Under review

RSA SSH key won't work

juanpacordeiro 3 years ago in iPad updated by Alexander Blach (Developer) 3 years ago 10

I'm trying to connect to a server via ssh. I read that in a previous discussion it was said you needed to use PEM, so I generated the key as:

ssh-keygen -m PEM -t rsa -b 409

I did not put a passphrase on the keys, then transferred the files to Textastic on my iPad and put them under an ssh folder. I then added the public key to the authorized_keys file in my server. When I try to connect with ssh, it gives the error:

ERROR: Public key authentication failed: Invalid signature for supplied public key, or bad username/public key combination.

I am not sure why that is the case since I followed the instructions to have the key in PEM format, I double checked my username and it's correctly typed, and the host name is also correctly typed (when I normally ssh from my computer I use ssh -i ~/.ssh/id_rsa username@hostname). Any help would be amazing.

Under review

It's not necessary anymore to use the PEM format. You can use the default key format.

Are you sure "ssh-keygen -m PEM -t rsa -b 409" is the command line you used? When I do that, I get the following error:

Invalid RSA key length: minimum is 1024 bits

You can also use more modern key types like ECDSA or ED25519 in the latest version of Textastic.

Please have a look at this topic in the manual for details: https://www.textasticapp.com/v9/manual/remote_servers/sftp_ftps_ftp.html#public-key-authentication

It also has sections about the supported key file formats and key types.

Ok, I tried it with the following command line on my Mac:

ssh-keygen -m PEM -t rsa -b 4096

I saved the key as ~/ssh/id_rsa_test without a passphrase.

I transferred the key file "id_rsa_test" using AirDrop to my iPad and selected the Files app as the AirDrop target. I put the file into "On my iPad/Textastic/ssh/".

I added the contents of "id_rsa_test.pub" to ~/.ssh/authorized_keys on the server for the user I'm trying to log in as.

On my iPad in Textastic, I enabled public key auth for the connection and used "/ssh/id_rsa_test" as the private key file path.

I could then successfully connect to my server using the SSH terminal and using the SFTP connection.

Here is what you can try: go to the File Transfer screen, edit the connection and enable "Debug Log". Then try to connect to the server using SFTP and have a look at the log file.

Hi Alexander,

I tried it, and I am not sure what could be going on.

On the debug, it tries to connect, it connects to the server, then there's a line that says "Info SSH MD5 fingerprint:", then one stating the authentication methods available (publickey is one of them), then it says "Using SSH private key file" and the path of my private key, and then it gives me the same error: "SSH public authentication failed: Username/PublicKey combination invalid". Any idea if there's anything else I could try?

Thanks a lot for your help anyways.

Are you 100% sure that the user name is correct? Maybe there is an invisible character like space before or after the name? Please try to delete the user name and enter it again. 

Another idea: can you have a look at the SSH server logs?

Hi Alexander,

I double checked the username spelling and asked the system administrator, and he told me that it's probably an issue with matching the key. I generated the key on my Windows PC and transferred the files to my iPad. He pointed out that the public key has the host name of my laptop at the end of the key. I looked it up and I thought that since it is separated by a space it essentially counts as a comment for the key, so it should not matter. Does anything about that seem wrong to you?

Thanks a lot.

I also think that the host name at the end of the line of the public key does not matter. 

Can you successfully connect to your server from your Windows PC using the user name and the generated key file? Maybe with PuTTY or ssh in a WSL terminal?

I haven't tried in WSL, but in command prompt doing something like ssh -i ~/.ssh/id_rsa username@hostname does let me connect successfully. I just tried it again to make sure. Is the way Textastic uses all the information I give it any different than doing that?

Textastic should do the same as your command line. Textastic uses libssh2 instead of OpenSSH, but that should not matter.

Here are a few things we could try:

1. Please send me a screenshot of your connection's settings in Textastic. Maybe I can spot a problem.

2. You could generate a new public/private key file pair and send the two files to me. I could then try to add it to my server and connect to it from Textastic to see if your keys work in general. I can then send you screenshots of my configuration.

You can send me the key files (e.g. id_rsa and id_rsa.pub) by email to support@textasticapp.com

3. It that still doesn't help, you could add the public key to your server and give me the login details. I can then try to connect to your server from Textastic on my device.