-
-
Notifications
You must be signed in to change notification settings - Fork 576
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Bo-Yi Wu <[email protected]>
- Loading branch information
Showing
1 changed file
with
5 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -164,21 +164,22 @@ See the detail information about [SSH login without password](http://www.linuxpr | |
| * Change the permissions of `.ssh/authorized_keys2` to 640 | ||
|
|
||
| ### If you are using OpenSSH | ||
|
|
||
| If you are currently using OpenSSH and are getting the following error: | ||
|
|
||
| ```bash | ||
| ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] | ||
| ``` | ||
|
|
||
| Make sure that your key algorithm of choice is supported. | ||
| On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under | ||
| Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under | ||
| `/etc/ssh/sshd_config.d/`): | ||
|
|
||
| ``` | ||
| ```bash | ||
| CASignatureAlgorithms +ssh-rsa | ||
| ``` | ||
|
|
||
| Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: | ||
|
|
||
| ```bash | ||
| ssh-keygen -t ed25519 -a 200 -C "[email protected]" | ||
| ``` | ||
|
|
@@ -375,7 +376,7 @@ Host FooServer | |
| #### Protecting a Private Key | ||
|
|
||
| The purpose of the passphrase is usually to encrypt the private key. | ||
| This makes the key file by itself useless to an attacker. | ||
| This makes the key file by itself useless to an attacker. | ||
| It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. | ||
|
|
||
| ```diff | ||
|
|
@@ -418,25 +419,6 @@ Now you can adjust you config: | |
| ls -al | ||
| ``` | ||
|
|
||
| ## FAQ | ||
|
|
||
| ### Login with an EC2 instance | ||
|
|
||
| See the [solution](https://github.com/appleboy/ssh-action/issues/80#issuecomment-1130407377). Open the following file | ||
|
|
||
| ```sh | ||
| /etc/ssh/sshd_config | ||
| ``` | ||
|
|
||
| and add the following configuration | ||
|
|
||
| ```sh | ||
| PubkeyAuthentication yes | ||
| PubkeyAcceptedKeyTypes=+ssh-rsa | ||
| ``` | ||
|
|
||
| restart the ssh server finally. | ||
|
|
||
| ## Contributing | ||
|
|
||
| We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome! | ||
|
|
||