69
votes
Accepted
Why do portions of SSH public (and private) keys overlap?
The string is base64 encoded. When decoded, it produces the string \0\0\0\vssh-ed25519\0. This identifies the type of the key. In this case an EdDSA key.
- 13.7k
39
votes
how to append public keys to remote host instead of copy it
You can also use ssh-copy-id, which is a tool to do exactly what you want: add one or more keys to the authorized_keys of a remote system.
- 1,320
28
votes
Accepted
How to compare different SSH fingerprint (public key hash) formats?
ssh
# ssh -o "FingerprintHash sha256" testhost
The authenticity of host 'testhost (256.257.258.259)' can't be established.
ECDSA key fingerprint is SHA256:pYYzsM9jP1Gwn1K9xXjKL2t0HLrasCxBQdvg/mNkuLg.
...
- 94.5k
28
votes
sign_and_send_pubkey: signing failed for RSA key; from agent: agent refused operation
Make sure the permissions of the key directory and keys are correct on the client.
The ~/.ssh directory should only have execute, read and write permissions for the user. If not then change them:
User ...
- 401
21
votes
Accepted
Add key to authorized_users without needing to restart sshd
Is the restart of sshd needed?
Not usually. Linux distributions usually ship with a default configuration that allows public key authentication, so you usually don't even have to edit configuration to ...
- 4,729
13
votes
Convert OpenSSH private key into SSH2 private key
ssh-keygen will not export a private key in pem format, but it will convert an existing openssh private key to pem format, overwriting the original. All you have to do is edit the password.
The ...
- 141
12
votes
Accepted
how to append public keys to remote host instead of copy it
Use ssh together with tee -a file:
< /root/.ssh/authorized_keys sshpass -p "$pass" ssh root@"$remote_host" "tee -a ~/.ssh/authorized_keys"
or ssh with cat >> ...
- 23.2k
9
votes
Converting SSH2 RSA Private Key to .pem using openssl
ssh-keygen -p can convert between SSH2 and PEM formats:
-m key_format
Specify a key format for key generation, the -i (import),
-e (export) conversion options, and the -p change
...
- 1,615
9
votes
Accepted
How to verify fingerprint of Dropbear RSA host key?
Locate the host key file on the server:
me@server:~$ ls /etc/dropbear/
authorized_keys config dropbear_rsa_host_key
Use dropbearkey to get the public key portion and fingerprint of that host key:
...
- 3,554
8
votes
How to compare different SSH fingerprint (public key hash) formats?
Only answering how to view local keys, which is also visible on the other answer but could be missed. On Ubuntu 19.04 version at least, SHA256 is the default format for ssh-keygen:
$ ssh-keygen -lf ~/....
- 489
6
votes
sign_and_send_pubkey: signing failed for RSA key; from agent: agent refused operation
When the issue is not access rights below ~/.ssh (as your detailed listing indicates), another option might be that the authentication agent is somehow hanging.
Since the authentication daemon should ...
- 161
5
votes
Accepted
What does `ssh-keygen -r` do if a public key is not specified?
ssh-keygen -r generates a SSHFP record. That's something you put in a DNS entry to say indicate the host key corresponding to a host name. This allows someone who wants to log into your machine to ...
4
votes
show values of an ed22519 private key stored in OpenSSH format
TL;DR: you can't convert to OpenSSL
UPDATED 2021-02: You can't convert an OpenSSH ed25519 key to a form supported by OpenSSL. At the date of the Q and original A, OpenSSL didn't support any stored ...
- 4,483
3
votes
Add key to authorized_users without needing to restart sshd
The best way is to use
ssh-copyid [email protected]
Where N is the IP address
OR
ssh-copyid user@fqdn
where fqdn is the Fully Qualified Domain Name (eg server.domain.com)
This does not require any ...
- 107
3
votes
Accepted
Generate hashed name for SSH known_hosts
If you want to change the hostname for an existing hashed host, edit your known_hosts file, replacing the hashed hostname with the plaintext hostname you wish associated with that key, and rehash the ...
- 9,405
3
votes
Accepted
After setting up ssh-keys, how can I ssh into the server such that the key-pair will be ignored?
You can turn off public key authentication on a per-connection basis (and also disable connection sharing so that the new session does not connect over an already established one) via:
$ ssh -o ...
- 35.8k
3
votes
Accepted
How to copy public key to the server that doesn't allow password?
If the new server only supports key authentication, you've jumped the gun as stated by @dr01.
Assuming your new server still allows password connections, the only "key exchange" that seems possible ...
- 641
3
votes
Accepted
Trouble accessing remote server with public key
there is a confusion
ssh -vv -i .ssh/authorized_keys -o PasswordAuthentication=no [email protected]
authorized_keys is a list of public keys you allow to connect.
this file should be set on server ...
- 32.3k
3
votes
Accepted
How to generate keys after creating user with adduser --disabled-password
Make sure your key is added to /home/normaluser/.ssh/authorized_keys
Authorized keys are per user, meaning that just because a key can be used to log into another user doesn't mean you can use it to ...
- 46
3
votes
Accepted
ssh-keygen 9.9p1 created PKCS#1 encrypted RSA private key fails to use available 3DES encryption - uses aes-128-cbc instead
Use openssl pkey -traditional to make it output a PKCS#1/PEM format file. Add an option for the cipher of choice (if it needs to be encrypted in the first place – Cisco IOS is going to decrypt it upon ...
- 15.2k
2
votes
Accepted
Linux: How do I upgrade ssh-keygen?
There are two Debian-style ways to upgrade ssh-keygen, since openssh-client isn’t available in the Debian 8 backports.
The first is to upgrade to Debian 9, since that has a new enough openssh-client ...
- 481k
2
votes
Linux: How do I upgrade ssh-keygen?
To use a version of an open-source tool newer than that provided by your package manager, download the source code from the upstream source (in this case, openssh.com), together with any required ...
- 9,405
2
votes
Linux: How do I upgrade ssh-keygen?
You can't upgrade parts of a package (in this case a single file). You would need to upgrade the entire openssh-client package, and (at the moment) no new version of that exists in Debian backports, ...
2
votes
Accepted
Give default path for id_rsa in a shell script
From man ssh-keygen:
SYNOPSIS
ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
You'll want to do something ...
- 114k
2
votes
How can the, encrypted with AES, and BASE64 encoded, SSH private key, have size smaller than specified?
RSA key lengths are specified in bits, not bytes. Your bit RSA key has a modulus of length 8192 bits, i.e. 1024 bytes.
- 13.7k
2
votes
Accepted
Add additional key pair for authentication
One of the most common issues I see when people try to set up key based authentication is that they forget to add the public half of the keypair to the authorized_keys file.
On server.example.com you ...
- 5,085
2
votes
SSH keys that can be used only in one machine
You can, if the remote uses the usual authorized_keys files.
The sshd(8) man page describes the authorized_keys file format. There are a number of options that can be used in the file, one of them is ...
- 148k
2
votes
How to create .pem file - full process
I would suggest to do this the other way around.
There is no need to have the private key lying around on the remote computer.
Generate the key-pair on your local machine:
ssh-keygen -f .ssh/somekey -...
- 2,894
Only top scored, non community-wiki answers of a minimum length are eligible