Thread Info
  • Locked Locked
  • Replies 0 replies
  • Subscribers 5 subscribers
  • Views 4262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSH Public Key Configuration Tips, Tricks and Traps

SamFickling

While the official Sophos article does a reasonable job of explaining the overall process of setting up SSH / Shell access using a RSA key pair, there are a number of additional details which are not obvious, yet must be correct to in order to successfully complete this setup process.

These have tripped me up on more than one occasion so I thought I'd share them to save others time and frustration in future.

 

Errors

If you get the error 'Removing 1 invalid element(s) '<key entry>' from the list', when trying to add a public key to the firewall, you may have failed to observe one of the required details:

 

Key Format

The RSA key must be in the following format when entered into the firewall:

ssh-rsa <RSA Public Key> [comment]

For example:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAA3t....{Shortened}....5+iYAUnicSJqOOD+viGfq9xFQ== Sam's Key

 

Notes:

- The 'ssh-rsa' is case sensitive and is compulsory

- There must be a single space between 'ssh-rsa' and the start of the key

- There must be at least one space between the key and the start of the comment

- The comment is free form and may contain spaces and special characters and is optional (but useful, see below)

- While I can't confirm if this is the case for all keys, every key I've seen ends with '=='

 

Invisible Characters

In its native form straight from the putty key generator, the public key contains a number of hidden / invisible characters.

Here is what the key file looks like when viewed in Notepad++ (enable viewing of invisible characters via the 'View / Show Symbol / Show All Characters' menu option)

There is no way to view these invisible characters in Notepad and in some cases they can be included with the key, causing issues.

Using Notepad++ or a text editor which you can view invisible characters in is recommended to check your text for unwanted characters before adding it to the firewall.

 

If your entered key looks like this once you hit 'apply', you have invisible characters in your key text:

A clean, correct key should look like this:

Note that the comment now becomes a useful indicator as to which key belongs to who.

 

If In Doubt

If in doubt, remove any spaces present in the entered key text and re-enter them.  Sometimes special characters show as spaces in the web UI.

 

Hopefully this helps someone out in future!



This thread was automatically locked due to age.
Unfiltered HTML