SSH with Certificate does not work with local client

[JIKOmetrix]

Hello,

I have a scenario where there are two accounts on the same server dev and live. I'm trying to create an rsync function to sync dev's public_html to the live public_html folder. In my testing I have created an SSH key pair on live using the cpanel key manager. Now the odd part.

I first test the private from my desktop computer to the live account like this:
ssh -i /Users/Desktop/id_rsa_dev2 -p 12345 [email protected][public-ip]

This works as you'd expect. I did make sure the id_rsa_dev2 private key had permissions of 0600 and 12345 is a none-standard port.

Now I go back to the server and login to the dev cpanel account and click on the terminal function from the cpanel. I have already uploaded the id_rsa_dev2 private key to .ssh in the dev account. My terminal command looks like this:

[[email protected] ~]$ssh -i /home/dev.user/.ssh/id_rsa_dev2 -p 12345 [email protected]
Load key "/home/dev.user/.ssh/id_rsa_dev2": invalid format
[email protected]'s password:

The format has not changed. It is the same file from my desktop test that starts with "-----BEGIN OPENSSH PRIVATE KEY-----". I cannot seem to get the local server client to work with private key from the local server.

Of course if i enter the live.user password it connects. However, I need this rsync to to work with our user password.

Any suggestions on where to start with this? Again it works from my desktop computer without error.

Thanks,

 

[cPRex]

Hey there! You'd want to move the public key to the remote location - the private key is the portion that should not be moved. According to the SSH docs, "Authorized keys are public keys that grant access. They are analogous to locks that the corresponding private key can open."

What is an SSH Key? An Overview of SSH Keys

An SSH key is an access credential in the SSH protocol. SSH keys authenticate users and hosts in SSH.

www.ssh.com

Can you try using the public key in the .ssh/authorized_keys file to see if that gets things working?

 

[JIKOmetrix]

Yes, correct. I need dev.user to be able to ssh into live.user.

On the live.user cpanel I created a key pair. The public key is activated on live.user and remains in live.user .ssh folder.

I then placed the private key in dev.user .ssh folder with 0600 permissions.

Can you try using the public key in the .ssh/authorized_keys file to see if that gets things working?

I do not follow the above comment. I thought only the live.user needed to have .ssh/authorized_keys set for the public key? Are you saying the dev.user neeeds this too?

Live I said, this work as expected from desktop computer connecting to live.user with private key.

What does not work is going to a terminal prompt for dev.user and trying to ssh from dev,.user to live.user file space.

 

[cPRex]

This is one of those (it should just work) and isn't dependent on cPanel tools as this is purely SSH. My only recommendation would be trying to create a new key and seeing if that changes the error message at all.

 

[JIKOmetrix]

This is one of those (it should just work) and isn't dependent on cPanel tools as this is purely SSH. My only recommendation would be trying to create a new key and seeing if that changes the error message at all.

Yup, new key does same thing.
I'll have mot move the dev site to the same file system account as live so they I can use rysnc without having to login.
Thanks

 

[JIKOmetrix]

I'm going to try this SCP - Example syntax for Secure Copy (scp) and see if that will work.

 

[JIKOmetrix]

I get same error using scp:

Load key "/home/brightro/.ssh/id_rsa_dev2": invalid format

 

[cPRex]

It's time to make a ticket for this one - I'm sure once we see the system we'll be able to recommend something.

 

[JIKOmetrix]

Hello,

okay, I'll open a ticket today.

 

[JIKOmetrix]

Hello,

I did more googling and research on this. I found this post.

SSH Suddenly returning Invalid format

So a while ago I set up a server on AWS, and used their generated SSH key. I saved the key to Lastpass, and have successfully retrieved it from there before, and got it working. However, after trying

serverfault.com

There is a comment in there, "you may only be missing a trailing newline".

So I opened my keys that I downloaded from cPanel key manager directly and added the newline after the '-' in the file.

The keys work now. No error.

However, the key does ask for a "Enter passphrase for key".

Can you make a key with out a passphrase? I want this to be automated with out user intervention.

 

[cPRex]

You can create a key without a passphrase - I do that all the time for migration work.

 

[JIKOmetrix]

You can create a key without a passphrase - I do that all the time for migration work.

The cPanel ssh key manager requires a password when creating new key pairs.

I'm guessing that I'd have to do this via command line?

 

[cPRex]

Yes - when you create the key and it asks for the passphrase on the command line, just press enter to leave it blank.

 

[JIKOmetrix]

Yes - when you create the key and it asks for the passphrase on the command line, just press enter to leave it blank.

Thanks. I'll try that for this project.

 

[JIKOmetrix]

One more comment on this topic.

I had run into a situation where I had the rsync working with the ssh key via command line, but is would not execute in a perl script. I had needed the execution from a private web page interface. It turns out you have to escape the '@' symbol in the perl script to get to work or it throws an error

$system_call = "rsync -avz --delete --exclude-from /home/user/exclusion.txt /home/user/public_html/ -e 'ssh -p 123 -i /home/user/.ssh/id_rsa' user\@127.0.0.1:/home/user205/public_html/";

`$system_call`;

You can see the user\@127.0.0.1 has the escaped '@' symbol.