Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been asked to setup an SFTP which uses RSA public key authentication.
AS it was already in use I have opted to use CygWin and I can get it to work with passwords fine.
we are going to be hosting the SFTP server with users from the clients office connecting to it. The client has sent me their public key.
Having done LOts of reading and even more attempting to configure the server I just cant get it to work. Most of thetime I get..
ebug1: Host '127.0.0.1' is known and matches the ECDSA host key.
debug1: Found key in /home/ColoniAdmin/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_rsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_dsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ecdsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
I have once managed to get it to the point of asking for a passphrase for the private key but I don't have a private key (that I know of) just the public key the client sent us. and I certainly don't want to have to use passphrases
Their public key is in the authorized_key file on our server within the .ssh folder of their home folder. I have amended paswd and sshd_config to set home location and to allow RSA authentication.
All and any advice is super welcome, I have been doing this for 2 weeks now and i just wont work.
You need to read up on RSA encryption. Useful search terms are Rivest, Shamir, Aldman (=RSA)
They have done correctly in giving you their public key. I don't see you mention your private key at all and it is essential that you generate one. Have you a public key? Have they got it? I hope you have a utility for generating a keys.
The beauty of this is that you use your private key (Meeting certain specs) and their public key, and they use their private and your public key (Have you got one of those?) and things can be understood. It's based on stuff like Euler's Totient, the sort of stuff you read about and know less than when you began :-/.
You can't test their connection without their private key.
To test the method, generate your own keypair and add your pubkey to the relevant auth_keys file on the server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.