OpenSSH is one of the most popular implementations of SSH used today and available by default in many Linux and Unix-like operating systems.
Questions tagged [openssh]
1115 questions
436
votes
18 answers
Windows SSH: Permissions for 'private-key' are too open
I've OpenSSH 7.6 installed in Windows 7 for testing purposes. SSH client & server work just fine till I tried to access one of my AWS EC2 box from this windows.
It seems like I need to change the permission on the private key file. This can be…
Sabrina
- 5,083
- 8
- 15
- 25
271
votes
11 answers
Remove key from known_hosts
I built several virtual machines during the last few weeks. The problem is, the .ssh/known_hosts gives me the Man in the middle warning. This happens because another fingerprint is associated with the virtual machine IP.
In the .ssh/known_hosts…
Adam Matan
- 8,090
- 17
- 59
- 84
244
votes
8 answers
How to make an SSH tunnel publicly accessible?
Referring back to this question, I am executing the below via OpenSSH (Client: Mac OS X 10.6 | Server: Linux Mint), however the port that is being tunneled is not working publicly:
ssh -R 8080:localhost:80 -N root@example.com
The purpose is so the…
Trevor Rudolph
- 2,581
- 3
- 16
- 14
244
votes
12 answers
Is there a way for one SSH config file to include another one?
In case it matters:
OS: Ubuntu 10.04
SSH: OpenSSH_5.3p1 Debian-3ubuntu5
I'd like one SSH config file to include another one. The use case would be to define whatever I want in my default .ssh/config file and then pre-pend a couple of extra things…
Joe Casadonte
- 5,373
- 5
- 25
- 38
151
votes
3 answers
Howto force ssh to use a specific private key?
With ssh -i you can instruct ssh to use an extra private key to try authentication.
The documentation is not clear on how to explicitly use only that key.
Herman van Rink
- 3,639
- 3
- 12
- 10
145
votes
6 answers
SHA256 ssh fingerprint given by the client but only md5 fingerprint known for server
When connecting to a new/unknown server (with recent OpenSSH), for example:
ssh example.com
You get the fingerprint like below:
The authenticity of host 'example.org (192.0.2.42)' can't be established.
RSA key fingerprint is…
JonnyJD
- 3,623
- 3
- 18
- 21
80
votes
5 answers
How can I find a list of MACs, Ciphers, and KexAlgorithms that my openssh client supports?
Is there a way to make ssh output what MACs, Ciphers, and KexAlgorithms that it supports?
I'd like to find out dynamically instead of having to look at the source.
Colin Dean
- 1,697
- 3
- 13
- 9
65
votes
4 answers
get SSH key fingerprint in (old) hex format on new version of openssh
It seems that openssh has changed the way it displays key fingerprints.
I am trying to ssh from a client machine to a server:
client: ubuntu 14.04 running OpenSSH 6.6.1
server: FreeBSD running OpenSSH 7.2p2.
The client reports the md5 hash of…
stochastic
- 903
- 1
- 6
- 15
60
votes
5 answers
SSH permission denied on correct password authentication
I could successfully SSH into my machine yesterday with the exact same credentials I am using today. The machine is running CentOS 6.3. But now for some reason it is giving me permission denied.
Here is my -v print out, sshd_config, and ssh_config…
Kentgrav
- 1,482
- 1
- 16
- 18
55
votes
2 answers
ssh -o PreferredAuthentications: What's the difference between "password" and "keyboard-interactive"?
Both PreferredAuthentications=password and PreferredAuthentications=keyboard-interactive would prompt for the password, so what's the difference between them?
I Google'd with the keywords ssh PreferredAuthentications password keyboard-interactive…
su.root
- 898
- 1
- 6
- 15
55
votes
5 answers
Disable "Permanently added ..." warning on local LAN
I have the following in my ssh_config to connect to machines on my local LAN and machines in a VM:
Host 172.16.*.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
However, each time I connect it produces a warning:
$ ssh…
jww
- 11,918
- 44
- 119
- 208
54
votes
1 answer
Does the right half of the rsa public key matter?
In a public key file "id_rsa.pub" generated by ssh-keygen, does the part after the == matter?
I ask because when I changed "root@somedomain.com" to "root", it seems to still work.
More generally, I am curious about what the purpose of that half is.
merlin2011
- 1,855
- 3
- 23
- 33
53
votes
4 answers
Can someone explain the 'PasswordAuthentication' in the /etc/ssh/sshd_config file?
On this page, the explanation given is:
The option PasswordAuthentication
specifies whether we should use
password-based authentication. For
strong security, this option must
always be set to yes.
But it fails to provide any use case…
Zeta2
- 915
- 2
- 8
- 8
52
votes
5 answers
Bad owner or permissions on ssh config file
I have realized that I am no longer able to connect to the webserver at x.x.202.50. Yesterday I have changed the following ssh configuration file: /share/homes/admin/.ssh/config by adding the following settings:
# ssh (secure shell) configuration…
symp Ioio
- 621
- 1
- 5
- 4
48
votes
2 answers
How to name openssh public and private key pairs?
I am using public/private key pairs for a long time now. And nearly the same time I'm asking myself over and over again, which file extension I should use. It seems to be that at least for the public and the private(openssh) keys is no convention at…
Bernhard Laven
- 986
- 1
- 7
- 9