0

I've been silently learning from all of you for a long time. So thank you in advance for that! But now I got to a point where no google search can help with this issue I'm presented. I've found some info on these links, but sadly, it doesn't address exactly what I need (or at least I'm not seeing it):

[https://askubuntu.com/questions/30788/does-ssh-key-need-to-be-named-id-rsa][1]

[https://askubuntu.com/questions/888033/rsa-keys-not-authenticating][1]

Scenario: I have a Mac computer connected to a Ubuntu server through SSH. I'm testing RSA key authentication through it, and it works right. However ONLY if the client key file name for the key is id_rsa.pub. Whenever this name changes, the ssh handshake goes:

debug1: Next authentication method: publickey
debug1: Offering public key: rsa-key-2.pub RSA SHA256:********/s explicit
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: rsa-key-2.pub RSA SHA256:*******/s explicit
Load key "rsa-key-2.pub": invalid format
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

(rsa-key-2 is my second test key, I've .backup-ed the id_rsa original ones for testing purposes. As you can see, sshd seems to see the keys though, why doesn't it accept it?)

My issue is; what if I want to have more than one key to access different Linux machines? Can't I have a key1.pub, key2.pub, etc, file so I can store different keys on my computer for my different linux servers?

Workarounds attempted: I've been tinkering with sshd_config (host end) and ssh_config on the client end, but I didn't get to make it work (always restarting sshd after any changes).

PubkeyAuthenticationis set to yes. I tried adding HostKey /etc/ssh/name of the key I want to use but that didn't work either.

Do you think there's something I can do to have several local RSA keys that work with several different Linux machines (or the same, for testing purposes)?

I hope I explained my issue properly, and most importantly, thank you in advance for any input/help.

Regards!

mariano-daniel
  • 101
  • 3
  • You tried the ssh -i flag? – user535733 Jul 12 '20 at 19:24
  • @user535733 The `-i identity_file` flag is to define the private rsa (`id_rsa`) file to use. The .pub files should not be used directly beyond the initial setup with a given host. They are usually added to the host's `~/.ssh/authorized_keys` file to enable a specific private rsa key's access. @iPodClassic Have you copied the contents of the relevant `id_rsa.pub` file into the remote host's `~/.ssh/authorized_keys` file? – SHawarden Jul 12 '20 at 21:41
  • @user535733 Yes. The idea is to avoid using any flags. Just the username and the domain. My question is, why does the sshd recognise the key but does not accept it when the name is not `id_rsa.pub`? And why does it accept it when otherwise?

    @SHawarden: Yes sir. authorized keys file shows both keys correctly .I´ve uploaded them vía `ssh-copy-id`     – mariano-daniel Jul 12 '20 at 21:44
  • @iPodClassic if you want to use a non-default identity file name, then assuming the Mac client is also OpenSSH based, you either pass the **private** key file name on the command line with the `-i` switch, or create a `~/.ssh/config` file with an `IdentityFile` entry for the target host. Please show the SSH command plus any `.ssh/config` that you are using on the Mac so that we can confirm that's what you are doing. – steeldriver Jul 12 '20 at 22:07
  • Hello @steeldriver! How would I go tinkering with the `~/.ssh/config` file? On my host machine there is no such file. I've read about that file, but wasn't really sure how to setup `IdentifyFile` entry. Was it supposed to be on a root level? User level? So many questions! --- (Apologies in advance for my noobity, I guess we're all been there once, so thanks for your patience!) – mariano-daniel Jul 14 '20 at 15:05
  • ssh command I use is simply `ssh user@host_ip`. The idea is to avoid using the key filename. – mariano-daniel Jul 14 '20 at 15:09
  • Is you Mac computer running Ubuntu? – steeldriver Jul 14 '20 at 15:19
  • @steeldriver no sir. Mac runs on Mojave 10.14.6 - Linux computer runs on latest Ubuntu. I ssh into the Ubuntu machine from my Mac. – mariano-daniel Jul 15 '20 at 18:15
  • So since your question really seems to be about configuration of the Mac SSH client, it really belongs elsewhere - such as [askdifferent](https://apple.stackexchange.com/) – steeldriver Jul 15 '20 at 18:17
  • Thanks for your prompt reply @steeldriver! however, my scenario involves two machines, one of them being an Ubuntu machine. The Mac computer is just a client that I use to connect to the host. It might as well be another ubuntu machine. I totally understand my Mac machine is the one storing all the keys, but I want to also understand why my Linux machine is reading the key but rejecting it. Do you mean that the issue is clearly on the Mac side and the Linux machine is behaving as expected? Thanks a lot again for your input and patience! – mariano-daniel Jul 15 '20 at 18:20
  • I mean, this debug log came from my Linux machine (sorry if my break formatting is broken, I'm following the instructions but that doesn't seem to work): ```debug1: Server accepts key: rsa-key-2.pub RSA SHA256:*******/s explicit Load key "rsa-key-2.pub": invalid format debug2: we did not send a packet, disable method debug1: Next authentication method: password``` – mariano-daniel Jul 15 '20 at 18:22

0 Answers0