ssh troubleshootings

Page content

Create a key pair for ssh

RSA 4096 bits

ssh-keygen -b 4096

ECDSA

ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519

Key format

Note that the commands above issue OpenSSH Format (starts with -----BEGIN OPENSSH PRIVATE KEY-----). Some SSH client can’t read this format, and in that case, append -m PEM option.

ssh-keygen -t rsa -b 4096 -m PEM

Create only a RSA private key and out the public key

openssl genpkey -algorithm RSA -out .ssh/id_rsa -pkeyopt rsa_keygen_bits:4096
chmod 600 .ssh/id_rsa
ssh-keygen -y -f .ssh/id_rsa >> .ssh/id_rsa.pub

Note: These commands just create keys, and .ssh/id_rsa.pub format is not for ssh authorized_keys.

Connection closed by {{ ip_address }}

In my case, checked PAM in /etc/security/access.conf and solved.

  • ~/.ssh: 700
  • Public keys: 644
  • Private keys: 600
  • authorized_keys: 600
  • .ssh/config: 600

Disable Host check key

When I write a simple shell script…

The authenticity of host '{{ hostname }} ({{ IP }})' can't be established.
ECDSA key fingerprint is SHA256:.....
Are you sure you want to continue connecting (yes/no)?

Add the option StrictHostKeyChecking=no.

Configure server-side SSH keys

https://linux.die.net/man/5/sshd_config

Add the lines in /etc/ssh/sshd_config:

HostKey {{ your_key }}