There are pro’s and con’s for either pw or key-based authentication. In some cases, for example, key-based authentication is less secure than password authentication. In other cases, its pw-based that’s less secure. In some cases, one is more convenient, in others, less. It all boils down to this: When you do key-based authentication, you must … Read more
Necromancing, but adding the following to your sshd_config should do the trick: Match User <username> PasswordAuthentication yes Match all Note that match is effective “until either another Match line or the end of the file.” (The indentation isn’t significant.)
You can use ssh-keygen for this. Despite its name it can do many more things than generating keys: dennis@lightning:~$ ssh-keygen -l -f .ssh/id_rsa.pub 2048 68:df:b2:22:d8:43:5d:36:75:c1:d8:59:c0:8c:22:e8 Dennis Kaarsemaker (RSA) dennis@lightning:~$ ssh-keygen -l -f foo.txt foo.txt is not a public key file.
AWS EC2 shows the SSH2 fingerprint, not the OpenSSH fingerprint everyone expects. It doesn’t say this in the UI. It also shows two completely different kinds of fingerprints depending on whether the key was generated on AWS and downloaded, or whether you uploaded your own public key. Fingerprints generated with ssh-keygen -l -f id_rsa will … Read more
This field is a comment, and can be changed or ignored at will. It is set to user@host by default by ssh-keygen. The OpenSSH sshd(8) man page describes the format of a public key thus: Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. . . . The comment field is … Read more
You could do that with ssh-keygen, however, remember that the private key is meant to be private to the user so you should be very careful to keep it safe- as safe as the user’s password. Or even safer, as the user is not likely to be required to change it upon first login. ssh-keygen … Read more
In OpenSSH prior to version 3, the sshd man page used to say: The $HOME/.ssh/authorized_keys file lists the RSA keys that are permitted for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the $HOME/.ssh/authorized_keys2 file lists the DSA and RSA keys that are permitted for public key authentication (PubkeyAuthentication) in SSH protocol 2.0. The … Read more
get the rsa key of your server, where server_ip is your server’s IP address, such as 192.168.2.1: $ ssh-keyscan -t rsa server_ip Sample response: # server_ip SSH-2.0-OpenSSH_4.3 server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG… and on the client, copy the entire response line server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG…, and add this key to the bottom of your ~/.ssh/known_hosts file: server_ip ssh-rsa … Read more
There are many, many reasons why client-side debugging (ssh -vvv …) shows: Many of these are listed in the answers to SSH public key won’t send to server on Unix & Linux, but, unfortunately, the client does not give any indication as to which one applies. When I was struggling with this, my main problem was getting server-side logging/debugging … Read more
Make sure when executing Michael Krelin’s solution you do the following Note that without the double >> the existing contents of authorized_keys will be over-written (nuked!) and that may not be desirable.