Ping a Specific Port

Question

aaa90210

Asked: 2018-04-03 14:54:02 +0800 CST2018-04-03 14:54:02 +0800 CST 2018-04-03 14:54:02 +0800 CST

How to tell SFTP which public key to use?

772

SFTP has an option "-i" to set the private key to use for public key authentication. However, there does not appear to be an option for which matching public key to use. Surely it must need this to tell the server which public key to use for the challenge.

Why is this and how does it work?

2 Answers

Voted

Zoredache · Answer 1 · 2018-04-03T16:57:38+08:00

First the file for the 'private' key contains all parts of your key. Both the public and private parts. If delete the local copy of your public key you can simply re-create it from the file that contains the private key. You can see everything for a RSA key with openssl rsa -in filename.id_rsa -text. So you never really need to identify the 'public' portion of a keypair when you have the private key. The private key has all the information.

As for the server authenticating the client. The server isn't encrypting something against the public keys. It is happening the other way. The client sends some information with a signature signed by the private key. The server can verify this using the public keys that it knows about.

https://www.rfc-editor.org/rfc/rfc4252

   To perform actual authentication, the client MAY then send a
   signature generated using the private key.  The client MAY send the
   signature directly without first verifying whether the key is
   acceptable.  The signature is sent using the following packet:

      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name
      string    service name
      string    "publickey"
      boolean   TRUE
      string    public key algorithm name
      string    public key to be used for authentication
      string    signature

   The value of 'signature' is a signature by the corresponding private
   key over the following data, in the following order:

      string    session identifier
      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name
      string    service name
      string    "publickey"
      boolean   TRUE
      string    public key algorithm name
      string    public key to be used for authentication

JohnA · Answer 2 · 2018-04-03T14:56:03+08:00

JohnA

2018-04-03T14:56:03+08:002018-04-03T14:56:03+08:00

The public key to use is set in the authorized_keys file for the user account on the server to which you connect. It is not set in the client.

https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process

is a good read for how this works.

0

How to tell SFTP which public key to use?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?