SSH/Public Key Authentication: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 58: Line 58:
# [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
# [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
</syntaxhighlight>
</syntaxhighlight>
==EdDSA==
ssh-keygen -t ed25519 -C "[email protected]"
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
==Too Many Auth==
{|
|valign="top"|
'''too many authentication failures issue'''
ssh -o PreferredAuthentications=password ${USER}@academia.local
ssh -o IdentityAgent=none ${USER}@academia.local
ssh -o IdentitiesOnly=yes ${USER}@academia.local
|valign="top"|
Host *.local
      IdentityAgent none
      IdentitiesOnly yes
      PreferredAuthentications password
|valign="top"|
Host 10.19.83.*
      IdentityAgent none
      IdentitiesOnly yes
      PreferredAuthentications password
|}


== References==
== References==
* [https://serverfault.com/questions/1159599/ SSH server » Ubuntu » Change the default port]
* [https://gist.github.com/shahedhossain/73adbb5d812786875705a26c0c174928 Fedora SSH Client Public Key Authentication]
* [https://gist.github.com/shahedhossain/73adbb5d812786875705a26c0c174928 Fedora SSH Client Public Key Authentication]
* [https://goteleport.com/blog/comparing-ssh-keys/ SSH Keys » RSA, DSA, ECDSA vs EdDSA]
* [https://www.raspberrypi.org/documentation/remote-access/ssh/passwordless.md Raspberry Pi Public Key Authentication]
* [https://www.raspberrypi.org/documentation/remote-access/ssh/passwordless.md Raspberry Pi Public Key Authentication]
* [[Bastion SSH Tunneling]]

Latest revision as of 11:52, 1 November 2024

#################### CLIENT SIDE ####################
# generating a new ssh key and adding it to the ssh client
# https://gist.github.com/shahedhossain/7d91028ba1eb9c56049ea421a12e76fd

# ssh key generation for chorke
ssh-keygen -t rsa -b 4096 -C "[email protected]"
# Generating public/private rsa key pair.
# Enter a file in which to save the key (/Users/user/.ssh/id_rsa): [Press enter]
# Enter passphrase (empty for no passphrase): [Type a passphrase]
# Enter same passphrase again: [Type passphrase again]

# rpi_chorke_rsa add to ~/.ssh/config
Host rpi.chorke.org
     HostName 139.59.51.80
     # PreferredAuthentications publickey
     IdentityFile ~/.ssh/rpi_chorke_rsa
     Port 4321

# copy root/misc public key to ~/.ssh/authorized_keys for each users
ssh-copy-id -i ~/.ssh/rpi_chorke_rsa.pub [email protected] -p 4321
ssh-copy-id -i ~/.ssh/rpi_chorke_rsa.pub [email protected] -p 4321
#################### SERVER SIDE ####################
# for disable password authentication
# & enable public key authentication
# edit by /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

# after edit save & exit restart sshd
# to update sshd configuration
# systemctl restart sshd
service sshd restart
#################### CLIENT SIDE ####################
# root user public key
ssh [email protected]
# Enter passphrase for key '/Users/user/.ssh/rpi_chorke_rsa':

# misc user public key
ssh [email protected]
# Enter passphrase for key '/Users/user/.ssh/rpi_chorke_rsa':
#################### CLIENT SIDE ####################
# root user password disabled
ssh [email protected] -p 4321
# [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

# misc user password disabled
ssh [email protected] -p 4321
# [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

EdDSA

ssh-keygen -t ed25519 -C "[email protected]"
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

Too Many Auth

too many authentication failures issue
ssh -o PreferredAuthentications=password ${USER}@academia.local
ssh -o IdentityAgent=none ${USER}@academia.local
ssh -o IdentitiesOnly=yes ${USER}@academia.local
Host *.local
     IdentityAgent none
     IdentitiesOnly yes
     PreferredAuthentications password
Host 10.19.83.*
     IdentityAgent none
     IdentitiesOnly yes
     PreferredAuthentications password

References