Hello Guest, if you are reading this it means you have not registered yet. Please take a second, Click here to register, and in a few simple steps you will be able to enjoy our community and use our OpenViX support section.
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21

Thread: Engima2 enable ssh key access only

  1. #16

    Title
    Junior Member
    Join Date
    Apr 2017
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Alankellyeire View Post
    hey bud i got it working. your method was right and no need to convert the key. i think that i was copying and pasting the key in manually instead of just catenating the file with the key was my issue. i never had an issuing doing it before but thats the only difference between now and my previous attempts.

    i cant believe it. it is the exact same as openssh and here was me about to pull out my last few hairs.

    here are the commands i used in case someone else is having trouble.

    generate key on your client
    Code:
    ssh-keygen -t rsa
    transfer the public key to ur enigma box using secure copy
    Code:
    scp ~/.ssh/id_rsa.pub root@<BOX-IP>:/home/root/.ssh/id_rsa.pub
    catenate the authorized_keys file with the public key. if there isnt a authorized_keys file make it.
    Code:
    cat ~/.ssh/id_rsa.pub >> /home/root/.ssh/authorized_keys
    add the no password option below to the dropbear config file. use the text editor vi.
    Code:
    DROPBEAR_EXTRA_ARGS="-s"
    now restart dropbear
    Code:
    /etc/init.d/dropbear restart
    For several months I have been successfully logging into openpli/openatv via ssh key. When I want to log in now, I can see it
    Code:
    Unable to negotiate with 10.8.0.102 port 22: no matching host key type found. Their offer: ssh-rsa
    I changed the version. OS from Linux Mint 19 to Linux Mint 21. But I did not change the SSH key.

  2. #17
    birdman's Avatar
    Title
    Moderator
    Join Date
    Sep 2014
    Location
    Hitchin, UK
    Posts
    7,771
    Thanks
    235
    Thanked 1,656 Times in 1,305 Posts
    Quote Originally Posted by jany View Post
    For several months I have been successfully logging into openpli/openatv via ssh key. When I want to log in now, I can see it
    Code:
    Unable to negotiate with 10.8.0.102 port 22: no matching host key type found. Their offer: ssh-rsa
    I changed the version. OS from Linux Mint 19 to Linux Mint 21. But I did not change the SSH key.
    That will be a later version of OpenSSH that no longer uses rsa by default.

    You can either configure ssh on your Mint system to negotiate rsa (can be done on a per-remote host basis - I have details if needed) or, much better, switch to using ecdsa keys.
    MiracleBox Prem Twin HD - 2@DVB-T2 + Xtrend et8000 - 5(incl. 2 different USBs)@DVB-T2[terrestrial - UK Freeview HD, Sandy Heath] - LAN/USB-stick/HDD

  3. #18

    Title
    Junior Member
    Join Date
    Apr 2017
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I used this procedure and now everything works.
    Code:
    nano ~/.ssh/config
    Code:
    Host *
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedKeyTypes +ssh-rsa
    thanks

  4. #19
    birdman's Avatar
    Title
    Moderator
    Join Date
    Sep 2014
    Location
    Hitchin, UK
    Posts
    7,771
    Thanks
    235
    Thanked 1,656 Times in 1,305 Posts
    Quote Originally Posted by jany View Post
    I used this procedure and now everything works.
    Which is telling your client to accept what are now considered to be insecure keys (from any remote system) when it doesn't need to.

    Just generate ecdsa ones and put them in place.
    MiracleBox Prem Twin HD - 2@DVB-T2 + Xtrend et8000 - 5(incl. 2 different USBs)@DVB-T2[terrestrial - UK Freeview HD, Sandy Heath] - LAN/USB-stick/HDD

  5. #20

    Title
    Junior Member
    Join Date
    Apr 2017
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Can you be specific please?
    Do I need to do this?
    Code:
    ssh-keygen -t ecdsa -b 521 -C "mail@example.com"
    Code:
    ssh-copy-id -i ~/.ssh/id_ecdsa [username]@[hostname]

  6. #21
    birdman's Avatar
    Title
    Moderator
    Join Date
    Sep 2014
    Location
    Hitchin, UK
    Posts
    7,771
    Thanks
    235
    Thanked 1,656 Times in 1,305 Posts
    Quote Originally Posted by jany View Post
    Can you be specific please?
    Do I need to do this?
    Code:
    ssh-keygen -t ecdsa -b 521 -C "mail@example.com"
    Code:
    ssh-copy-id -i ~/.ssh/id_ecdsa [username]@[hostname]
    Yes.
    Although whether you need to go for a 521 key length is up to you.
    MiracleBox Prem Twin HD - 2@DVB-T2 + Xtrend et8000 - 5(incl. 2 different USBs)@DVB-T2[terrestrial - UK Freeview HD, Sandy Heath] - LAN/USB-stick/HDD

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.