Re: Issues with SSH pubkey authentication at remote server

To: debian-user@lists.debian.org
Subject: Re: Issues with SSH pubkey authentication at remote server
From: Dan Purgert <dan@djph.net>
Date: Mon, 26 Sep 2016 15:26:44 -0000 (UTC)
Message-id: <[🔎] slrnnuifef.3fv.dan@xps-linux.djph.net>
References: <[🔎] efa75800-66c8-2528-6ed0-0bbc197da8c5@secure.mailbox.org> <[🔎] CAH6Gj5F+B3vhuxZYY0O1e+6VCfHooXjYvUU+EmyNnNf4W5SAQg@mail.gmail.com> <[🔎] slrnnui37b.s7s.dan@xps-linux.djph.net> <[🔎] 947698d8-87e1-c9af-9c39-71e8f41291d8@secure.mailbox.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Stephan Beck wrote:
> Dan Purgert:
>> Mark Fletcher wrote:
>>> If I'm reading the above right, it looks like the server is offering an
>>> rsa key to authenticate itself, but won't accept rsa to authenticate the
>>> client. Which is a bit cheeky.
>> 
>>> You may need a key created with a stronger method, such as ecdsa or
>>> ed25519.
>> 
>> Could even be as simple as he sent a /different/ key across (e.g. he
>> sent "home-key.pub", which corresponds to "home-key_rsa" rather than
>> "id_rsa").
>> 
> No. I wrote that I /checked/ the public key copied to the server after
> having copied it to the server's ~/.ssh directory. I edited it with a
> text editor and compared it with the one I have in local ~/.ssh
>

I think you misunderstood what I was saying.  I was supposing that you
copied a valid (yet "incorrect") key to the remote server, or tried to
authenticate with the wrong private key.

For example, I have in my user's .ssh/ directory:

id_rsa -> symlink to home_lan_rsa
VPS_id_rsa -> private key for uploading to a VPS
home_lan_rsa -> private key for use on my LAN.

Assuming that I copied the right public key to the VPS, if I run the
command "ssh me@vps", it'll fail, because ssh by default tries to
authenticate with "id_rsa". _FIX:_ change the ssh command to "ssh -i
.ssh/VPS_id_rsa me@vps"

Assuming that I copied the wrong public key to one of my "home" devices,
the command "ssh me@lan_host" would fail because "id_rsa" isn't the
proper private key for the VPS_id. _FIX:_ correct .ssh/authorized_keys
on the remote host.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX6T3PAAoJEI4R3fMSeaKBDqQIAIkzsa0AGnbUre0ZD41rdxAX
Q7EmSG1IyTPwmU9OwNH7ol8ZlzUgEhroZQZCzYQYDNj1ojcjyzO1i85AfM5oHHME
bsCcjD/IEz1z4v/Os/6sx8jdJ46Oi/VBetdCY1sMjH1uICE2bWqR+R0D3rii9zUc
pF/R6H2obJYl+8fxha0yBcghgscaZNOLSq2mgON+Y1xkYJ7lHdqGajsN0BdRq/GG
XptMECk2k1M27BODAi1bov8YxQGYxNsVjsLCUxUPr5g5XuZYhWGWSteV5aO2Cz9H
v02g1Kg9LWslk0kX75BbKh8bBywGJ8c2MHnyodLDsIVWLseCekoChtmOj7XUFFI=
=m+bN
-----END PGP SIGNATURE-----

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

Follow-Ups:
- Re: Issues with SSH pubkey authentication at remote server
  - From: Stephan Beck <sbeck@secure.mailbox.org>

References:
- Issues with SSH pubkey authentication at remote server
  - From: Stephan Beck <sbeck@secure.mailbox.org>
- Re: Issues with SSH pubkey authentication at remote server
  - From: Mark Fletcher <mark27q1@gmail.com>
- Re: Issues with SSH pubkey authentication at remote server
  - From: Dan Purgert <dan@djph.net>
- Re: Issues with SSH pubkey authentication at remote server
  - From: Stephan Beck <sbeck@secure.mailbox.org>

Prev by Date: Re: Issues with SSH pubkey authentication at remote server
Next by Date: Substring search in dash [ _NOT_ bash ] shell
Previous by thread: Re: Issues with SSH pubkey authentication at remote server
Next by thread: Re: Issues with SSH pubkey authentication at remote server
Index(es):
- Date
- Thread