If I try to use a SSH key in the format of ed25519 it tells it's invalid:
Jelastic version: 5.7
Does Jelastic team plan to support such ssh-key format in the future?
Yes, we're going to add ed25519 keys support. Delivery time is undefined and subject to change based on the requests, so push your hosting provider to get ed25519 support sooner.
Related
from the dev document, i got that opengauss support several encryption type for cleint authentication:
md5
sha256 (as default)
local is a Unix domain socket. host is a common or SSL-encrypted TCP/IP socket. hostssl is an SSL-encrypted TCP/IP socket. hostnossl is a TCP/IP-only socket.
authmehod-options is an optional parameter. Value range:
As i know that md5 is not safe enough?
so why opengauss still support it, which authentication encryption type is recommanded ?
Use MD5 only for compatibility with legacy applications and data.
Sha256 is recommanded.
for your question, i guess openGauss have to sovle compatibility issue.
that is there are many old version deploying in customer's env, they may use the md5 encryption type.
so that openGauss can not delete the type directly.
then use sha256 authentication encryption as default for secure;
use md5 for compatibility, but better make sure use it in trusted network.
So I am interacting between OpenSSL and the BCrypt functions on windows. I am writing an app in QT and can only use BCrypt for client side and OpenSSL on the server side. I have successfully done a DH key exchange the only issue I am having is how would I manage to derive a AES 128 key from a shared secret. The code I am using for the AES 128 encryption is https://github.com/Microsoft/Windows-classic-samples/blob/master/Samples/Security/CipherEncryptionDecryption/cpp/CipherEncryptionDecryption.cpp where I pass the spassword as sha1 of the shared secret.
the code on the PHP server side that I am using is:
echo bin2hex(openssl_pbkdf2(sha1($shared_secret), $salt, $keylen, $iterations, 'sha256'));
The iterations, salt, and everything matches on the client & server side. However the results do not match. What is the reason for this?
You seem to be mixing sha1 and sha256:
...sha1($shared_secret)...'sha256'...
I'm using an SFTP with my service to download some files which are integral to our functionality.
After this commit to the golang/x/crypto packgae, my key no longer works.
Considering the commit message, ssh: reject unsupported DSA key sizes, it would seem that the key now breaks that new validation. However, the error I get is ssh: no key found.
The key is read from $ ssh-keyscan euftp.morningstar.com, so I'm puzzled if it's not valid.
This is the public DSS / DSA key I'm using:
euftp.morningstar.com ssh-dss AAAAB3NzaC1kc3MAAAEBAJgHdansQ87KIX8tEj8U0tEIUpU0UJ98V/A8hF+Fv/F2zX7yq7zOQrg+RKd2M4OJPaYZ+KVF4o5XmGe3cGNggBZTUaIhYIVhjRw4EAjyf/CmLDso1sWy48GUXoapBVbzMxVzs4xkeHN4UJgsHvANKo5PFIC/A4hNPy9AxbqlS2h4pg3/Ritzz70y0wP6f6y3h60MK87UEayGms6FbdYmGf/DGXljRsVrEBZYyrEj7oPEUpH07y2+XeYRpyeG+2llstMRF6xuaq088zLT//q3cv+jprTNT9T+iVI2Q2diy69DQeOO8mp2YZgTrGP9t048W7/Ps1zEEL1uj/dWS3XG6McAAAAVAIQP+o3wCWe+twgSY3Qk0SIvH1ndAAABAHwQNTLdSr0HDhBnVi3EPx1+PdKeHGt5L+jauZO3pq/8Ja4vNX26sraeEWjeLbW5ipEzkXlvX3VG+PCOs6XtNI6HojC3T0lulwLqEH5jBtAAyAuP2Ec3lYw9PldGGzsSx7gW6BaUKVqQnQW+27Kxtcyh1ti80dz/jI1//iapV5HAyrOjeHKjSdrsSeJ6VJ6eTDWDDcpChzhhdp9L66C90emv6rNNjwO/YVzUaNgaISgnCVnoQoHNj23rc8ihumMcDoNmh+u4xXcfS3HLGaNByS4GwMGMDR5KYFK2CbL5BLUW7HPTSTORvhsU+28rkeOsQCfZiReRC8re8Hwep5qNrkkAAAEACCrGotD2kLVfEbEpFrvqvzVkAolBet11rrPBxOS+UvL1UK5nsO4i179iSrFrl9DH9D1U4qVjGmKZxhPPtWRLSf/8h7bCYzcgdmK+U7o6XbUoHGnvW7pGktrMXSlGkF37Rk4OV9zTmUDb/kPxqGAl1BxNXcU7XDCSoZLXzPMyzTT+ezgfaSzGMWZTXKJFXHNffo8e8h+DijQiLOhVUU8RYbAh0C7dZgu4l9+lgO+yX711IFixoeuf8ahET90/IogLnMsQevsrzQzb6aXXe2daIDIHxPWJ1m+erxCHKZoCWAQeG5MSMjvSQup70WGiDa/6AXEldlcFf96Y8npLiO9Y4A==
Regardless of what the core issue is (although I really want to know), I'm in dire need of a solution. How can I create SSH connections again for this key?
I can't get the system of managing ssh keys.
I want to push application to Heroku, so I tried to push but get error.Here is my log
$ git push heroku master
! Your key with fingerprint bf:f6:ed:14:9d:cd:52:a2:a3:16:b2:e9:b4:f2:bf:ba is not authorized to access warm-samurai-6574.
fatal: The remote end hung up unexpectedly
User#PK /e/examples (master)
$ heroku keys:add
Found existing public key: C:/Users/User/.ssh/id_rsa.pub
Uploading SSH public key C:/Users/User/.ssh/id_rsa.pub
!This key is already in use by another account. Each account must have a unique key.
User#PK /e/examples (master)
$ heroku keys
=== 1 key for denys.medynskyi#gmail.com
ssh-rsa AAAAB3NzaC...etyxYh4Q== User#PK
Every account has own ssh key. So I can push from any computer, because ssh key is pushing to heroku ?
Every application on heroku should have own ssh key or not ?
Basically, your computer has an SSH key. However, the SSH key on it is associated with another Heroku account (different from the one you are using now). Your best bet would be to generate a brand new SSH key and add it to Heroku.
Just make a new SSH key on your machine and upload it to Heroku:
$ ssh-keygen
Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.
$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub
This should allow you to use Heroku.
As for your other questions: you can push to Heroku from any computer as long as you add the computer's SSH keys through heroku keys:add. And no, every application does not need to have it's own SSH key.
Your computer has an SSH key, but that SSH key is associated with another Heroku account. If you need to use both accounts for different applications on the same computer you should make a new SSH key on your machine and upload it to Heroku:
$ ssh-keygen
Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.
$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub
You then need to add another host to your ~/.ssh/config:
Host heroku-alt
HostName heroku.com
IdentityFile ~/.ssh/new_id_rsa
And then update the .git/config in your project to use the host alias:
[remote "heroku"]
url = git#heroku-alt:myapp.git
fetch = +refs/heads/*:refs/remotes/heroku/*
By choosing between heroku and heroku-alt in the remote of the .git/config files of specific projects you can manage which projects use which credentials.
Heroku requires an SSH key to be unique to an account. Two accounts cannot have the same ssh key.
You can do ONE of these to solve your issue:
Unlink the ssh key from the other heroku account. Chances are you are not using that account. This is path of least resistance.
Delete the existing keys. Generate a new ssh public/private key pair. Advantage is you will retain the default name for keys and thus it will be automatically found by any application you use.
Generate a new ssh public/private key pair and save it alongside your existing keys. The disadvantage is, these two keys will have a custom name. If you end up using these keys often, you will need to locally set configure ssh to use these instead of the default id_rsa. This does require some work and might get involved.
Which you choose really depends on you.
If you choose the third option, refer this answer https://superuser.com/a/272613/25665 for how to configure ssh locally to always use the new keys for heroku. In case you are wondering why bother with this, well, you will be interacting with heroku by pushing to a git repository. That requires you to be authenticated using ssh. By default it will use the older keys and you wont be able to push. Its just easier to instead tell ssh to use the alternate key when interacting with warm-samurai-6574.heroku.com
The following link has instructions on creating a new key. You will need to either accept the default names or give custom ones depending on which option you chose.
https://devcenter.heroku.com/articles/keys
Can you push from any computer?
Again, it depends. If the computer has your ssh keys and its configured to use your keys for the heroku domain, then yes. You can instead choose to not copy your keys there and simply add the ssh keys present there to your heroku account.
Does each app require a unique key?
No. You can have multiple apps under one heroku account. They all will share the keys you upload to your heroku account.
Let me see if I understand this correctly.
Most of the replies are agree on that the ssh keys we are using for git identifies the computer, because the suggestion they made is to regenerate the key on the other computer and upload it to Heroku.
From my point of view the SSH key should identify me as a developer of the app, and this is what creates the confusion. This means I have to bring my private and public keys with me and use it on any computer I use which can be accomplished with a pendrive or something similar.
So my suggestion is: copy your public and private keys with you, put them in the computer you want to use for pushing to Heroku and protect your private key with a password.
How would I go about doing this on the terminal?
sftp then asks me for a password. how do I include my DSA key so that I do not have to use the password?
As sftp uses SSH protocol for communication, you may generate private/public key pair using ssh-keygen (read everything their!). Then read this HOWTO about how to transfer your key to remote server. If you need more, read more detailed description of OpenSSH Public Key Authentication.
If you setup your key correctly, and remove SSH server is configured to use key authentication, you will be granted the access without additional password.
If you have ssh-agent running, holding the key to the site, it will handle authentication for you.