Sanity Check Ssh Public Key

ssh from a cluster node triggers public key error for all remote hosts (MWE for github)

I have never seen GitHub fall back to password with SSH: it uses the technical account git, for which there is no password anyway.

That means ssh -oPubkeyAuthentication=no git@github.com would still return git@github.com: Permission denied (publickey)., without asking for password.

In your case: generate a new SSH key, add the public one to your profile, and try again:

ssh -Tv git@github.com

You should see a Welcome message

> Hi username! You've successfully authenticated, but GitHub does not
> provide shell access.

How to convert RSA key to ssh-rsa

Meta: At least part of an answer, but I don't know ObjC so making CW for improvement.

Note: This is nearly a duplicate of Convert pem key to ssh-rsa format except that is in C not ObjC, and it starts from a publickey file instead of a privatekey file -- but OpenSSL's in-memory structure for an RSA key is the same for a publickey or privatekey, with privatekey-specific fields ignored for a publickey.
And it can be improved.

Your code (apparently) generates a length value in decimal as 4 digits and a decimal representation of the magnitude (without sign since the value is always positive) for each of e and n, but unbase64'ing your posted output doesn't show any of these actually included in the result, which after the correct initial part matching your start appears to be garbage, and I don't know why. You may need some ObjC debugging help there.

Anyway, the correct encoding is 4-byte binary (bigendian) length, followed by a binary bigendian representation of the value in two's complement, which requires adding a leading zero byte for a positive number in the range 28k/2 to 28k-1; this is usually the case for n because RSA key size is usually chosen a multiple of 8 (actually a power of 2 or small multiple thereof). e is rarely chosen this way although it can be. See "string" and "mpint" in https://www.rfc-editor.org/rfc/rfc4251#section-5 .

You can do this as in #1011572 by calling BN_bn2bin to get the binary bigendian magnitude into a large-enough buffer, then encode the 4-byte length, possible 1-byte sign and magnitude, again into a large-enough buffer. Or OpenSSL can actually do much of this for you; call BN_bn2mpi with a large-enough buffer and it will do the length, possible sign and magnitude.

How to allocate and manage the buffer(s?) in ObjC I leave to you or someone else. Do note that both the length fields and the value parts can and frequently will use the zero byte as a valid byte value; it must not be treated as a terminator or otherwise special. A little googling suggests to me this may be a problem for NSString but I could easily be wrong.

RSA Encryption public key?

See this answer over here

https://stackoverflow.com/a/10643894/584616

https://github.com/StCredZero/SCZ-BasicEncodingRules-iOS

SCZ-BasicEncodingRules-iOS

Implementation of Basic Encoding Rules to enable import of RSA keys to iOS
KeyChain using exponent. Code targets iOS 5 with ARC.

Let's say you already have a modulus and exponent from
an RSA public key as an NSData in variables named pubKeyModData and
pubKeyModData. Then the following code will create an NSData containing that RSA
public key, which you can then insert into the iOS or OS X Keychain.

NSMutableArray *testArray = [[NSMutableArray alloc] init];
[testArray addObject:pubKeyModData];
[testArray addObject:pubKeyExpData];
NSData *testPubKey = [testArray berData];

This would allow you to store the key using the addPeerPublicKey:keyBits: method from SecKeyWrapper in the Apple CryptoExercise example. Or, from the perspective of the low-level API, you can use SecItemAdd().

NSString * peerName = @"Test Public Key";

NSData * peerTag = 
   [[NSData alloc] 
       initWithBytes:(const void *)[peerName UTF8String] 
       length:[peerName length]];

NSMutableDictionary * peerPublicKeyAttr = [[NSMutableDictionary alloc] init];

[peerPublicKeyAttr 
   setObject:(__bridge id)kSecClassKey 
   forKey:(__bridge id)kSecClass];
[peerPublicKeyAttr 
   setObject:(__bridge id)kSecAttrKeyTypeRSA 
   forKey:(__bridge id)kSecAttrKeyType];
[peerPublicKeyAttr 
   setObject:peerTag 
   forKey:(__bridge id)kSecAttrApplicationTag];
[peerPublicKeyAttr 
   setObject:testPubKey 
   forKey:(__bridge id)kSecValueData];
[peerPublicKeyAttr 
   setObject:[NSNumber numberWithBool:YES] 
   forKey:(__bridge id)kSecReturnPersistentRef];

sanityCheck = SecItemAdd((__bridge CFDictionaryRef) peerPublicKeyAttr, (CFTypeRef *)&persistPeer);

What command do I use to see what the ECDSA key fingerprint of my server is?

Wait, I found it. Run the command:

ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

Related Topics

Stty: Standard Input: Inappropriate Ioctl for Device

How to Identify Padding Scheme Used in Rsa Signature of a Certificate, Using Openssl

How to Attach Domain Name to My Server

I Need a Binary Comparison Tool for Win/Linux

How to Use Sysfs Inside Kernel Module

Set Cron Job for 1St Working Day of Every Month in Shell Scripting

Correct Way to Export Multiple Ld_Library_Paths

Mono and Unmanaged Code in Ubuntu

How to Have Postgresql Not Collapse Punctuation and Spaces When Collating Using a Language

Apache Port Forwarding 80 to 8080 and Accessing Applications Hosted Both in Apache (80), I.E PHPmyadmin and Tomcat (8080)

Linux/Cygwin Recursively Copy File Change Extension

How to Convert Absolute Path to Relative in C Linux

How to Make Alias Called When It's Called by a Variable

Fast Pixel Drawing Library

No Output from Iio (Character) Device Output - Iio Buffer

How to Extract Email Headers Extending on Multiple Lines from File

How to Get a Hex Color Code from a Solid-Color Image for a Script

Operand Generation of Call Instruction on X86-64 Amd


Leave a reply



Submit