Modes
---- BEGIN SSH2 PUBLIC KEY ---- Subject: custodian Comment: "1024-bit rsa, [email protected], Mon Apr 27 2020 1\ 5:04:52" AAAAB3NzaC1yc2EAAAADAQABAAAAgQCCzJ164AeNAjTafmfVeaqAzrP8sbqYnXKSWew/WG wam+0sLBdWByrCDpZkb4NKOSCI3njJZzsQ7bkAVdaRpRl2CdZ/nuU6VeJ0f9KHAgzDKDDn TRo1p4o2LdIBnNeNVtCXlDH4EwRB89ZQj9kjLSlCrAmtxoOlSb6jIKq2n7XpPQ== ---- END SSH2 PUBLIC KEY ----Why? File "~/.ssh/authorized_keys" on Linux currently requires the public key to sit on one single line with no superfluous information or control characters like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCC..........PQ== optional-comment
#!/bin/bash # title : gen-test-keys.sh # author : Neil Rieck # edit : 2020-04-30 # platform: CentOS-7.7 # ========================== # rm neil_test_key* # # create rsa key pair # private key defaults to PEM # public key defaults to one-liner ssh-keygen -f neil_test_key1 -t rsa -b 1024 -N "" # # create rsa key pair # private key is forced to new format with "-o" (valid with OpenSSH 6.5) # public key defaults to one-liner ssh-keygen -f neil_test_key9 -o -b 1024 -N "" # # convert public key for export to another system ssh-keygen -e -f neil_test_key1.pub > neil_test_key_export.pub # # convert public key for import from another system ssh-keygen -i -f neil_test_key_export.pub > neil_test_key_import.pub # # compare imported result to original (only comments are different) diff -s neil_test_key1.pub neil_test_key_import.pub
# compare files (again)
vim -d file1 file2
# use command :qa to quit-all # # let's see the mess ls -la neil_test_key*
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Subject: custodian Comment: "1024-bit rsa, [email protected], Mon Apr 27 2020 1\ 6:58:47" MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAILQJ7xzODDIRCjwd7AoE9AFTER
...snip... VyFpdL+brlVS/kIrCZF+SsUD+WL4K3uZN+tP8vNznKTzKQ2bOP2eHH4nQ9uhX6xmKeUw/J N5FsHA== ---- END SSH2 ENCRYPTED PRIVATE KEY ----
-----BEGIN RSA PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAILQJ7xzODDIRCjwd7AoE9 ..snip...
VyFpdL+brlVS/kIrCZF+SsUD+WL4K3uZN+tP8vNznKTzKQ2bOP2eHH4nQ9uhX6xmKeUw/J N5FsHA== -----END RSA PRIVATE KEY-----
# ============================================================================= # title : ssh-help.txt # author : Neil Rieck # created: 2019-09-23 # edit : 2019-09-23 # target : CentOS-7.5 to CentOS-7.5 # purpose: # 1) Shell scripts containing a list of rsync, sftp and scp commands, when run # from cron, must never be presented with a password prompt. # 2) This file describes steps to allow user-A on system-A to connect as # user-B on system-B without a password (authentication is now done by a # public-private key pair) # 3) CAVEAT: you may need to modify "/etc/ssh/ssh_config" of the local client machine # as well as "/etc/ssh/sshd_config" of the remote server machine # a) /etc/ssh/ssh_config # Uncomment these lines: # IdentityFile ~/.ssh/identity # recommended for ssh2 # IdentityFile ~/.ssh/id_rsa # recommended for ssh2 # b) /etc/ssh/sshd_config # Uncomment these lines: # PubkeyAuthentication yes # required # PermitRootLogin yes # optional # Caveat: remember to restart sshd after changes here # ============================================================================= # # STEP-01 (optional; only do once) # # 1) this next command will create two files: # .ssh2/id_rsa # .ssh2/id_rsa.pub # ssh-keygen # # STEP-02 (recommended) # # 1) create a specific public-private key pair for use by root when # connecting from kawc4n to kawc4m. Use one of these filename formats: # username_source_destination # username_on_source # 2) In 2019 you might find DSA disabled so just use RSA where possible # 3) when prompted, do not enter a passphrase # ssh-keygen -t rsa -b 1024 -f ~/.ssh/root_on_kawc4n # # STEP-03 (configure client side) # cd .ssh # drop down one level cat id_rsa >> identity # copy private key into identity (a one-line payload) cat root_on_kawc4n >> identity # copy private key into identity # # STEP-04 (copy public key(s) but do not use ssh-copy-id) # # 1) copy public key(s) to the remote site # ls -la drwx------. 2 root root 129 Sep 23 16:38 . dr-xr-x---. 19 root root 4096 Sep 23 16:38 .. -rw-------. 1 root root 1679 Sep 23 16:09 identity -rw-------. 1 root root 1679 Sep 23 14:00 id_rsa -rw-r--r--. 1 root root 393 Sep 23 14:00 id_rsa.pub -rw-r--r--. 1 root root 195 Sep 23 12:54 known_hosts -rw-------. 1 root root 1679 Sep 23 16:09 root_on_kawc4n -rw-------. 1 root root 393 Sep 23 12:38 root_on_kawc4n.pub sftp [email protected] # connect via sftp put root_on_kawc4n.pub # recommended push put id_rsa.pub # optional push exit # log out (drop back to kawc4n) cd .. # navigate back up one level # # STEP-05 (config the remote end) # ssh [email protected] # connect via ssh to server ls -la *.pub # view public key files cat root_on_kawc4n.pub >> .ssh/authorized_keys # copy public into here cat id_rsa.pub >> .ssh/authorized_keys # copy public into here rm *.pub # delete public keys exit # log out (drop back to client) # # STEP-6 (final test) # ssh [email protected] # you should not see a password prompt # # STEP-7 (debug; if something went wrong) # ssh [email protected] -v # -v -vv -vvv for more debugging messages #