Make it clearer what should be provided in the SSH access control field: "simply" the content of any .pub ssh key file

Question

Make it clearer what should be provided in the SSH access control field: "simply" the content of any .pub ssh key file

jerabaul29 opened this issue 3 years ago · 5 comments

I used to be able to connect to ssh quite easily - the "Nextbox app" > "SSH access control" thing used to be a simple button to press and I was getting a SSH private key to copy and use.

Now it looks like the way to do this has been changed - I see the "Currently SSH access is deactivated! To get access to your NextBox via SSH, please provide a public key suitable for SSH's authorized_keys file." There is also a quite cryptic explanation about how this should be done in the line where the data should be entered: " @ (ssh format public key)".

I have been trying for at least one hour to get this to work, writing different combinations of "ssh-rsa MY_SSH_PUBLIC_KEY SOME_USER@nextbox", but it does not seem to work - when I try to ssh, I always get asked for a password instead for the passphrase of my ssh key.

Any idea what can go wrong? Do you have some example of what kind of input is expected / some better or more detailed instructions? Would it be possible to have a more user friendly way to set up the SSH connection - like simply ask for the "classic" SSH public key file and that would be enough?

Answer 1 · 2022-01-23T11:27:55.000Z

Sorry, solved this, I was just being stupid: I was trying to use a gpg key not a ssh key... Stupid mistake. Copying the content of a ~/.ssh/SOME_KEY.pub into the input field works perfectly :) .

Wonder if this could be made a bit clearer for the user; something like adding in the web interface "for example, copy verbatim the content of any public key in your ~/.ssh/SOME_KEY.pub```. Would help avoid stupid user mistakes like mine :) .

Answer 2 · 2022-01-23T11:29:04.000Z

(another thing is that the user and host used in the key does not play any role; of course a posteriori this is obvious, but when banging my head on it not working I was thinking maybe this played a role and trying many combinations of user and hostname without success).

Answer 3 · 2022-01-24T20:09:39.000Z

this is already explained in the FAQ: https://docs.nitrokey.com/nextbox/faq/software.html

Answer 4 · 2022-01-24T20:16:06.000Z

It was not super clear to me, but probably only because I am still part n00b. May be useful to have it explained directly in the we interface.

Answer 5 · 2022-01-24T20:26:07.000Z

No problem, the faq just states quite literally: cat ~/.ssh/id_rsa.pub that's why I quote it.
But apart from that, I am not very keen to do too much hand-holding for the ssh access (like doing step-by-step directly inside the frontend)... The simple reason is:

If someone as a user has trouble understanding this line in the FAQ and or what is actually needed there - I would also not suggest to use ssh on the NextBox either. If someone needs a playground use: docker run -it debian bash a productive system is not a playground for first ssh/console/linux experiences