[Help wanted] Can't connect using generated own SSH host key

telekosmos commented 5 years ago

Hi I've followed the instructions in Readme (https://github.com/atmoz/sftp#providing-your-own-ssh-host-key-recommended) to connect using generated SSH host key without providing password. So, the procedure was just like follows:

ssh-keygen -t rsa -b 2048 -f ./ssh_host_rsa_key_2048 < /dev/null ssh-keygen -t ed25519 -f ./ssh_host_ed25519_key < /dev/null

then

docker run -v /Users/<user>/tmp/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key:ro -v /Users/<user>/tmp/ssh_host_rsa_key_2048:/etc/ssh/ssh_host_rsa_key_2048:ro -v /Users/<user>/tmp:/home/foo/tmp -p 2222:22 -d atmoz/sftp:latest foo::1001

but then I try to sftp and

$ sftp -P 2222 -i ./ssh_host_rsa_key_2048 -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null foo@10.0.0.122
Warning: Permanently added '[<my-host-ip>]:2222' (ED25519) to the list of known hosts.
foo@10.0.0.122's password:

dunno why.

Docker logs:

$ docker logs 85a1ab100cdf -f
[/usr/local/bin/create-sftp-user] Parsing user data: "foo::1001"
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:2GD4M0tlNu6hW+wap7DVTSo6jdjNbF5DGsk/R6bh88I root@85a1ab100cdf
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|     .           |
|    . o =        |
|     + X .       |
|      X S +      |
|     . # X       |
|   o.*B./ o      |
|  . +=*XE*       |
|    o+=....      |
+----[SHA256]-----+
[/entrypoint] Executing sshd
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
Connection closed by 172.17.0.1 port 46960 [preauth]
Connection closed by 172.17.0.1 port 46962 [preauth]
Connection closed by 172.17.0.1 port 46964 [preauth]
Connection closed by 172.17.0.1 port 46966 [preauth]
Failed password for foo from 172.17.0.1 port 46968 ssh2
Failed password for foo from 172.17.0.1 port 46968 ssh2
Connection closed by 172.17.0.1 port 46968 [preauth]
...

I double checked with one of my mates but we didn't see anything despite I'm sure I'm forgetting something.

So, anything wrong above??? Any help is appreciated.

iseec commented 5 years ago

Did you protected your hostkey with a password? If so this might be the reason. (was it for me)

telekosmos commented 5 years ago

@epandasa you mean protect the key with a passphrase when generating with ssh-keygen? if so, no, I took care not to add further complications in this stage...

iseec commented 5 years ago

yeah thats what i meant.

you might have to place your key for the authentication in /home/foo/.ssh/keys/ (inside the container)

chandanchowdhury commented 5 years ago

Hey @telekosmos ssh_host_rsa_key_2048 is a host (servers') key, you cannot use it for login.

vancodocton commented 1 year ago

Hello @telekosmos, maybe the docs are incorrect. Can you mount the public key instead of the private key? I think it should work.

-v <host-dir>/ssh_host_ed25519_key.pub:/home/foo/.ssh/keys/ssh_host_ed25519_key.pub:ro

atmoz / sftp

[Help wanted] Can't connect using generated own SSH host key #174