I'm writing an application that uses the Renci libraries to upload and download files to an SFTP server.
So far the application works in terms of passing the public key portion of the clients private key to the server (the STP server has the clients public key).
The issue I'm having is in getting the Hosts public key. I need to retrieve this once I've connected and ensure it matches the public key sent to us by the customer for the SFTP server.
I've looked through the Renci library and can't see how to do this. Is it possible?
I've also looked on this site and can't see an answer, hence this question.
Any help would be greatly appreciated.
Thanks.
Related
I need your help.
I set up an LDAP keyserver on my Ubuntu VPS.
Uploading keys works wonderfully, but I'm facing a problem where I can't get any further.
I generated a public key via Gnu and uploaded it to the server.
Picture
That also works so far.
Now I create a new public key via Openkeychain. I also store my e-mail address in the key there. Then I upload it to the server.
Picture
But now I have the problem that the "pgpUserID" is missing.
Can you help me and tell me how to get this for the key? Is it because of OpenKeychain?
Or can I add them through a command on the server?
Please note that only the public key is available. The private key remains with the employee and is not on the server.
Customer is changing SFTP to different location and written to me.
Changing SFTP-server to a more modern service at AWS.
Would be to secure the new username with a SSH key pair,
as we’re trying to get rid of all the password usage in the new service.
Could you deliver us a public key for this?
I have no understanding of this.
What actually I need to do here? Is it following ssh-keygen command? Do i need to share QA and Production separately?
https://phoenixnap.com/kb/ssh-with-key
I have been able to set up SSH access to my Google Cloud Platform VM via SFTP using WinSCP, but I now wish to do the same using another VM.
I have tried the ssh-keygen -t rsa , ssh-copy-id demo#198.51.100.0 method but always come up against the "Permission denied (public key)" error which from researching seems to be a pretty widespread issue with few reliable fixes (all the ones I tried didn't work).
I used PuttyGen to create the public and private key, and inserted the public key onto the server just through GCP settings, adding it under the SSH settings for my instance.
I am just confused on what to do with the private key when simply trying to sftp through the terminal on a separate VM, as before I would load the private key into WinSCP settings. Is there a folder I need to place it in or?
Regarding your first issue of "Permission denied (public key)" error, please follow the troubleshooting in this link and this.
About your other question of "what to do with the private key when simply trying to sftp through the terminal", that depends on the settings of the specific the 3rd party SFTP tool you are using. To locate the locations of SSH key after generating them, please review this document.
Once you have added the public key in the VM, you would need to boot the VM for public key to take effect. Try rebooting it and try
If you follow the GitHub HowTo "Generating SSH Keys", you get three files in your ~/.ssh directory: known_hosts, id_rsa, and id_rsa.pub.
The file known_hosts is used for the server authentication, id_rsa is used for the client authentification (here is an article, that explains the difference).
Why should I create / why GitHub does need both -- a host and a user authentification files? How does the GitHub authentification work?
Thx
This is just plain old SSH authentication; nothing about it is specific to GitHub.
id_rsa and id_rsa.pub are the two halves of your key: the private key and the public key. Effectively, the public key is the lock for the private key. You put the lock (public key) on whatever servers you want easy access to, without too much worry that someone else will see it, because it's just a lock. You keep the (private) key on your machine, and use it to log into those servers; they see you have a key fitting the lock, and let you in.
(Not to say that you should put your public key on completely untrustworthy machines; there are malicious tricks that can take advantage of shortcuts like ssh -A.)
known_hosts doesn't actually have much to do with this; it's just where ssh stores the fingerprints of all the servers you've connected to, so it can throw up a big scary warning if the fingerprint changes. (That would mean it's not the same machine: either something has changed radically on the server side, or your connection has been hijacked.)
So, anyway, one of the protocols Git itself understands is SSH. When you use git#github.com:... as a repository URL, Git is just connecting over SSH. Of course, GitHub doesn't want you mucking around on their machines, so they only let you do Git things, not get a full shell.
As usual, the Arch wiki has a whole lot more words on this.
known_hosts stores the server's identity the first time you connect, so that you know the next time that you're connecting to the same server. This prevents someone from pretending to be the server the next time you connect (but sadly not the first time)
id_rsa is your secret key that proves that you are really you. Never give this away.
id_rsa.pub is the public key, its purpose for authentication is basically just to prove that you have the secret key without giving it out. This key you can give to anyone what needs it since there's nothing secret about it.
When you connect to the server, SSH first checks that the server has the correct key (ie it should match the one in known hosts. If the client is comfortable that the server is genuine, it uses its private key to sign the following data and sends it to the server;
string session identifier
byte SSH_MSG_USERAUTH_REQUEST
string user name
string service name
string "publickey"
boolean TRUE
string public key algorithm name
string public key to be used for authentication
The server verifies the signature using the public key (which you earlier uploaded to Github), and if it is correct, the client is authenticated.
The known_hosts file is used by ssh whenever you actually connect to a host via SSH. It stores a signed key of sorts for the server. Then, if it changes, you will know.
ssh-keygen -t rsa -C yourgithub#accountemail.com is used to generate the SSH key in which you will give the id_rsa.pub to github. Then, when you connect to github you have the private key id_rsa in your ~/.ssh folder which is then used to validate your information with github.
This is a very low-level explanation, but the private key (non .pub) file is your end, the .pub is for github and the known_hosts is for your box to know what is what.
You can also generate a config file in ~/.ssh for use to specify which key goes to which host..
authorized_keys and known_hosts are entirely different..
Your SSH server (sshd, ie) uses authorized_keys, or whatever file is defined within your /etc/ssh/sshd_config/ for knowing the public side of another key. So when a user connects to your server, they pass their private key, your SSH server verifies against the public key it has within authorized_keys and if it doesn't match, it doesn't work.
Github maintains an authorized_keys so-to-speak on their users. Your public key goes into your authorized_keys on your account and then when you connect via ssh to clone,push,etc, it checks your private key you send over with your public key they already know.
I get this error
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED
The rest of the error message is similar to here.
I have SSH keys in my server. I have my private key in my desktop. I am not sure where I should put it.
Add correct host key in ~/Users/Sam/.ssh/known_hosts to get rid of this message.
Should I add the public key of my server to the file?
The issue is that the server's public key has changed from the one used the last time your client connected, and it may be indicative of an attempt to fool you into connecting to a server that's masquerading as your intended target in some fashion, in order to steal your credentials or some other malicious behaviour.
The message also naturally occurs if the public key on the server has been explicitly changed, which can happen for a number of legitimate reasons - a vulnerability in Debian-based Linux distributions in the not-so-distant past necessitated key regeneration for many people, for example.
If you can confirm that you're connecting to the intended destination, and you know that any key change was legitimate, then you can usually accept the key change. Alternatively, as the message explains, you can obtain the server's public key via an alternative (secure) channel and update your client's local copy so it recognises the server's credentials once more.
If you don't control the server, contact the person or organisation that does, and find out whether the change was legitimate.
You don't need to modify your private key in any way; this is nothing to do with your key pair.
If the keys were really changed on the server (ie. you are not a victim of a man-in-the-middle attack), the easiest think to do is get the line number from the message (offending key is in path/known_host:line_number), delete this line, login to the server (and accept the key).
You mean, programatically?
Probably you can find better support at the forums posted in this question:
https://stackoverflow.com/questions/321618
I was just having this error and I think it's because I'd been previously using another Vagrant instance on my laptop for a work assignment I had, and now that that assignment has finished I'm trying to use Vagrant for my own project, but the old Vagrant instance's public key was still in my known_hosts file. So I just deleted the old entry in the known_hosts file for 127.0.0.1 and saved the file and the error went away.