ssh-keys management

[ItsOnlyMe]

Hi,

Related to https://docs.directadmin.com/changelog/version-1.55.0.html#ssh-keys-management-skins . When a user wants to add a ssh-key via :2222/evo/user/ssh-keys/authorized they run into an error:

invalid RSA comment

This was when trying to add the following key:

ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAC97nKdNYcrBYyjefNgiF80v18GPpNTDJ82nvQCKt3d2CiH34gQ9CmweJgtsXc3osDQ3Ls8pKUHc7q6tOTO+Qi57gGByzA477mUX3UPlWpLi9nIh7CKcL9RuTMyyjzWx4BGwUVR6eNmBmj9mjKQ+nAxLq3RBgnpz++eHJXpckHiJIcMjw== [email protected]

However, when adding this key: it works

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnx2+lFQxiDSP4HeXV4YMzYXSqlUayj/DQgc8fe89b/inkRa8r7VjjQFjEb4qjyECQIx6g8qg+lk3LGkX4KNs681YuK2+6cMf8IbOGbcNYg41c+t4GfAaALDWmpD0bKqWvSNU2pMXLfQYqg1w2OYykOTH3Vma+/h3PouJqQ4cgGJpDaqywwMV8z0DhZ4Pc1RRyCoCJD9B5yJ5GR46VXv4nLvWwFKZ8Zl8HrEPO1WarJiOb1Wp6xZ7qwYVipx+ldkHB6+U4YSZ+NpyVEfAHXu6difg2X0cN+R3B7azrWJY1lsue4rJJqKi7wBjxTfvnX1HY8ullvhNFl+RW12uCxeZ [email protected]

I know the ECDSA key is correct since i also use this for my other day to day login on all other servers. How come we can not add the newer type of keys to the server via directadmin as a user?

Can this "module" be updated to we can add newer keys to the system?

 

[sysdev]

What could go wrong if you post your ssh-key you use for all of your logins.... Just wondering...

 

[zEitEr]

What could go wrong if you post your ssh-key you use for all of your logins.... Just wondering...

Can you create a private key from a public one?

 

[ItsOnlyMe]

Can you create a private key from a public one?

You can't

 

[zEitEr]

Can this "module" be updated to we can add newer keys to the system?

I can confirm the issue. A validator of DirectAdmin allows the following types of a key:

- ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384

but does not allow ecdsa-sha2-nistp521

 

[sysdev]

Can you create a private key from a public one?

No, that would be 'fun' (well, maybe with willow), but I just wouldn't use a single ssh key on a macbook to access all my servers because hackers don't need keys if they can snatch/compromise/malware the macbook with them on it.

There's a huge difference between how to deal with ssh access from a management point of view compared to a users pov.
It's way too off-topic for now, I think, so sorry in advance.

Ssh-keys are safe, but also easy. Use them safe, not easy, simply because you don't want to remember a password.
If you use them 'easy', all 1 piece of malware in a " .sh, cool prog, nice pdf" is required to cat your history file, grep the ssh logins and awk them to a scp-copy-id to add their own ssh key to all your servers.

Just a reminder that a single compromised user is bad.... but for that user only and likely their own responsibility too. A compromised infra is often harder to explain.

 

[Richard G]

Ssh-keys are safe, but also easy. Use them safe, not easy, simply because you don't want to remember a password.

Exactly the reason I have a password on mine. If they get stolen it might be able to compromise servers. If they now get stolen, they still have to find out the password, which is by the way also not the easiest one.

 

[DrWizzle]

Exactly the reason I have a password on mine. If they get stolen it might be able to compromise servers. If they now get stolen, they still have to find out the password, which is by the way also not the easiest one.

Same here. There's a saying, "A hat on a hat" which I like, but unlike that, these sort of SSH keys for the server are to me "A password on a password" with a passworded key. Nothing's infallible, but I love the fact you can password protect your private keys. Very smart move.