In my case, ssh-keygen generated the keys inside the current directory, not into the path it claimed to generate them in. I was also following these instructions and was quite confused as well.
Remote SSH login password would be enough in this case. I can speculate that this prevents adding your public key (which is paired with encrypted private key) without knowing encryption password for corresponding private key (without owner of the keys) for better security, but... it is still just a public key.
ssh: connect to host HOSTNAME port 22: Connection refused What happens if you run the ssh command directly from the command line? Are you able to ping that machine? Does the remote has ssh installed? If installed, then is the ssh service running?
ssh has the -i option to tell which private key file to use when authenticating: -i identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is ...
With ssh -i <private key filename> you can instruct ssh to use an extra private key to try authentication. The documentation is not clear on how to explicitly use only that key.
So I tried using an SSH connection made over the HTTPS port by editing the config file ~/.ssh/config but to no avail. Host github.com Hostname ssh.github.com Port 443 Finally, I found this article which solved and exposed the real problem. # github.com Host github.com Hostname ssh.github.com ProxyCommand nc -X connect -x <PROXY-HOST>:<PORT> %h ...
The ssh command will attempt all ssh keys before asking for a password as one can see when using the -v flag. Anyway, after playing enough with SSH, I figured that you can also set up a such configuration to be specific to an ssh host.
By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it." How would you change the SSH configuration to mitigate this attack?
Typically, one runs ssh-keygen to generate a keypair on the local machine, then ssh-copy-id to copy the public key to remote machines. It seems that you are doing things differently. Why, what is your goal?
