I added ssh key to my linode dashboard but it does not work.
https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/#connect-to-the-remote-server
I added ssh key to my linode dashboard but while logging in, powershell still asking my limited user's password instead of passphrase.
Why the key is not working how can i solve it?
6 Replies
powershell still asking my limited user's password instead of passphrase.
This is the way it's supposed to work. ssh keys are user-specific. I believe the key you added in the dashboard is for root only. That being said, it's really not a very good idea to allow root to log in using ssh. You can disallow this by changing:
#PermitRootLogin no
to
PermitRootLogin no
in /etc/ssh/sshd_config and restarting sshd using sudo systemctl restart sshd. After that, root logins will only be allowed at the (lish/glish) console. You'd best be sure that sudo works the way you want before you do this:
https://www.linux.com/training-tutorials/configuring-sudo-explaination-example/
Since, ssh keys are user-specific, you need to create a new key for the user that's trying to login. You can do this from Windoze if you want, just specify the correct login & domain name at the appropriate prompts…but it's probably easier to do it in an ssh session on Linux and put it in the right place.
You need to add the public key to $HOME/.ssh/authorized_keys (where $HOME is the home directory for the user that's trying to login).
-rw-r--r-- 1 stevewi stevewi 1232 Aug 16 2021 authorized_keys
Obviously, ownership would be the user/group of the user that's trying to login. The public key for your Windoze machine needs to live here as well.
See:
-- sw
I might suggest that you create an ed25519 key instead of the old 'RSA' key (however "severwi" is more the authority on this than I am.)
You can generate keys with the 'ssh-keygen' command:
$ ssh-keygen -t ed25519
Now i am not able to add the ssh key that i have created. I tried all methods in the guides above it always says:
"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host '137.162.177.xxx (137.162.177.xxx)' can't be established.
ECDSA key fingerprint is SHA256:7u2OK6VhXPjwn+BGfZgFRNbGFIM8……
Are you sure you want to continue connecting (yes/no/[fingerprint])?
/usr/bin/ssh-copy-id: ERROR: Host key verification failed."
I might suggest that you create an ed25519 key instead of the old 'RSA' key
For what you're trying to do and at this point in time, there are no advantages to a ed25519 key.
I suspect you're trying to replace the one that's causing the error. That one is only for root.
Any keys you install for other users have to be done using a terminal.
I've never installed a key using the Linode dashboard. I always set the key for root using the lish/glish console. At least that way, I have control over the steps that are taken…not so with the Linode dashboard.
I would suggest deleting the key you installed with the Linode dashboard and start over using the console. You can run ssh-keygen for root on your Linode.
-- sw
there are no advantages to a ed25519 key.
I'm no expert but every "expert" I researched said that ed25519 was a better, safer, faster and more difficult to crack key. They all said that if you were creating a new one ed25519 is what you should use. I didn't find one who preferred the rsa over the ed25519.
In addition a few bloggers on the subject suggested we should replace our old RSA keys with ed25519 keys… which is what I did… although I only had a few sites I needed to upload them to (in ~/.ssh/authorized-keys) so it only took a few minutes. I've had zero problem with them (but never had any problems with rsa either.)
I believe my complete statement was:
For what you're trying to do and at this point in time, there are no advantages to a ed25519 key.
You write:
I'm no expert but every "expert" I researched said that ed25519 was a better, safer, faster and more difficult to crack key. They all said that if you were creating a new one ed25519 is what you should use. I didn't find one who preferred the rsa over the ed25519.
This is all true…however, you neglect the level of expertise of the intended audience here (which is not me)…
For the OP…who has yet to get ssh working correctly (AFAIK)…there is no advantage to an ed25519 key over an ECDSA key. IMHO, asking him/her to use an ed25519 key at this point in time just complicates his/her life needlessly.
-- sw