SSH with Certificate does not work with local client

JIKOmetrix

• March 23, 2023 09:28

Hello, I have a scenario where there are two accounts on the same server dev and live. I'm trying to create an rsync function to sync dev's public_html to the live public_html folder. In my testing I have created an SSH key pair on live using the cpanel key manager. Now the odd part. I first test the private from my desktop computer to the live account like this: ssh -i /Users/Desktop/id_rsa_dev2 -p 12345 live.user@[public-ip] This works as you'd expect. I did make sure the id_rsa_dev2 private key had permissions of 0600 and 12345 is a none-standard port. Now I go back to the server and login to the dev cpanel account and click on the terminal function from the cpanel. I have already uploaded the id_rsa_dev2 private key to .ssh in the dev account. My terminal command looks like this: [dev.user@host ~]$ssh -i /home/dev.user/.ssh/id_rsa_dev2 -p 12345 live.user@127.0.0.1 Load key "/home/dev.user/.ssh/id_rsa_dev2": invalid format live.user@127.0.0.1's password: The format has not changed. It is the same file from my desktop test that starts with "-----BEGIN OPENSSH PRIVATE KEY-----". I cannot seem to get the local server client to work with private key from the local server. Of course if i enter the live.user password it connects. However, I need this rsync to to work with our user password. Any suggestions on where to start with this? Again it works from my desktop computer without error. Thanks,

• 

  cPRex Jurassic Moderator

  • March 23, 2023 16:34

  Hey there! You'd want to move the public key to the remote location - the private key is the portion that should not be moved. According to the SSH docs, "Authorized keys are public keys that grant access. They are analogous to locks that the corresponding private key can open."

  0
• 

  JIKOmetrix

  • March 23, 2023 18:49

  Yes, correct. I need dev.user to be able to ssh into live.user. On the live.user cpanel I created a key pair. The public key is activated on live.user and remains in live.user .ssh folder. I then placed the private key in dev.user .ssh folder with 0600 permissions. [QUOTE]Can you try using the public key in the .ssh/authorized_keys file to see if that gets things working?
  I do not follow the above comment. I thought only the live.user needed to have .ssh/authorized_keys set for the public key? Are you saying the dev.user neeeds this too? Live I said, this work as expected from desktop computer connecting to live.user with private key. What does not work is going to a terminal prompt for dev.user and trying to ssh from dev,.user to live.user file space.

  0
• 

  cPRex Jurassic Moderator

  • March 23, 2023 20:47

  This is one of those (it should just work) and isn't dependent on cPanel tools as this is purely SSH. My only recommendation would be trying to create a new key and seeing if that changes the error message at all.

  0
• 

  JIKOmetrix

  • March 23, 2023 21:09

  This is one of those (it should just work) and isn't dependent on cPanel tools as this is purely SSH. My only recommendation would be trying to create a new key and seeing if that changes the error message at all.

  
  Yup, new key does same thing. I'll have mot move the dev site to the same file system account as live so they I can use rysnc without having to login. Thanks

  0
• 

  JIKOmetrix

  • March 31, 2023 15:18

  I'm going to try this SCP - Example syntax for Secure Copy (scp) and see if that will work.

  0
• 

  JIKOmetrix

  • March 31, 2023 15:31

  I get same error using scp: Load key "/home/brightro/.ssh/id_rsa_dev2": invalid format

  0
• 

  cPRex Jurassic Moderator

  • March 31, 2023 15:32

  It's time to make a ticket for this one - I'm sure once we see the system we'll be able to recommend something.

  0
• 

  JIKOmetrix

  • March 31, 2023 15:39

  Hello, okay, I'll open a ticket today.

  0
• 

  JIKOmetrix

  • March 31, 2023 16:03

  Hello, I did more googling and research on this. I found this post.

  0
• 

  cPRex Jurassic Moderator

  • March 31, 2023 17:12

  You can create a key without a passphrase - I do that all the time for migration work.

  0
• 

  JIKOmetrix

  • March 31, 2023 17:35

  You can create a key without a passphrase - I do that all the time for migration work.

  
  The cPanel ssh key manager requires a password when creating new key pairs. I'm guessing that I'd have to do this via command line?

  0
• 

  cPRex Jurassic Moderator

  • March 31, 2023 17:36

  Yes - when you create the key and it asks for the passphrase on the command line, just press enter to leave it blank.

  0
• 

  JIKOmetrix

  • March 31, 2023 17:42

  Yes - when you create the key and it asks for the passphrase on the command line, just press enter to leave it blank.

  
  Thanks. I'll try that for this project.

  0
• 

  JIKOmetrix

  • April 01, 2023 13:45

  One more comment on this topic. I had run into a situation where I had the rsync working with the ssh key via command line, but is would not execute in a perl script. I had needed the execution from a private web page interface. It turns out you have to escape the '@' symbol in the perl script to get to work or it throws an error [QUOTE]$system_call = "rsync -avz --delete --exclude-from /home/user/exclusion.txt /home/user/public_html/ -e 'ssh -p 123 -i /home/user/.ssh/id_rsa' user\@127.0.0.1:/home/user205/public_html/"; `$system_call`;
  You can see the user\@127.0.0.1 has the escaped '@' symbol.

  0

Please sign in to leave a comment.