sftp icon indicating copy to clipboard operation
sftp copied to clipboard

Published 20 hours ago verified publisher icon atmoz

[Help wanted] Can't connect using generated own SSH host key

Open telekosmos opened this issue 5 years ago • 5 comments

Hi I've followed the instructions in Readme (https://github.com/atmoz/sftp#providing-your-own-ssh-host-key-recommended) to connect using generated SSH host key without providing password. So, the procedure was just like follows:

ssh-keygen -t rsa -b 2048 -f ./ssh_host_rsa_key_2048 < /dev/null ssh-keygen -t ed25519 -f ./ssh_host_ed25519_key < /dev/null

then

docker run -v /Users/<user>/tmp/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key:ro -v /Users/<user>/tmp/ssh_host_rsa_key_2048:/etc/ssh/ssh_host_rsa_key_2048:ro -v /Users/<user>/tmp:/home/foo/tmp -p 2222:22 -d atmoz/sftp:latest foo::1001

but then I try to sftp and

$ sftp -P 2222 -i ./ssh_host_rsa_key_2048 -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null [email protected]
Warning: Permanently added '[<my-host-ip>]:2222' (ED25519) to the list of known hosts.
[email protected]'s password:

dunno why.

Docker logs:

$ docker logs 85a1ab100cdf -f
[/usr/local/bin/create-sftp-user] Parsing user data: "foo::1001"
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:2GD4M0tlNu6hW+wap7DVTSo6jdjNbF5DGsk/R6bh88I root@85a1ab100cdf
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|     .           |
|    . o =        |
|     + X .       |
|      X S +      |
|     . # X       |
|   o.*B./ o      |
|  . +=*XE*       |
|    o+=....      |
+----[SHA256]-----+
[/entrypoint] Executing sshd
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
Connection closed by 172.17.0.1 port 46960 [preauth]
Connection closed by 172.17.0.1 port 46962 [preauth]
Connection closed by 172.17.0.1 port 46964 [preauth]
Connection closed by 172.17.0.1 port 46966 [preauth]
Failed password for foo from 172.17.0.1 port 46968 ssh2
Failed password for foo from 172.17.0.1 port 46968 ssh2
Connection closed by 172.17.0.1 port 46968 [preauth]
...

I double checked with one of my mates but we didn't see anything despite I'm sure I'm forgetting something.

So, anything wrong above??? Any help is appreciated.

telekosmos avatar May 27 '19 15:05 telekosmos

Did you protected your hostkey with a password? If so this might be the reason. (was it for me)

iseec avatar Jun 12 '19 09:06 iseec

@epandasa you mean protect the key with a passphrase when generating with ssh-keygen? if so, no, I took care not to add further complications in this stage...

telekosmos avatar Jun 12 '19 10:06 telekosmos

yeah thats what i meant.

you might have to place your key for the authentication in /home/foo/.ssh/keys/ (inside the container)

iseec avatar Jun 12 '19 10:06 iseec

Hey @telekosmos ssh_host_rsa_key_2048 is a host (servers') key, you cannot use it for login.

chandanchowdhury avatar Jul 17 '19 23:07 chandanchowdhury

Hello @telekosmos, maybe the docs are incorrect. Can you mount the public key instead of the private key? I think it should work.

-v <host-dir>/ssh_host_ed25519_key.pub:/home/foo/.ssh/keys/ssh_host_ed25519_key.pub:ro

vancodocton avatar Jul 31 '23 09:07 vancodocton