Server Fault
Server Fault

Questions tagged [ssh-keys]

an authorization mechanism for SSH involving public-key cryptography.

SSH keys are an authorization mechanism for SSH involving public-key cryptography. It consists of

  • A private/public key pair generated by a utility like ssh-keygen.
  • A configured (in /etc/ssh/sshd_config) SSH daemon that allows public key authentication.
  • A configured user account that has the public key copied to ~/.ssh/authorized_keys.
815 questions
241
votes
11 answers

"Add correct host key in known_hosts" / multiple ssh host keys per hostname?

Trying to ssh into a computer I control, I'm getting the familiar message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! …
Samuel Edwin Ward
  • 2,593
179
votes
5 answers

What's the difference between authorized_keys and authorized_keys2?

Just wanted a quick summary of the differences between them and why there are two?
Jon
  • 2,151
143
votes
4 answers

What significance does the user/host at the end of an SSH public key file hold?

I can’t figure out why does an SSH public key file generated by ssh-keygen have a user and host at the end of it. Example: id_rsa.pub ssh-rsa ... rest of file ... /CA9gyE8HRhNMG6ZDwyhPBbDfX root@mydomain Notice the root@mydomain at the end of the…
Basil A
  • 2,300
137
votes
4 answers

how do you create an ssh key for another user?

I'm trying to create an ssh key for another user. I'm logged in as root. Can I just edit the files generated by ssh-keygen and change root to the user I want?
user962449
  • 1,497
111
votes
8 answers

Why does my OpenSSH key fingerprint not match the AWS EC2 console keypair fingerprint?

When I import my OpenSSH public key into AWS EC2's keyring the fingerprint that AWS shows doesn't match what I see from: ssh-keygen -l -f my_key It is a different length and has different bytes. Why? I'm sure I uploaded the correct key.
Craig Ringer
  • 11,525
103
votes
1 answer

How do I validate an RSA SSH public key file (id_rsa.pub)?

Is there a command I can use to verify the public key (id_rsa.pub), just the format only. Sometimes I have added a new linebreak, sometimes the file missed the ssh-rsa prefix, so is there a command to validate with?
Ryan
  • 6,271
96
votes
20 answers

What causes SSH error: kex_exchange_identification: Connection closed by remote host?

I setup a SSH server online that is publicly accessible by anyone. Therefore, I get a lot of connections from IPs all over the world. Weirdly, none actually try to authenticate to open a session. I can myself connect and authenticate without any…
soliz
  • 1,061
93
votes
1 answer

SSH Allow Password For One User, Rest Only Allow Public Keys

Is it possible with ssh to allow passwords from a certain user, but deny using passwords for everybody else? Basically I want to allow password auth for user justin but everybody else must use public keys. PasswordAuthentication no Seems to be…
Justin
  • 5,668
78
votes
4 answers

Temporarily disable ssh public key authentication from client

Is there a way to temporarily disable public key authentication when ssh'ing, and use password authentication instead? I currently want to access remote server, but I'm using another laptop, not mine. Browsing that link, I found that the command ssh…
Nsukami _
  • 891
76
votes
8 answers

How to change a SSH host key?

I cloned a server and so they've the same RSA key fingerprint. It seems to be defined in /etc/ssh/ssh_host_rsa_key.pub. What is the correct way to change that? Thanks.
Pascal Polleunus
  • 1,583
75
votes
11 answers

Why is SSH password authentication a security risk?

Most guides for OpenSSH configuration advise to disable password authentication in favor of key-based authentication. But in my opinion password authentication has a significant advantage: an ability to connect from absolutely anywhere without a…
Septagram
  • 967
56
votes
11 answers

Is there an equivalent to ssh-copy-id for Windows?

Is there any equivalent or port of ssh-copy-id available for Windows? That is, is there an easy way to transfer SSH keys from a local machine to a remote server under Windows? In case it helps, I'm using Pageant and Kitty (a Putty alternative)…
Matt V.
  • 837
55
votes
10 answers

Auto accept rsa key fingerprint from command line

I've tried yes | ssh root@10.x.x.x to try to accept the RSA key fingerprint, but am still prompted if I'm sure I want to connect. Is there a way to make this automatic?
VenomFangs
  • 807
55
votes
7 answers

How to get all fingerprints for .ssh/authorized_keys(2) file

Is there a simple way to get a list of all fingerprints entered in the .ssh/authorized_keys || .ssh/authorized_keys2 file? ssh-keygen -l -f .ssh/authorized_keys will only return fingerprint of first line / entry / publickey hack with awk: awk…
childno͡.de
  • 692
45
votes
2 answers

ssh-copy-id specifying which key and without password

I have a public key in a server(host) that I want to transfer to another server(target). The host server has a bunch of keys in .ssh/ folder, i want to copy just one of them to the target server (it's not id_rsa.pub, so lets call…
Lucas Mattos
  • 563
1
2 3
54 55