Thursday, May 2, 2024
Homepage · ssh
 Popular · Latest · Hot · Upcoming
9
rated 0 times [  9] [ 0]  / answers: 1 / hits: 8831  / 3 Years ago, thu, june 17, 2021, 3:43:52

I know there are several questions about ssh keys and how to configure it. But I found none to answer my question.



So here it is: I have several ssh keys in my .ssh directory. For some remotes different keys.



Now I have neither configured in .ssh/config which key to use for which host, nor have I added them to an agent manually, what some questions here already mentioned. I just created the keys with ssh-keygen and it works.



Now I would like to know who is responsible for that and which keys are tried automatically? I have something in my mind that says about five keys are automatically checked for compatibility - but I cannot find where I found this information.



Does ssh-keygen automatically add those keys to an agent? Or does ssh search for any matching key by default?


More From » ssh
 Answers
4

The ssh client will check all your keys until it finds one that matches.



This is how it works (this is very simplified, before this a quite complex dance has been made to encrypt all of this):




  • The server creates an auth token.

  • The token is encrypted using your public key on the server.

  • The server send the encrypted token to the client.

  • The client tries to decrypt the token, using all known private keys.

  • If it is successful it will send the decrypted token back to the server.

  • If the token matchs the server will let the client in.



What files are keys depends on the client.



For the Openssh client (Ubuntu default client), according to its man page, the files that are supposed to be private keys are ./sshid_rsa, .ssh/id_dsa, .ssh/id_ecdsa, plus those given after the -i flag (it supports multiple files) and those declared in the config file.



You can give it the -v option to make it print a line when it tries to use any file as a key. This is an example from a non-key login:



$ ssh -v www.hostremoved.com

OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012

debug1: Reading configuration data /etc/ssh/ssh_config

<...>

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /home/javier/.ssh/id_rsa

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /home/javier/.ssh/id_dsa

debug1: Trying private key: /home/javier/.ssh/id_ecdsa

debug1: Next authentication method: password

<...>


As you can see, it prints all the keys it tries, it fails all. You can use this in your system to discover what files is ssh using in your own system.



Below you can see the output if some existing key is found and tried



debug1: Authentications that can continue: publickey,password

debug1: Offering RSA public key: user@xyz


user@xyz is the information appended to the public key.





If you're wondering how your ssh client finds your private keys, it's not magic. Under Gnome (xfce and KDE also) there is a special ssh-agent that automatically adds keys in .ssh directory that have a correspondending public key with the ending .pub.



If you not have such a comfortable ssh agent, you'll have to add your private keys with ssh-add key.


[#37460] Friday, June 18, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
leddre
Add To Favorites
Follow
Total Points: 180
Total Questions: 113
Total Answers: 108
Location: France
Member since Thu, Oct 27, 2022
2 Years ago
leddre questions
Sat, Sep 4, 21, 19:17, 3 Years ago
Wed, Jan 25, 23, 04:50, 1 Year ago
Tue, Feb 8, 22, 20:29, 2 Years ago
Thu, Feb 3, 22, 14:12, 2 Years ago
Sun, Mar 5, 23, 07:43, 1 Year ago
View All
;