Kimsufi - Add SSH keys to Kimsufi Manager

## Kimsufi - Add SSH keys to Kimsufi Manager

----------
WarAuraNetwork
26/07/2015, 00h02
Hi,
thank you for your very extensive guide. Sadly, when I try to select RSA on the menu type of thing at the top containing the X, RSA, DSA and ECDSA I am only able to highlight the text and not select anything. What am I doing wrong? I have tried with Safari and Google Chrome and have tried using the German and English interface version. My PC is running Mac OSX.
Best Regards,
Miles

EDIT:
Sorry, I did not read correctly... I copied too much of the code... Just ignore my post.

----------

mstaerker
27/12/2014, 23h10
Hi,

I followed your excellent manual to the letter, yet somehow it doesn't seem like the rescue-pro netboot feature would use the ssh key, that I provided via the kimsufi-manager web interface.. which is a rather odd thing IMO.

Maybe there is a limitation on the pubkey format in the OVH interface.. after all exactly the same pubkey worked via ssh on the command line.

Regards,

----------

mstaerker
janus57
18/06/2014, 13h35
Citation Envoyé par heise

"THX, I updated the tutorial."

Hello,

we got the same problem in French forum and Fabian (KS Staff) give us de details to work, so let's share the "trick" with you

Cordially, janus57

----------

heise
18/06/2014, 12h58
THX janus57 & Fabian, I updated the tutorial.

----------

janus57
18/06/2014, 12h20
Hello,

i'm french, so sorry if my english is "bad".

"PS. You can also do this with putty
Start PuTTYgen
Choose SSH-2 RSA key with 2048 bits
Press generate
Optional choose a password"

You "need" to add this step

"change the name of your key in PuTTYgen ("Key comment" in PuTTYgen) to match a pattern like server@example
If your "Key comment" don't match a pattern like server@example the "Confirm" button in Kimsufi manager will remain gray and you can't confirm your SSH key."

EDIT :
The pattern can be

"somthing@anything"

or

"foo@bar"

But it must be a @ in your "Key comment" in PuTTYgen.

Cordially, janus57

----------

heise
17/06/2014, 23h05
The idea of SSH keys is that you can create two cryptographic keys that work as counterparts of each other. One key is called the private key and one is called the public key.

If Alice homecomputer wants to ssh into the server of Bob, Alice needs to create the private and public keys with the command

Code:

ssh-keygen -t rsa

This will create 2048 bit keys. Alice will keep her private key on her computer and give Bob the public key. As long as Bob has Alice public key in a special directory, Alice will be able to ssh into Bob's server without entering a password. So much for the theory.

With the help from https://www.digitalocean.com/communi...p-ssh-keys--2:

The generation of a public/private key pair looks like this. When asked any question, just press enter. You can chose a password for added security.

Code:

[user@PC ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
4b:e5:ef:02:b0:c9:31:71:8c:ab:5c:19:22:ec:bc:2f user@PC
The key's randomart image is:
+--[ RSA 2048]----+
| . o |
| o . + o |
| o . . * . |
| o B o |
| o + *S . |
| . o +... . |
| . .. . |
| E . .. |
| . .. |
+-----------------+

To add your public key to Kimsufi rescue mode, you have to deposit your public key in the Kimsufi manager. Go to "ssh keys" in your Kimsufi Manager:



Now execute "cat ~/.ssh/id_rsa.pub"
Code:

[user@PC ~]$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1MGM83F/OaVhQh6ZFXltaiuvhI7/7p0+B7LVRxHPhuDjEELZeyQuEq8uJn2cihfnM/g5Z8WJKB3fDM6wyxiJc7PvK8O16wEJrfKwpuqtpphPAzgf/VGjkgWNsV0x99Bq3XdHC7JPLPciwtsgyKFVj60/b/oVdAglopL++I0VpUw0cRaGaIQoT3eB4oFrdLvNyQPmzW5uMNEZxxd87TFOToplV6Sb1aHnuejCDRr68AAyT5T7YaqspgF9blUHxB1gbT7Cs8rgza4ua03S+cUi9DUxRaf7cQRV3VxKN6Ux4PiUzqDvmUU21d+ZcvQKLuu4Ok/TPL5ORXPnE4Nf3sANPw== user@PC

Mark with the mouse from "ssh-rsa" until "user@PC" and choose "Edit" and "Copy" from the terminal menu.

Select "Add new SSH key", choose a name for that ssh key and paste the public key into the area called "key".



Confirm and you are done:



When you boot into rescue mode you will not be asked to enter a password any more, if you use the computer and user account you created the public/private ssh keys with.

When you boot into rescue mode from a computer, that does not have your private ssh key, you will be asked a password, but you will not be able to log in. You will need to ssh with your private key into your server in rescue mode and set a password for the rescue mode with "passwd" as root. Note this password only lasts until you reboot.



In case of Alice and Bob, Alice would send her public key with the following command to the computer of Bob:
Code:

ssh-copy-id user@123.45.56.78
or

cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 "cat >> ~/.ssh/authorized_keys2" #depending on your linux
or
cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 "cat >> ~/.ssh/authorized_keys" #depending on your linux

If you use ssh keys, you can disable password login with these settings in "/etc/ssh/sshd_config"
Code:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no




Troubleshooting:
Make sure "~/.ssh" has rights 700 on both computers and is owned by the user.
Make sure "~/.ssh/known_host" has rights 644 on both computers and is owned by the user.
Make sure "~/.ssh/id_rsa" has rights 600 on both computers and is owned by the user.
Make sure "~/.ssh/id_rsa.pub" has rights 644 on both computers and is owned by the user.
SSH keys needs to switch boot to HDD, boot from HDD and then switch to rescue mode to get activated.






PS. You can also do this with putty
Start PuTTYgen
Choose SSH-2 RSA key with 2048 bits
Press generate
Optional choose a password
Save the public key and the private key
Now copy the public key starting from ssh-rsa AAAA and paste it into the Kimsufi Manager
It will look like this: http://www.directupload.net/file/d/3...6bmfo3_png.htm
Thanks to "janus57" you need to do some modification. Replace the part starting with "rsa...." with something like user@domain. In this example exchange "rsa-key-20140419" with "user@domain" or "foo@bar", etc.

In putty create a server profile
Under the SSH sub-category, Auth sub-category you find the place to add your private key to putty. Use the Browse button to select you private key

Enter a name for this profile and save it
Now you can use putty without the need to enter a password

----------
**https://docs.ovh.com/fr/dedicated/creer-cle-ssh-serveur-dediees/**