Yaroslav Grebnov

ssh

Generate an ssh key

Using an RSA algorithm:

ssh-keygen -t rsa -C "key_identifier"

ssh files permissions

A private key file must be accessed only by the owner:

chmod 600 id_rsa

A public key file should be readable by other users:

chmod 644 id_rsa.pub

config file must be accessed only by the owner:

chmod 600 config

Basic user ssh config file example

Host host1
  HostName host1
  IdentityFile ~/.ssh/host1

Host *
  IdentityFile ~/.ssh/default

In order to open an ssh connection to host1, the host1 key will be used. The default key will be used in all other cases.

Remove the passphrase from the key

  1. For the key with the default name (id_rsa):
ssh-keygen -p

You will need to enter the old passphrase and hit Enter for the neww passphrase prompt.

  1. If you have several keys and you want to remove the passphrase from the key with a non-default name:
ssh-keygen -p -f <name of the keyfile>

For example:

ssh-keygen -p -f ~/.ssh/id_rsa_custom

Disable password authentification

Password authentification can be disabled in sshd configuration. Do not forget to add you key to the authorized_keys before logging out, because you risk to loose posibility to log in to the system.

Set PasswordAuthentication to no in the /etc/ssh/sshd_config:

PasswordAuthentication no

Restart sshd:

sudo systemctl restart sshd

Resolve sign and send from agent: agent refused operation error

In order to resolve a problem of ssh connection, producing a sign and send from agent: agent refused operation error:

ssh-add -l

Remove an entry from known_hosts

During troubleshooting the Permission denied (publickey) error, in the ssh session opening verbose output we may see that a record_hostkeys for the server already exists in the known_hosts. Given that the IP addresses in the known_hosts are hashed, the easiest way to remove an entry from the file is to use sed command:

sed -i '<line_number>d' <home_directory>/.ssh/known_hosts

with the <line_number> taken from the ssh session opening verbose output. Something like:

debug3: record_hostkey: found key type <key_type> in file <home_directory>/.ssh/known_hosts:10

Fedora 33, Bitbucket: Resolve send_pubkey_test: no mutual signature algorithm error

In order to resolve a problem of ssh connection to Bitbucket on Fedora 33, producing a send_pubkey_test: no mutual signature algorithm error, it is necessary to create a new ssh key using ED25519 algorithm:

ssh-keygen -t ed25519 -C "key_identifier"

Reference: Bitbucket support

← Make/CMake
dnf →