ssh from a cluster node triggers public key error for all remote hosts (MWE for github)
I have never seen GitHub fall back to password with SSH: it uses the technical account git
, for which there is no password anyway.
That means ssh -oPubkeyAuthentication=no git@github.com
would still return git@github.com: Permission denied (publickey).
, without asking for password.
In your case: generate a new SSH key, add the public one to your profile, and try again:
ssh -Tv git@github.com
You should see a Welcome message
> Hi username! You've successfully authenticated, but GitHub does not
> provide shell access.
How to convert RSA key to ssh-rsa
Meta: At least part of an answer, but I don't know ObjC so making CW for improvement.
Note: This is nearly a duplicate of Convert pem key to ssh-rsa format except that is in C not ObjC, and it starts from a publickey file instead of a privatekey file -- but OpenSSL's in-memory structure for an RSA key is the same for a publickey or privatekey, with privatekey-specific fields ignored for a publickey.
And it can be improved.
Your code (apparently) generates a length value in decimal as 4 digits and a decimal representation of the magnitude (without sign since the value is always positive) for each of e and n, but unbase64'ing your posted output doesn't show any of these actually included in the result, which after the correct initial part matching your start
appears to be garbage, and I don't know why. You may need some ObjC debugging help there.
Anyway, the correct encoding is 4-byte binary (bigendian) length, followed by a binary bigendian representation of the value in two's complement, which requires adding a leading zero byte for a positive number in the range 28k/2 to 28k-1; this is usually the case for n because RSA key size is usually chosen a multiple of 8 (actually a power of 2 or small multiple thereof). e is rarely chosen this way although it can be. See "string" and "mpint" in https://www.rfc-editor.org/rfc/rfc4251#section-5 .
You can do this as in #1011572 by calling BN_bn2bin
to get the binary bigendian magnitude into a large-enough buffer, then encode the 4-byte length, possible 1-byte sign and magnitude, again into a large-enough buffer. Or OpenSSL can actually do much of this for you; call BN_bn2mpi
with a large-enough buffer and it will do the length, possible sign and magnitude.
How to allocate and manage the buffer(s?) in ObjC I leave to you or someone else. Do note that both the length fields and the value parts can and frequently will use the zero byte as a valid byte value; it must not be treated as a terminator or otherwise special. A little googling suggests to me this may be a problem for NSString
but I could easily be wrong.
RSA Encryption public key?
See this answer over here
https://stackoverflow.com/a/10643894/584616
https://github.com/StCredZero/SCZ-BasicEncodingRules-iOS
SCZ-BasicEncodingRules-iOS
Implementation of Basic Encoding Rules to enable import of RSA keys to iOS
KeyChain using exponent. Code targets iOS 5 with ARC.
Let's say you already have a modulus and exponent from
an RSA public key as an NSData in variables named pubKeyModData and
pubKeyModData. Then the following code will create an NSData containing that RSA
public key, which you can then insert into the iOS or OS X Keychain.
NSMutableArray *testArray = [[NSMutableArray alloc] init];
[testArray addObject:pubKeyModData];
[testArray addObject:pubKeyExpData];
NSData *testPubKey = [testArray berData];
This would allow you to store the key using the addPeerPublicKey:keyBits: method from SecKeyWrapper in the Apple CryptoExercise example. Or, from the perspective of the low-level API, you can use SecItemAdd().
NSString * peerName = @"Test Public Key";
NSData * peerTag =
[[NSData alloc]
initWithBytes:(const void *)[peerName UTF8String]
length:[peerName length]];
NSMutableDictionary * peerPublicKeyAttr = [[NSMutableDictionary alloc] init];
[peerPublicKeyAttr
setObject:(__bridge id)kSecClassKey
forKey:(__bridge id)kSecClass];
[peerPublicKeyAttr
setObject:(__bridge id)kSecAttrKeyTypeRSA
forKey:(__bridge id)kSecAttrKeyType];
[peerPublicKeyAttr
setObject:peerTag
forKey:(__bridge id)kSecAttrApplicationTag];
[peerPublicKeyAttr
setObject:testPubKey
forKey:(__bridge id)kSecValueData];
[peerPublicKeyAttr
setObject:[NSNumber numberWithBool:YES]
forKey:(__bridge id)kSecReturnPersistentRef];
sanityCheck = SecItemAdd((__bridge CFDictionaryRef) peerPublicKeyAttr, (CFTypeRef *)&persistPeer);
What command do I use to see what the ECDSA key fingerprint of my server is?
Wait, I found it. Run the command:
ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
Related Topics
Stty: Standard Input: Inappropriate Ioctl for Device
How to Identify Padding Scheme Used in Rsa Signature of a Certificate, Using Openssl
How to Attach Domain Name to My Server
I Need a Binary Comparison Tool for Win/Linux
How to Use Sysfs Inside Kernel Module
Set Cron Job for 1St Working Day of Every Month in Shell Scripting
Correct Way to Export Multiple Ld_Library_Paths
Mono and Unmanaged Code in Ubuntu
How to Have Postgresql Not Collapse Punctuation and Spaces When Collating Using a Language
Linux/Cygwin Recursively Copy File Change Extension
How to Convert Absolute Path to Relative in C Linux
How to Make Alias Called When It's Called by a Variable
No Output from Iio (Character) Device Output - Iio Buffer
How to Extract Email Headers Extending on Multiple Lines from File
How to Get a Hex Color Code from a Solid-Color Image for a Script