Menu
I have asked users for their public "id_rsa.pub" ssh key, that I then place in "/home/theiraccount/.ssh/authorized_keys", so they can login to the server by SSH. I'd like to automate this process.
Is there anyway to sanity check the string they give me (programmatically or otherwise)? I want to verify that sshd can read the text and that it actually looks like a valid public key (and hasn't been corrupted)?
Put another way, what is the format of the id_rsa.pub file? If someone enters it in a field what can I write in the form handler script to verify that it is complete and correct?
402
You can verify your SSH key passphrase by attempting to load it into your SSH agent. With OpenSSH this is done via ssh-add . Once you're done, remember to unload your SSH passphrase from the terminal by running ssh-add -d .
By default, the private key is stored in ~/. ssh/id_rsa and the public key is stored in ~/. ssh/id_rsa.
Make sure the authorized_keys file and the private key itself have the correct permissions and ownership. Check that key-based authentication is allowed by the server. Make sure the private key is readable by the SSH client. If you're using PuTTY, make sure your SSH keys are properly configured for the session.
ssh-keygen can be used to calculate the fingerprint of a key file, which will fail if you don't pass it a key:
ssh-keygen -l -f id_rsa.pub
Another possibility would be ssh-vulnkey, that would have the advantage of checking the keys against the blacklist of known compromised keys at the same time.
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
