 232
  • 3
  • 11
9
votes
1 answer

How to disable ALL authentication in sshd?

Here's a question that I have found absolutely no answers for: how can you configure sshd so that anybody can freely SSH into the box without password or key authentication? The objective is to allow anybody to run "ssh user@host" and get into the…
trinth
  • 230
  • 2
  • 6
9
votes
1 answer

Is it possible to authenticate to Sonatype Nexus via ssh keys

Is it possible to authenticate to Sonatype Nexus via ssh keys or any other method that does not require user password in maven settings.xml? I know there are user generated tokens in Sonatype Nexus Professional but we have regular Nexus.
Andrzej Rehmann
  • 191
  • 4
1 2 3
52 53