Add SSH key before deploying OS image?
Hi all,
Some VPS admin interfaces offer to insert an SSH key on the deployment page.
I figured I'd paste my public key here, to be able to log in afterwards.
So far, I have never been able to do so. Switching to password login and uploading my key manually, it does work.
I don't know the names of the different admin options; today I ran into the problem on Abdullah's Webhorizon in NL. After deployment, there is an entry for SSH keys, but I can't log in with keys:
screenshot of admin interface (sorry, my image embedding-fu is flaky).
Besides, there is a 'sharing' option, with an acces--token box.
Picture of 'sharing' tab with 'grant access' button
Other than asking around, is there a generic way to figure out which admin interface a VPS provider is running?
Comments
nevermind, didn't read fully.
Free NAT KVM | Free NAT LXC | Bobr
ITS WEDNESDAY MY DUDES
WebHorizon uses VirtFusion, and there is no issues with SSH public key functionality. Are you sure you have copied the right thing?
Check our KVM VPS (flags are clickable): π΅π± πΈπͺ | Looking glass: π΅π± πΈπͺ
Maybe it's like a line end or some crazy tab-space-white char at the end/start and it's getting copied/not depending where/how you paste it?
What does the ssh logs says if you try to use that deployment page?
Turn on the debug logs in ssh(d) and see if that logs any complains about the key.
Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
I have multiple services from them and that functionality works fine.
I guess you are pasting a malformed SSH key.
Hi, thanks for your suggestions!
By no means I intended to imply the functionality was broken. In various admin interfaces, I just never have been able to make use of it, so I am quite sure indeed that I misunderstand how it is supposed to work.
Most probably, though I usually check the start and end to see they look the same. A space would go unnoticed at the end, but for the start of the string I usually use the home-button to check the cursor is at the first character.
What I do:
cat ~/.ssh/id_rsa.pub
(or id_ed25519.pub, depending on the case)ssh-rsa AAAAB3NzaC1....qP= username@host
AAAAB3NzaC1....qP=
bit in the box reserved for the SSH key on the VPS admin pageusername
I try to log in from hosthost
over SSH to my VPS with root@vps (either domain or IP)root@vps: Permission denied (publickey).
ssh -v
shows that SSH is checking both keys,debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:pUgXalgQ...
....
debug1: Offering public key: /home/user/.ssh/id_ed25519 ED25519 SHA256:3eYAz...
...
but neither of them is accepted.
-- edit, made a mess of markup
server-side logs, not client side
Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
Wait, why did you dropped the
ssh-rsa
? You need that, so you should copy paste the whole thing/line, even withusername@host
which is a comment, not a username or host you connecting to/from.Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
Exactly needs to know what kind of key it is
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Ah, yes... Those started to look up after logging in with a password, but it turns out I'm not able to reset the root password, since on deployment I disabled password logins for this instance :-P
The VirtFusion does seem to offer enable/disable password logins on deployment, and to reset passwords on an instance that has passwords disabled, only to come up with a 'task was doomed' notification on password reset.
Ah, that explains: I thought the algorithm was encoded in the first characters of the key string. Yes, I dropped those bits.
After trying that as well (copying the whole line and checking for copy/paste errors) for the RSA key as well as for the ED25519 key, I let the system generate me a new keypair. I put the (full) generated text (--- BEGIN .... END etc--) in the corresponding key file in the users' ssh directory. Still no go.
I'll redeploy the image (bog standard Debian 12), this time with a correct string for the key and password login enabled, so I can check what's happening at the server's end.
I'll come back to post the results. If you got a tip beforehand, let me know ;-)
Two observations that escaped my attention before:
I went with a new keypair, waited a full 30 seconds for the server to install, and... Bingo! It works :-)
I'm not looking forward to resetting/recreating private keys every once in a while I deploy a server, so I'm on my way destroying this installation and retrying with my own public key.
OK, great! It works :-)
I reinstalled, and gave the whole line to the public key field in the admin interface.
Thank you all for your patience and guidance. For the next time I'll remember: copy the full public key line
This has already been resolved,,,
but in another case, older versions of ssh clients and newer OSes may cause login attempts using public keys to fail. For example: Tera Term 4.106 and earlier. Recently improved Tera Term 4.107 and TeraTerm 5.0 has been released.
BALLOON | FU-SEN from Japan - You may know me from other places...