Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Changing from password auth to keys
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Changing from password auth to keys

skorupionskorupion Member, Host Rep

Im about to fucking scream.
I don't have access to the command ssh-copy-id
I have .pub file on my server
Ubuntu 20.04 LTS
what should i change in my config file and where do i place the .pub file

Comments

  • put content of pub file in the /root/.ssh/authorized_keys file (if you want to login to root) or /home/user_X/.ssh/authorized_keys file (if you want to login to user_X)

  • NeoonNeoon Community Contributor, Veteran

    scp mahkey [email protected]:/root/.ssh/authorized_keys

  • skorupionskorupion Member, Host Rep

    @Andrews said:
    put content of pub file in the /root/.ssh/authorized_keys file (if you want to login to root) or /home/user_X/.ssh/authorized_keys file (if you want to login to user_X)

    THANK YOU SO MUCH.

  • Any good projects that generate and manage a small fleet of keys?

  • @jugganuts said:
    Any good projects that generate and manage a small fleet of keys?

    putty & puttygen

    Thanked by 1AndrewL64
  • Daniel15Daniel15 Veteran
    edited October 2021

    @jugganuts said:
    Any good projects that generate and manage a small fleet of keys?

    You can use the same key on each server. Just make sure it's secure (either Ed25519 or 4096-bit RSA, and password protected). The server only has the public key on it, which is safe to share. It's the private key (on your client side) that you need to keep secure.

    I use one key per client device (one for my desktop PC, one for my tablet, one for my phone, etc, and one for Ansible). Occasionally "important" servers also use a separate key per device.

  • Telnet > ssh
    Less overhead = faster and more performant access to your terminal.

    ssh is bloat

  • @duckeeyuck said:
    Telnet > ssh
    Less overhead = faster and more performant access to your terminal.

    ssh is bloat

    Telnet isn't encrypted. More performant command line? Wut? If you're needing the performance difference between telnet and ssh for typing commands, you need a better server.

  • @duckeeyuck said:
    ssh is bloat

    Well, this is not something I expected to read on LET.

  • raindog308raindog308 Administrator, Veteran

    @Andrews said: put content of pub file in the /root/.ssh/authorized_keys file (if you want to login to root) or /home/user_X/.ssh/authorized_keys file (if you want to login to user_X)

    Not quite - you missed quite a few potential pitfalls. If the user is user_X:

    # make sure .ssh dir exists
    [ ! -d ~user_X/.ssh ] && mkdir ~user_X/.ssh
    
    # .ssh dir must be owned by user
    chown user_X:user_X ~user_X/.ssh
    
    # .ssh dir must be mode 700
    chmod 700 ~user_X/.ssh
    
    Put the key in ~user_X/.ssh/authorized_keys
    
    # .ssh/authorized_keys must be owned by user
    chown user_X:user_X ~user_X/.ssh/authorized_keys
    
    # .ssh/authorized_keys must be mode 600
    chmod 600 ~user_X/.ssh/authorized_keys
    
  • On my LXC machine I couldn't connect using my public key before I had also changed sshd_config to "PubkeyAuthentication yes". I read somewhere that you shouldn't have to change sshd_config and pub key is accepted by default, but on that LXC install it didn't work before I also updated sshd_config to accept public keys.

  • @raindog308 said:

    @Andrews said: put content of pub file in the /root/.ssh/authorized_keys file (if you want to login to root) or /home/user_X/.ssh/authorized_keys file (if you want to login to user_X)

    Not quite - you missed quite a few potential pitfalls. If the user is user_X:

    > # make sure .ssh dir exists
    > [ ! -d ~user_X/.ssh ] && mkdir ~user_X/.ssh
    > 
    > # .ssh dir must be owned by user
    > chown user_X:user_X ~user_X/.ssh
    > 
    > # .ssh dir must be mode 700
    > chmod 700 ~user_X/.ssh
    > 
    > Put the key in ~user_X/.ssh/authorized_keys
    > 
    > # .ssh/authorized_keys must be owned by user
    > chown user_X:user_X ~user_X/.ssh/authorized_keys
    > 
    > # .ssh/authorized_keys must be mode 600
    > chmod 600 ~user_X/.ssh/authorized_keys
    > 

    relax, it was a quick, high-level instruction for an inteligent human being (able to create folder and file if it does not exist yet), not a full script for a dumb bot

    and OP succeeded and solved his problem and moved on

    asap, not 2 days later

    btw. ssh server daemon is intelligent enough to articulate if he does not like permission/ownership of key files (especially private one), no need to overengineering everything :D

  • TimboJonesTimboJones Member
    edited October 2021

    @raindog308 said:

    @Andrews said: put content of pub file in the /root/.ssh/authorized_keys file (if you want to login to root) or /home/user_X/.ssh/authorized_keys file (if you want to login to user_X)

    Not quite - you missed quite a few potential pitfalls. If the user is user_X:

    > # make sure .ssh dir exists
    > [ ! -d ~user_X/.ssh ] && mkdir ~user_X/.ssh
    > 
    > # .ssh dir must be owned by user
    > chown user_X:user_X ~user_X/.ssh
    > 
    > # .ssh dir must be mode 700
    > chmod 700 ~user_X/.ssh
    > 
    > Put the key in ~user_X/.ssh/authorized_keys
    > 
    > # .ssh/authorized_keys must be owned by user
    > chown user_X:user_X ~user_X/.ssh/authorized_keys
    > 
    > # .ssh/authorized_keys must be mode 600
    > chmod 600 ~user_X/.ssh/authorized_keys
    > 

    You should turn user_X into a variable you set at the top if it's intended for newbie copy and paste. So many people just got errors about "user_X" path not existing.

    Thanked by 1raindog308
Sign In or Register to comment.