How to generate custom Docker Content Trust root key - docker

I have little idea in security aspects in and outside docker world.
As the document states, I tried the below command
docker trust key generate jeff
Whenever I run this command first time it will automatically generate a root key. Isn't it possible to generate a root key based on my own existing pem file? I have checked docker and notary client/ server etc there is no information regarding this. I hope this is a valid question.

Yes we can do that
Reference Link:https://docs.docker.com/engine/reference/commandline/trust_key_load/#:~:text=docker%20trust%20key%20load%20adds%20private%20keys%20to,this%20command%2C%20refer%20to%20the%20examples%20section%20below.
Below are the steps to load existing pem file (ie private key) .It works only in windows VM Image.(Not Ubuntu Image)
set DOCKER_CONTENT_TRUST=1
docker trust key load privatekey.pem --name username
Enter passphrase :
docker trust signer add --key publickey.pem username dockerimageregistry.azurecr.io/hello-world:signed

Related

not able to pip install from private repo in docker [duplicate]

I'm on Mac Snow Leopard and I just installed git.
I just tried
git clone git#thechaw.com:cakebook.git
but that gives me this error:
Initialized empty Git repository in `/Users/username/Documents/cakebook/.git/`
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
What am I missing?
I've also tried doing ssh-keygen with no passphase but still same error.
If the user has not generated a ssh public/private key pair set before
This info is working on theChaw but can be applied to all other git repositories which support SSH pubkey authentications. (See [gitolite][1], gitlab or github for example.)
First start by setting up your own public/private key pair set. This
can use either DSA or RSA, so basically any key you setup will work.
On most systems you can use ssh-keygen.
First you'll want to cd into your .ssh directory. Open up the terminal and run:
cd ~/.ssh && ssh-keygen
Next you need to copy this to your clipboard.
On OS X run: cat id_rsa.pub | pbcopy
On Linux run: cat id_rsa.pub | xclip
On Windows (via Cygwin/Git Bash) run: cat id_rsa.pub | clip
On Windows (Powershell) run: Get-Content id_rsa.pub | Set-Clipboard (Thx to #orion elenzil)
Add your key to your account via the website.
Finally setup your .gitconfig.
git config --global user.name "bob"
git config --global user.email bob#...
(don't forget to restart your command line to make sure the config is reloaded)
That's it you should be good to clone and checkout.
Further information can be found at https://help.github.com/articles/generating-ssh-keys (thanks to #Lee Whitney)
[1]: https://github.com/sitaramc/gitolite
-
If the user has generated a ssh public/private key pair set before
check which key have been authorized on your github or gitlab account settings
determine which corresponding private key must be associated from your local computer
eval $(ssh-agent -s)
define where the keys are located
ssh-add ~/.ssh/id_rsa
More extensive troubleshooting and even automated fixing can be done with:
ssh -vT git#github.com
Alternatively, according to below comments, we could issue:
ssh -vT git#gitlab.com
or substitute gitlab/github with whatever Git Instance your organisation is running.
Source: https://help.github.com/articles/error-permission-denied-publickey/
This error can happen when you are accessing the SSH URL (Read/Write) instead of Git Read-Only URL but you have no write access to that repo.
Sometimes you just want to clone your own repo, e.g. deploy to a server. In this case you actually only need READ-ONLY access. But since that's your own repo, GitHub may display SSH URL if that's your preference. In this situation, if your remote host's public key is not in your GitHub SSH Keys, your access will be denied, which is expected to happen.
An equivalent case is when you try cloning someone else's repo to which you have no write access with SSH URL.
In a word, if your intent is to clone-only a repo, use HTTPS URL (https://github.com/{user_name}/{project_name}.git) instead of SSH URL (git#github.com:{user_name}/{project_name}.git), which avoids (unnecessary) public key validation.
Update: GitHub is displaying HTTPS as the default protocol now and this move can probably reduce possible misuse of SSH URLs.
The github help link helped me sort out this problem. Looks like the ssh key was not added to the ssh-agent. This is what I ended up doing.
Command 1:
Ensure ssh-agent is enabled. The command starts the ssh-agent in the background:
eval "$(ssh-agent -s)"
Command 2:
Add your SSH key to the ssh-agent:
ssh-add ~/.ssh/id_rsa
Got the same error report.
Fixed with using the HTTPS instead of the SSH protocol. Since I don't want to set "SSH keys" for a test PC.
Change URL to HTTPS when clone:
git clone https://github.com/USERNAME/REPOSITORY.git
My problem is a little bit different: I have the URL set to SSH when adding an existing local repo to remote, by using:
git remote add origin ssh://github.com/USERNAME/REPOSITORY.git
To fix it, reset the URL to HTTPS:
git remote set-url origin https://github.com/USERNAME/REPOSITORY.git
BTW, you may check your URL using the command:
git remote -v
origin https://github.com/USERNAME/REPOSITORY.git (fetch)
origin https://github.com/USERNAME/REPOSITORY.git (push)
Hope this will help some one like me. :D
Another possibility on Windows, which is not covered in any of these answers, and is not covered in the git or github docs on troubleshooting:
git may be using a different openssh executable than you think it is.
I was receiving the Permission denied (public key) error when trying to clone or pull from github and ssh.dev.azure.com, and I'd followed all the instructions and verified that my SSH keys were setup correctly (from SSH's standpoint) using ssh -vT git#github.com and ssh -vT git#ssh.dev.azure.com. And was still getting these errors:
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I eventually figured out that the problem is that Git for Windows, and Windows, both have their own versions of openssh. This is documented here: https://github.com/desktop/desktop/issues/5641
I was relying on the Windows ssh-agent service to store my ssh key passphrases, so git (with it's separate version of openssh) couldn't read my private keys. I consider it a bug that this error message is used - it's misleading.
The fix was:
git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"
Or in your ~/.gitconfig:
[core]
sshCommand = 'C:\\Windows\\System32\\OpenSSH\\ssh.exe'
Perhaps this will be fixed in git for Windows soon, but this is the 2nd time I've wasted time on this issue.
I was struggling with the same problem that's what I did and I was able to clone the repo. I followed this procedure for Mac.
First Step: Checking if we already have the public SSH key.
Open Terminal.
Enter ls -al ~/.ssh to see if existing SSH keys are present:
Check the directory list to see if you already have a public SSH key. Default public is one of the following d_dsa.pub, id_ecdsa.pub, id_ed25519.pub, id_rsa.pub.
If you don't find then go to step 2 otherwise follow step 3
Step 2: Generating public SSH key
Open Terminal.
Enter the following command with a valid email address that you use for github ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
You will see the following in your terminal Generating public/private rsa key pair. When it prompts to"Enter a file in which to save the key," press Enter. This accepts the default file location. When it prompts to Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter] Just press enter again.
At the prompt, "Type a secure passphrase. Enter passphrase (empty for no passphrase): [Type a passphrase]" press enter if you don't want to Enter same passphrase again: [Type passphrase again] press enter again
This will generate id_rsa.pub
Step 3: Adding your SSH key to the ssh-agent
Interminal type eval "$(ssh-agent -s)"
Add your SSH key to the ssh-agent. If you are using an existing SSH key rather than generating a new SSH key, you'll need to replace id_rsa in the command with the name of your existing private key file. Enter this command $ ssh-add -K ~/.ssh/id_rsa
Now copy the SSH key and also add it to you github account
In terminal enter this command with your ssh file name pbcopy < ~/.ssh/id_rsa.pub This will copy the file to your clipboard
Now open you github account Go to Settings > SSH and GPG keys > New SSH key Enter title and paste the key from clipboard and save it. Voila you're done.
This works for me:
ssh-add ~/.ssh/id_rsa
Visual guide (Windows)
1 of 2. Git batch side
1.1. Open git batch (Download her)
1.2. Paste the text below (Change to your GitHub account email)
$ ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
1.3. Press Enter (Accepts the default file location)
1.4. Click Enter Twice (Or set SSH key passphrases - Gitbub passphrases docs)
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]
1.5. The key generate:
Your identification has been saved in /c/Users/user/.ssh/id_rsa...
1.6. Copy the SSH key to your clipboard.
$ clip < ~/.ssh/id_rsa.pub
2 of 2. Github website user side
Under user setting
SSH and GPG keys => New SSH key:
Paste the code from step 1.6
Done :)
If someone doesn't want to use SSH use HTTPS :
Github docs: https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh
If your problem appears out of the blue recently (the latter half of 2021), it may have been caused by incompatible hash algorithms.
As of this post (Oct 2021), the latest version of Git for windows is 2.33.1 (release note), who has embraced the latest OpenSSH 8.8p1 (release note), who in turn has deprecated SHA-1. Meanwhile, if your remote Git repository still sticks to SHA-1, you'll fail the authentication.
To see whether you could have fallen into this case, check the version of your software by:
ssh -V
git --version
Then you should check the "Potentially-incompatible changes" section of OpenSSH 8.8/8.8p release note.
TL;DR
Solution 1: Enable SHA-1 again by adding this to your ~/.ssh/config file:
Host <remote>
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Remember to replace <remote> with the hostname of your remote repository.
Solution 2: Regenerate your key pair using ECDSA or Ed25519, instead of RSA. For example:
ssh-keygen -t ecdsa -C <comment>
Remember to replace <comment> with your own mnemonic phrase. Then, upload the generated public key to your remote repository.
FYI, I encountered this prompt message when accessing Gitee.com, who uses golang.org/x/crypto/ssh on their server and has posted a page on this issue here (in Mandarin).
git#gitee.com: Permission denied (publickey).
Note that (at least for some projects) you must have a github account with an ssh key.
Look at the keys listed in your authentication agent (ssh-add -l)
(if you don't see any, add one of your existing keys with ssh-add /path/to/your/key (eg: ssh-add ~/.ssh/id_rsa))
(if you don't have any keys, first create one. See: http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html or just google ssh-keygen)
To verify that you have a key associated with your github account:
Go to: https://github.com/settings/ssh
You should see at least one key with a hash key matching one of the hashes you saw when you typed ssh-add -l just a minute ago.
If you don't, add one, then try again.
I met the same issue because of I was thought the difference between SSH and HTTPS is
https://github.com/USERNAME/REPOSITORY.git
ssh://github.com/USERNAME/REPOSITORY.git
So I changed from HTTPS to SSH just by changing https:// to ssh:// nothing on the end of the url was changed.
But the truth is:
https://github.com/USERNAME/REPOSITORY.git
git#github.com:USERNAME/REPOSITORY.git
Which means I changed ssh://github.com/USERNAME/REPOSITORY.git to git#github.com:USERNAME/REPOSITORY.git it works.
Stupid error but hope helps someone!
These are the steps I followed in windows 10
Open Git Bash.
Generate Public Key:
ssh-keygen -t rsa -b 4096 -C "youremailaddress#xyz.com"
Copy generated key to the clipboard (works like CTRL+C)
clip < ~/.ssh/id_rsa.pub
Browser, go to Github => Profile=> Settings => SSH and GPG keys => Add Key
Provide the key name and paste clipboard (CTRL+V).
Finally, test your connection (Git bash)
ssh -T git#github.com
Thanks!
Please try this if nothing is worked out
Generate personal Access token (Setting -> Developer settings -> Personal access tokens -> Generate new token)
git remote set-url origin https://<TOEKN>#github.com/USERNAME/REPOSITORY.git
Note: If a password popup comes, try to enter the token only (try twice)
I had a slight different situation, I was logged on to a remote server and was using git on the server, when I ran any git command I got the same message
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
The way I fixed it was by changing the file /etc/ssh_config on my Mac.
from
ForwardAgent no
to
ForwardAgent yes
I had to copy my ssh keys to the root folder.
Google Cloud Compute Engine running Ubuntu 18.04
sudo cp ~/.ssh/* /root/.ssh/
Solution using gh i.e. Github's official CLI
gh installation
brew install gh
gh login or authentication via cli
gh auth login
repo clone
gh repo clone <username or orgname>/<repo-name>
Example: gh repo clone keshavdulal/sample-repo
Rant: I too was bashing my head when git clone suddenly decided not to work anymore and I don't have the patience or brainpower to relearn ssh/public keys/cryptography from scratch just to clone a freaking repo I already have access to. Also surprised no one mentioned gh in the answers yet
Guys this is how it worked for me:
Open terminal and go to user [See attached image]
Open .ssh folder and make sure it doesn't have any file like id_rsa or id_rsa.pub otherwise sometimes it wont properly rewrite files
git --version [Check for git installation and version]
git config --global user.email "your email id"
git config --global user.name "your name"
git config --list [make sure you have set your name & email]
cd ~/.ssh
ssh-keygen, it prompts for saving file, allow it
cat ~/.ssh/id_rsa.pub [Access your public key & copy the key to gerrit settings]
Note: You should not be using the sudo command with Git. If you have a very good reason you must use sudo, then ensure you are using it with every command (it's probably just better to use su to get a shell as root at that point). If you generate SSH keys without sudo and then try to use a command like sudo git push, you won't be using the same keys that you generated
ALWAYS CHECK GITHUB FOR SSH-KEYS GENERATION PROCEDUR, NOT SOME OUTDATED BLOG
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
There you can see that keys are generated with:
ssh-keygen -t ed25519 -C "your_email#example.com"
So algorithm is ed25519 not rsa or anything else.
Are you in a corporate environment? Is it possible that your system variables have recently changed? Per this SO answer, ssh keys live at %HOMEDRIVE%%HOMEPATH%\.ssh\id_rsa.pub. So if %HOMEDRIVE% recently changed, git doesn't know where to look for your key, and thus all of the authentication stuff.
Try running ssh -vT git#github.com. Take note of where the identity file is located. For me, that was pointing not to my normal \Users\MyLogin but rather to a network drive, because of a change to environment variables pushed at the network level.
The solution? Since my new %HOMEDRIVE% has the same permissions as my local files, I just moved my .ssh folder there, and called it a day.
I hit this error because I needed to give my present working directory permissions 700:
chmod -R 700 /home/ec2-user/
On Windows, make sure all your apps agree on HOME. Msys will surprisingly NOT do it for you. I had to set an environment variable because ssh and git couldn't seem to agree on where my .ssh directory was.
One of the easiest way
go to terminal-
git push <Git Remote path> --all
The basic GIT instructions did not make a reference to the SSH key stuff. Following some of the links above, I found a git help page that explains, step-by-step, exactly how to do this for various operating systems (the link will detect your OS and redirect, accordingly):
http://help.github.com/set-up-git-redirect/
It walks through everything needed for GITHub and also gives detailed explanations such as "why add a passphrase when creating an RSA key." I figured I'd post it, in case it helps someone else...
The easiest solution to this, when you are trying to push to a repository with a different username is:
git remote set-url origin https://USERNAME#github.com/USERNAME/PROJECTNAME.git
I helped the following:
Open Terminal (Git Bash)
Remove all files in directory .ssh or rename and create new .ssh folder.
To follow in the steps of the instructions:
Generating a new SSH key
Adding your SSH key to the ssh-agent
System: Windows 10.
In addition to Rufinus' reply, the shortcut to copy your ssh key to the clipboard in Windows is:
type id_rsa.pub | clip
Refs:
Print to standard output
Copy command line output to clipboard
If you have more than one key you may need to do
ssh-add private-keyfile
Its pretty straight forward. Type the below command
ssh-keygen -t rsa -b 4096 -C "youremailid#yourdomain.com"
Generate the SSH key. Open the file and copy the contents. Go to GitHub setting page , and click on SSH key . Click on Add new SSH key, and paste the contents here. That's it :) You shouldn't see the issue again.
I deleted node_modules/ package-lock.json and yarn.lock files. Ran npm i again. This resolved the issue for me.

Not able to login to docker lab server using putty

I was trying to login to a docker lab host using Putty but not able to login. The error is :-
'no authentication method available server sent public key'.
If I pass both username#server name i get error.
If I only pass the server name i get to the login screen but then when i enter my username the error pops up
I tried searching the web but couldn't find.
Please can anyone help me.
You can refer to the article "PWD + SSH = ❤" (with "PWD" = "Play With Docker").
The full command should be:
ssh -p 1022 <instance_ip_with_dashes>-<short_session_id>#pwdhost
But that requires on the client side to have in $HOME/.ssh
id_rsa: the private key
id_rsa.pub: the public key registered in <instance_ip_with_dashes>-<short_session_id> home.
Since copying a private key is not a good practice, you can do the opposite (in a Git bash session, not using putty):
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
Copy the public generated key to ~<instance_ip_with_dashes>-<short_session_id>/.ssh/authorized_keys
Then your SSH session will be possible.
Note: All that is managed for you if you are using the docker-machine pwd driver, as shown in the article above:
As you can see, in that case, a docker-machine ssh is enough.
http://github.com/play-with-docker/play-with-docker/issues/285
Actually I had to create or generate keys on the client. In order to start the communication between the client and the server.But I was copying the private key of the server silly me.
Key generation can be done in 2 ways
1. If you are using git run ssh-keygen
2. If you want to login using putty the first generate keys using puttygen and then attached the private key .ppk while ssh.

Create a Cert from .cer and .p7b in SQL Server 2017 Linux image running in a Docker Container

I have downloaded the SQL Server 2017 Linux image and ran in a Container.
Next I have connected to the container from SQL Server Management Studio 2017.
I then used "docker cp" to copy a .bak file to "/var/opt/mssql/backup".
But it needs an encryption key to restore.
So in SSMS I open a query window for the container and run these commands:
USE master;
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'P#ssw0rd';
GO
CREATE CERTIFICATE CertificateName FROM FILE = 'C:\cert.cer' WITH PRIVATE
KEY (FILE = 'C:\key.p7b', DECRYPTION BY PASSWORD = '********');
When I run the last one I get this error:
"The certificate, asymmetric key, or private key file is not valid or does not exist; or you do not have permissions for it."
How do I do this for a Docker Container?
Can I get the files from the local file system?
Or do I need to copy it into "/var/opt/mssql/" and somehow get from there?
Docker apparently couldn't read the cer and key files form the local file system.
Here is what I did:
At command prompt make a dir in the container to hold the keys.
docker exec -it sqlcontainer1 mkdir /var/opt/mssql/setup
docker cp "C:\Temp\cert.cer" sqlcontainer1:/var/opt/mssql/setup
docker cp "C:\Temp\key.p7b" sqlcontainer1:/var/opt/mssql/setup
Then I went back into SSMS and ran the commands again:
--DROP MASTER KEY
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '********';
GO
CREATE CERTIFICATE CertName FROM FILE = '/var/opt/mssql/setup/cert.cer' WITH
PRIVATE KEY (FILE = '/var/opt/mssql/setup/key.p7b', DECRYPTION BY PASSWORD =
'********');

Jenkins Publish over ssh authentification failed with private key

I can authenticate successfully with putty on the server with my private key and passphrase. But when I try to do it with jenkins publish over SSH plugin (using Test for configuration), I get the following error message:
jenkins.plugins.publish_over.BapPublisherException: Failed to connect session for config myconfig. Message [Auth fail]
I entered the same information as in putty:
Hostname : myhostname
Username : myusername
Remote Directory :
Use password authentication, or use a different key Passphrase / Password
Path to key : checked
Path to key : mypath
Passphrase : mypasssword
Key:
Port:22
Timeout(ms):300000
If you have any idea ...
Thanks for your help.
Looks like you're using keyfile authentication, so you'll get this error from Jenkins if you haven't set the permissions correctly on your .ssh folder and/or ~/.ssh/authorized_keys file.
the .ssh folder should have drwx------ permissions (read/write/execute owner only)
the authorized_keys file should have -rw------- permissions (read/write owner only)
To fix it:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
I ran into the same issue today and it turned out i was accidentally supplying the path to the public key instead of the private one.
So the "path to key" should be something like
.ssh/id_rsa
instead of
.ssh/id_rsa.pub
Because your linux login need password, the answer is :
1. Passphrase: your passphrase
2. path to key: your private key path
3. key : blank
4. Disable exec : un-check
SSH Servers
1. Name: remote_user#remotehost.com
2. hostname: remotehost.com
3. Username: remote_user
4. Remote Directory: empty
Advanced --
5. check the box "use passsword authentication, or use a different key"
`important`
6. Passphrase / Password: your linux login password`important`
7. path to key: blank
8. key:blank
9. port: 22
10. Timeout(ms): 300000
'Test Configuration'
success
Check that the public key is in the .ssh/authorized_keys file on the target server, even if the target server is the same as the jenkins server. I had what is probably the same problem, and it turned out that I needed this, even though ssh localhost worked fine.
(Addendum: also check that the jenkins server has the target server in its .ssh/known_hosts file, as that can affect this as well.)
I think as it says this is a authentication issue:
Use password authentication, or use a different key
Selecting this option will produce 3 more configuration boxes that mirror the options available for the Jenkins SSH Key.
Passphrase / Password
If either Path to key or Key are configured then this is the passphrase to use with the encrypted key.
If no key is configured then this is the password that will be used for password authentication.
Path to key
See description above.
Key
See description above.
Disable exec
This option will remove the ability to execute commands using this configuration.
LINK HERE
I am facing same issue , the following steps work for me:- ( i am using jenkins 1.57)
Go to http:///jenkins/manage
Configure System
Browse to Publish over SSH section
Passphrase: blank
path to key: blank
key : blank
Disable exec : un-check
SSH Servers
-- Name: remote_user#remotehost.com
-- hostname: remotehost.com
-- Username: remote_user
-- Remote Directory: empty
-- Advanced
-- check the box "use passsword authentication, or use a different key"
-- port: 22
-- Timeout(ms): 300000
-- 'Test Configuration'
success
Try restarting ssh of remote server
/etc/init.d/sshd restart
Don't do any ssh-keygen. Just enter the pem key details under key field,
Add SSH server details: Name, Hostname and Username as ec2-user.
Click test connection and it works.
Sometimes the SSH connection would fail, if the destination server doesnt have enough disk space to perform PUT operation
{ERROR: Exception when publishing, exception message [Failure]}
Make sure to verify the destination server has enough disk space.
In case of Linux, you can use 'df -kh /directoryname' to check the disk space
Just copy jenkins-user's id_rsa.pub to the end of ~/.ssh/authorized_keys on remote host.
I was having the same exact issue today and thought I would share what worked for me
Normally when I would SSH into my ec2 instance AWS likes the username to be
ubuntu#[ip address/url]
Jenkins likes it to be just the username so remove the rest
ubuntu
If you use RSA key, and see string like this in your private key:
-----BEGIN RSA PRIVATE KEY-----
***************************************
-----END RSA PRIVATE KEY-----
You need edit config file sshd on remote machine:
sudo vim /etc/ssh/sshd_config
add in this file stoke:
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
I have the same problem,I am on windows, the solution:
open the openssh debug model, no can see the error detail, detail click
Stop the sshd service
Type 'sshd -d' in PowerShell
no if you connect again ,you can see the error detail, my error is
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
we can add PubkeyAcceptedKeyTypes=+ssh-rsa in server sshd_config file, detail click
now test success, if still has error like Failed to connect SFTP channel and debug is
debug1: subsystem: cannot stat sftp-server.exe: No such file or directory
this because the openssh no in windows system path. detail click

Can’t SSH into my Digital Ocean droplet from Blink (iPadOS)

I am following this guide: https://thesweetsetup.com/how-to-use-digital-ocean-for-web-development-on-an-ipad/ To setup an environment on an iPad using Blink/Mosh.
I generated a droplet in the DO UI and added the public key I created using ssh-keygen in blink (also tried ssh-keygen -m pem). When I do ssh root#<IP-ADDRESS. I get the usual dialog:
Ed25519 key fingerprint is SHA256:<key>.
The server is unknown.
Do you trust the host key? (yes/no): yes
This new key will be written on disk for further usage.
Do you agree? (yes/no): yes
After this I just get back to blink. If I try to SSH again nothing happens. If I try to say ssh -i id_rsa root#<IP-ADDRESS> also nothing happens.
What am I doing wrong? I found this: https://github.com/blinksh/blink/issues/725 But do not understand what to do to fix.
I had this same problem. The blink terminal didn't give me any output or anything. The problem is that you have to give the full path of the id_rsa file (from the perspective of your default blink directory). So instead of ssh -i id_rsa root#<IP-ADDRESS>, do ssh -i .ssh/id_rsa root#<IP-ADDRESS>.
Btw one difference in our ssh key creation is that you created your key with the command ssh-keygen -m pem while I used ssh-keygen -t rsa -b 4096. I don't think that should be a problem though.
I had this same issue on some DO droplets I had. I had already set up the droplets with another key and added a new one for my blink app through the DO interface with no luck.
Realized that I had to still add the new public key to the authorized keys file in your users .ssh directory. ( ~/.ssh/authorized_keys ) and this solved my problem.
I did this through the device I was already using successfully, and copied to new key to that device to paste in.

Resources