After I upgraded MacOS Sierra, my SSH key access to Ubuntu servers broke. I learned that my older ssh-dss (DSA) keys were no longer secure and that I needed to replace them with RSA keys.
Updating server keys is always a bit time consuming. If you want more background on this, check out: Secure Your Instance
I'm trying to connect to my host using SSH key. I've generated a key pair and added public key to authorized keys to the server. However I'm unable to connect to server using my private key. Every time I connect it asks for the password. I've tried to run ssh-add mykeyname and it said that it's fine and been added. But it is not working.
Here’s what worked well for me:
Reactivate Password Authentication
Firstly, I logged into my Digital Ocean droplets via the virtual host console they offer. With this, I turned back on PasswordAuthentication temporarily on my servers:
$ sudo nano /etc/ssh/sshd_config
# Change this back temporarily to yes
Then, I reset the SSH service:
$ sudo service ssh restart
If you can’t access your server in any way, there may be no easy way to regain access without using another device. For example, I use Panic’s Prompt 2 SSH App on my iPad.
Create a New RSA Key
Next, we’ll create the new RSA key on my Mac.
$ ssh-keygen -t rsa
You’ll see something like this:
$ ssh-keygen -t rsa
Then, I copied out the public key so I could upload to a sharing service:
$ cat ~/.ssh/id_newkey.pub
Upload the New Key to Github Gist
Next, I created a new private Gist and pasted the public key into it and saved it.
Visiting the raw page for that gist, I copied the URL for the raw content of the Gist. There may be a more obvious way in the UX but I couldn’t find it.
Sign in to Your Server
Next, I used password authentication to sign in to my server:
$ ssh -p 22 [email protected]
And, I performed the following steps to retrieve the public key from Gist and store it on the server. Then, add it to the authorized_keys file:
$ cd ~
Verify New Key Authentication to to Your Server
Then, I tested it in another terminal window from my Mac:
$ ssh -p 22 -i ~/.ssh/id_newkey [email protected] Everything worked fine! Turn Off Password Access to Your Server
Then, I returned to the server and turned off PasswordAuthentication:
$ sudo nano /etc/ssh/sshd_config
# Change to no to disable tunnelled clear text passwords
Then, I reset the SSH service:
$ sudo service ssh restart
And that was it, just a few hours lost hunting down and duplicating the proper steps.
It’s odd I didn’t know about this and odd that the Sierra upgrade doesn’t warn you about it as it upgrades OpenSSH behind the scenes.
You generate an SSH key through macOS by using the Terminal application. Once you upload a valid public SSH key, the Triton Compute Service uses SmartLogin to copy the public key to any new SmartMachine you provision.
Joyent recommends RSA keys because the node-manta CLI programs work with RSA keys both locally and with the ssh agent. DSA keys will work only if the private key is on the same system as the CLI, and not password-protected.
About Terminal
Terminal is the terminal emulator which provides a text-based command line interface to the Unix shell of macOS.
To open the macOS Terminal, follow these steps:
Mac Ssh Key Location
The Terminal window opens with the commandline prompt displaying the name of your machine and your username.
Generating an SSH key
An SSH key consists of a pair of files. One is the private key, which should never be shared with anyone. The other is the public key. The other file is a public key which allows you to log into the containers and VMs you provision. When you generate the keys, you will use
ssh-keygen to store the keys in a safe location so you can bypass the login prompt when connecting to your instances.
To generate SSH keys in macOS, follow these steps:
You will need to enter the passphrase a second time to continue.
After you confirm the passphrase, the system generates the key pair.
Your private key is saved to the
id_rsa file in the .ssh directory and is used to verify the public key you use belongs to the same Triton Compute Service account.
Your public key is saved to the
id_rsa.pub ;file and is the key you upload to your Triton Compute Service account. You can save this key to the clipboard by running this:
Importing your SSH key
Now you must import the copied SSH key to the portal.
TroubleshootingMac Os Generate Ssh Key
You may see a password prompt like this:
This is because:
Generate Ssh Key Windows
What are my next steps?
Right in the portal, you can easily create Docker containers, infrastructure containers, and hardware virtual machines.
In order to use the Terminal to create instances, set up
triton and CloudAPI as well as the triton-docker commandline tool.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |