115
votes
Specifying an IdentityFile with SSH
If you are able to successfully use keypair authentication with ssh -i ~/.ssh/mykey user@host, you can easily automate this with your SSH client configuration.
For example, if you add this to your ~/....
- 79.2k
58
votes
ssh error while logging in using private key "loaded pubkey invalid format" and "error in libcrypto"?
In my case I had copied the keyfile using the clipboard, which had created a similar file but without terminating newline. That was enough to trip up libcrypto. Opening the file in vim and :wq closing ...
- 731
48
votes
How to avoid being asked passphrase each time I push to Bitbucket
Create (or edit if it exists) the following ~/.ssh/config file:
Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsa
- 581
41
votes
ssh error while logging in using private key "loaded pubkey invalid format" and "error in libcrypto"?
ERROR: load pubkey "id_rsa": invalid format
It happens when public key is used in ~/.ssh/config instead of using private key.
- 973
39
votes
how to append public keys to remote host instead of copy it
You can also use ssh-copy-id, which is a tool to do exactly what you want: add one or more keys to the authorized_keys of a remote system.
- 1,320
29
votes
Accepted
Is it possible to have 2 ports open on SSH with 2 different authentication schemes?
So, it turns out the answer was actually way, way simpler than I thought it would be.
I do however have to thank '@jeff schaller' for his comments, if it hadn't of been for him I wouldn't have ...
- 471
25
votes
Accepted
Unable to login with SSH-RSA key
You will get this behaviour if the file mode of the user's home directory on the destination host is not set correctly. It's not just the mode of the .ssh directory that has to be correctly set!
ssh ...
- 366
24
votes
How to list keys added to ssh-agent with ssh-add?
Surprisingly the MacOS version of ssh-add at some point stopped showing the filename's as with the Linux variant. I wrote this script which does the same for fingerprints that have a corresponding ...
slm♦
- 380k
24
votes
Authentication refused: bad ownership or modes for directory /root
Well, I should really thank @jeff-schaller, it was broken ownership of folder. I've done
chown root /root
chown root /root/.ssh
And from there it worked flawlessly.
- 663
19
votes
How to login with ssh as a specific user?
The ssh keys are not personalized, so you can create the key under your user and then just paste your public key to the target user's authorized_keys on the remote server.
Thus, if you have key ...
- 361
19
votes
Accepted
What is the difference between /etc/ssh/ and ~/.ssh?
/etc/ssh provides configuration for the system: default configuration for users (/etc/ssh/ssh_config), and configuration for the daemon (/etc/ssh/sshd_config). The various host files in /etc/ssh are ...
- 481k
19
votes
Accepted
Sharing SSH Keys to login?
SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa), and the public key (~/.ssh/id_rsa.pub). The secret key can be used to prove who you are (or at least that you hold that ...
- 148k
18
votes
ssh error while logging in using private key "loaded pubkey invalid format" and "error in libcrypto"?
I fixed the Load key "id_rsa": error in libcrypto error by adding an LF
control character (new line) at the end of the last line -----END OPENSSH PRIVATE KEY----- of the .pem file.
Before (...
- 5,547
16
votes
Accepted
Read key properties
Based on the question tags, I’m assuming you’re asking about SSH keys.
For public keys, you can ask ssh-keygen:
ssh-keygen -lf /path/to/key.pub
This will show you the key type (at the end of the ...
- 481k
15
votes
How to enable diffie-hellman-group1-sha1 key exchange on Debian 8.0?
problem01:
“Unable to negotiate with xxxx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1”
solution01:
vim ~/.ssh/config and adding:
...
- 279
15
votes
Error: GPG check FAILED when upgrading system using dnf in Fedora
Use this command to solve this: dnf update --nogpgcheck
12
votes
How to enable diffie-hellman-group1-sha1 key exchange on Debian 8.0?
I was also facing the same issue but resolved it by executing below command. You can do it without restarting SSH server-
Problem:
ssh [email protected]
protocol identification string lack carriage ...
- 697
12
votes
Accepted
how to append public keys to remote host instead of copy it
Use ssh together with tee -a file:
< /root/.ssh/authorized_keys sshpass -p "$pass" ssh root@"$remote_host" "tee -a ~/.ssh/authorized_keys"
or ssh with cat >> ...
- 23.2k
10
votes
dropbear ssh server won't let me connect
Short answer: You are probably running OpenWrt, and you need to put your public key in /etc/dropbear/authorized_keys instead of /root/.ssh/authorized_keys.
Long answer:
The GitHub repo you point to ...
- 1,216
9
votes
How to force ssh client to use only password auth?
This is mentioned in a comment above, but I think it deserves to be its own answer.
For people receiving the Permission denied (publickey) error despite the other solutions here, the problem is likely ...
- 191
9
votes
Can I ssh via public key if there is no home directory on the remote system?
Assuming your username is testssh:
create /etc/ssh/authorized_keys_testssh and put your key there
add the following in /etc/ssh/sshd_config:
Match User testssh
AuthorizedKeysFile /etc/ssh/...
- 2,179
9
votes
Accepted
sudo authentication when using SSH key auth with Keepass+Putty
If you can use SSH agent forwarding, there actually is a way: pam_ssh_agent_auth.so (source here) is a PAM module that can do what you ask. It's available in Debian and Ubuntu as package libpam-ssh-...
- 114k
8
votes
SSH asking for passphrase on public key with no passphrase set
We had this problem, and it was a cut-and-paste error. A single % symbol had been added to the end of the key file (so the last line was -----END RSA PRIVATE KEY-----% ). There was no error or debug ...
- 436
8
votes
How to verify that ssh certificate was signed by specified ssh CA private key?
To remotely obtain ssh host certificate(s), you can use ssh-keyscan -c <hostname> (without the -c option, you will only get the host key(s)). To limit to a specific certificate type, you can ...
- 506
8
votes
Accepted
Add an SSH key on boot
You can add ssh key file using ssh config.
Here is default for all users /etc/ssh/ssh_config
Here is for current user ~/.ssh/config
Example of current user ssh config per host:
## Home nas server #...
- 371
8
votes
Is it possible to have 2 ports open on SSH with 2 different authentication schemes?
1.2.* - matches on anyone in the local net using any address assigned to the SSH server that's in the 16 bit net mask for the server EG: '[email protected]'
Careful! Pattern matching in .ssh/config is ...
- 161
8
votes
Accepted
What can I determine about my public key on host server?
You cannot determine anything about the public key. Your connection is blocked by a firewall.
SSH's debugging output won't help you diagnose firewall issues: they happen at a level below TCP. It could ...
7
votes
Why am I still getting a password prompt with ssh with public key authentication?
If both the private key and the username/password authentication methods are accepted by the server, and then if the private key fails, it will simply fall back to prompting for a username/password ...
- 243
7
votes
Accepted
Best way to distribute user's public SSH key to many hosts?
There are a bunch of ways to do this, especially if you're on recent versions of OpenSSH. Remember also that you need more than a way to add them, you need a way to remove them (and quickly—consider ...
- 113k
Only top scored, non community-wiki answers of a minimum length are eligible