romain145
Reputation: 13
SSH authenticate with public key (not private key)
Is it possible to connect to a server using a public key? The server holds the private key in authorized_keys, and the client can connect with:
ssh -i id_rsa.pub server
It is the exact opposite as the usual way with public/private keys: the client keeps the public key, and the server holds the private key.
Now the reason: For machines being deployed to customers, I want to setup a remote connection to rescue the machines in case of problems.
- the machine initiates a reverse SSH connection to the rescue server: connect using the public key (the same on all the machines:
ssh -i id_rsa.pub -NR 64000:localhost:22 rescue@server) - the machine opens a channel, but cannot execute commands (prompt
/bin/false) - on the server, do a SSH to the machine through the open channel and authenticate with the private key (the usual way:
ssh -i id_rsa -p 64000 localhost).
Upvotes: 0
Views: 1611
Answers (1)
Jakuje
Reputation: 25926
You can't use keys to authenticate in opposite order of private/public, because of the way how asymmetric cryptography works.
The alternative solution for you can be to use openssh certificates as described in manual pages and many how-to's.
Upvotes: 1
Related Questions
- Generate public ssh key from private key
- SSH.NET Authenticate via private key only (public key authentication)
- Setup SFTP to use public-key authentication
- Remove publickey from ssh login
- How to login ssh server without giving password using private/public key- imported-openssh-key
- Server with ssh public key authentication with libssh
- SSH without password between servers using public keys
- Public key ssh login from windows
- PHP SSH2 Authenticiation With Public Keys