78 votes
Temporarily disable ssh public key authentication from client
If you want to bypass key authentication when logging to the server, just run: ssh -o PubkeyAuthentication=no user@host
- 891
74 votes
Auto accept rsa key fingerprint from command line
OpenSSH 7.6 has introduced new StrictHostKeyChecking=accept-new setting for exactly this purpose: ssh(1): expand the StrictHostKeyChecking option with two new settings. The first "accept-new" will ...
- 847
61 votes
Accepted
ssh-copy-id specifying which key and without password
You can pass ssh options with -o: ssh-copy-id -i mykey.rsa.pub -o "IdentityFile hostkey.rsa" user@target
- 726
49 votes
Accepted
openssh - Adding an ssh key from putty to authorized_keys
This is possible using the ssh-keygen utility: ssh-keygen -i -f ssh2.pub > openssh.pub Where ssh2.pub is your existing ssh2 key and openssh.pub will be the key in openssh format. If you just want ...
- 606
41 votes
Accepted
What causes SSH error: kex_exchange_identification: Connection closed by remote host?
Weirdly, none actually try to authenticate to open a session. Some spiders and services like Shodan scans public ipv4 addresses for open services, e.g. salt masters, ftp servers, RDPs, and also SSH ...
- 2,898
37 votes
Have a system that expires SSH keys every 90th day
The customer is wrong here and does not understand what they're talking about. Changing the passphrase on a private key is a very bad idea, because it has very counter-intuitive security properties. ...
36 votes
Load key "privkey.ppk" invalid format
This key is generated by PuTTYgen software. To use it in linux you should start PuTTYgen, load the key (File->Load private key) and then export it as OpenSSH key ( Conversions->Export OpenSSH key)
- 6,685
25 votes
Accepted
How to generate host SSH keys via ansible?
As far as I know the only reason why you would need to pipe a 'y' to ssh-keygen, is if your command is replacing an existing file. In my opinion this is not a good way to do something from a ...
- 134k
25 votes
Restricting a ssh key to only allow rsync/file transfer?
rrsync is designed to be used as a forced command for a particular key, so it should be exactly what you want. A forced command is set up using the command option for a key in an authorized keys file ...
24 votes
Accepted
SSH access gateway for many servers
That's too complicated (checking if a key has access to a specific prod server). Use the gateway server as jump host that accepts every valid key (but can easily remove access for a specific key ...
- 101k
21 votes
Putting RSA keys into azure key vault
The previous answer by Shengbao Shui shows the command to store a secret using the Azure CLI 1.0 (Node). For Azure CLI 2.0 (Python) use the following syntax: Set / Store Key: az keyvault secret set -...
- 506
21 votes
Accepted
How do I prevent users from messing with their own .ssh folder?
Short answer is you can't. SSH is very picky about permissions and will not play with files it doesn't like the look of. Further, the users ssh_config is parsed before the system-wide config. Having ...
- 23.9k
20 votes
How to make in SSH private key from one line, three lines
I would personally base64-encode the key, store it, then base64 decode it when you need it. Encode: echo "-----BEGIN RSA PRIVATE KEY----- my_super_secret_password -----END RSA PRIVATE KEY-----" | ...
- 9,820
20 votes
Accepted
Load key "privkey.ppk" invalid format
My PPK was in putty PPK format I had to convert into OpenSSH format. I converted .ppk to OpenSSH using this answer, now I'm able to connect. puttygen id_dsa.ppk -O public-openssh -o id_dsa.pub
19 votes
Add authentication keys to dropbear ssh?
Pretty old question, but in case someone has same problem. You just need to put authorized_keys file into /etc/dropbear folder (in my case on Ugoos AM3 with Entware it was /opt/etc/dropbear). Don't ...
- 191
19 votes
Have a system that expires SSH keys every 90th day
The answer to your first question: "Is it possible to change the password on an existing SSH key?" is yes. With openssh that is as simple as ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f ...
- 85.1k
17 votes
Turn off strict checking of ssh keys
The problem is that ssh presumes a 1-to-1 mapping between IP addresses and hosts. We need to break that mapping only for the IP addresses of your cloud servers. The Solution Add the following stanza ...
- 270
17 votes
ssh how to allow a very limited user with no home to login with pubkey
diya has already explained that you could change to AuthorizedKeysCommand for retrieving the public key of a user. However, it's probably easier for you to place the authorized_keys file somewhere ...
- 972
17 votes
How do I prevent users from messing with their own .ssh folder?
It is hard to protect users from their own ignorance and incompetence. But depending on how much you need to allow your users to manage themselves and how much you manage for them: you can configure ...
- 85.1k
16 votes
Unable to ssh to GCE: "Permission denied (publickey)"
I faced the same situation because of the user. On google web shh my user name was showing something first part of my email. So, I was trying ssh like this ssh <first_part_of_gmail>@...
- 271
14 votes
How to ssh-copy-id through a jump-host? Something similar to the -J option with ssh command
Have you tried defining the jump connection in ~/.ssh/config and then attempting the ssh-copy-id? I seem to recall doing something like that a few years ago to work around not being able to use the ...
- 171
13 votes
Accepted
SSH authentication sequence and key files : explain
The following answer explains the files needed to prepare for ssh authentication using public-private key pairs ("Public Key Infrastructure" or "PKI"), and how those files are used during an actual ...
- 291
13 votes
SSH keys: ed25519 vs RSA performance demystified
The cipher/algorithm used for ssh keys is independent of the algorithm/ciphers used for encrypting the session/connection. So a faster key algorithm will only speed up operations relating to key ...
- 253
13 votes
ssh how to allow a very limited user with no home to login with pubkey
The alternative to a file with public keys is the openssh server directive AuthorizedKeysCommand which allows you to configure your sshd daemon to run a specific helper program to retrieve the public ...
- 1,929
12 votes
Unable to ssh to GCE: "Permission denied (publickey)"
Make sure you don't have OS Login enabled. Docs read: If you manage your SSH keys by using OS Login on instances, metadata-based SSH key configurations on those instances are disabled and Caution: ...
- 221
12 votes
What causes SSH error: kex_exchange_identification: Connection closed by remote host?
I've just had this exact issue, and the cause was that I had a port translation happening internally to the load balancer, meaning that my ssh connections were reaching the host on port 80 instead of ...
- 335
12 votes
Accepted
How to prioritize explicit ssh key from commandline over ssh-agent keys?
IdentitiesOnly=yes is probably an appropriate option.That is, using only the specified Identities. ssh -i /path/to/square.key -o IdentitiesOnly=yes remote.server.net or Host remote.server.net ...
- 236
11 votes
SSH Public Key Format
This is the complete, correct answer: ssh-keygen -i -m PKCS8 -f public-key.pem
- 245
11 votes
SSH access gateway for many servers
Engineers should not be running ansible directly from their laptop, unless this is a dev/test environment. Instead, have a central server that pulls the runbooks from git. This allows for additional ...
- 1,349
11 votes
How to prioritize explicit ssh key from commandline over ssh-agent keys?
One workaround is to pass IdentityAgent=none, either on the same commandline: ssh -i /path/to/square.key -o IdentityAgent=none remote.server.net or equivalently, via the ~/.ssh/config: Host remote....
- 507
Only top scored, non community-wiki answers of a minimum length are eligible
Related Tags
ssh-keys × 818ssh × 622
linux × 130
ubuntu × 66
amazon-ec2 × 50
public-key × 47
ssh-agent × 47
ssh-keygen × 44
amazon-web-services × 38
security × 37
google-cloud-platform × 36 authentication × 33
google-compute-engine × 32 ssh-tunnel × 32
centos × 30
git × 30
rsa × 24
debian × 21
ansible × 21
rsync × 18
putty × 18
windows × 17
private-key × 16
sftp × 15
password × 13