Storage Box SSH Keys #

SSH key authentication for Storage Boxes #

If you use SCP, SFTP, rsync or BorgBackup, you can log in using SSH key authentication without entering a password.

Depending on the SSH port of the Backup account/Storage Box you use, you may need to use a specific format for the public SSH key. The following keys are supported:

If you want to use the services over both ports, then you must store the public SSH key in both formats (RFC4716 and OpenSSH format) in the .ssh/authorized_keys file. Please note that a new line should be at the end of the file.

Each sub-account requires its own authorized_keys file in the sub-account’s directory.

#

Generating SSH keys #

You can use ssh-keygen to generate a new pair of SSH keys:

server> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
cb:3c:a0:39:69:39:ec:35:d5:66:f3:c5:92:99:2f:e1 root@server
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|         .   =   |
|      . S = * o  |
|   . = = + + =   |
|    X o =   E .  |
|   o + . .   .   |
|    .            |
+-----------------+

Warning: With the default settings, using ssh-keygen will overwrite an existing SSH key! As an alternative, with the parameter -f, you can specify a different file path.

#

Upload #

Please activate the SSH service of your Storage Box within Robot. Afterwards you can upload your public key with the following command for both Storage Box ports:

server> cat ~/.ssh/id_rsa.pub | ssh -p23 [email protected] install-ssh-key
[email protected]'s password:
Key No. 1 (ssh-rsa user@host) was installed in RFC4716 format
Key No. 1 (ssh-rsa user@host) was installed in OpenSSH format

After this you can use the public SSH key to login without a password.

#

Manual #

You can also upload your key manually. Therefor please use the following guides:

#

Extended SSH Service on Port 23 (SFTP/Rsync/BorgBackup) #

Port 23 uses the one-line OpenSSH format of the public key.

#

Upload with ssh-copy-id (OpenSSH 8.5+) #

You can use ssh-copy-id to upload the new key:

ssh-copy-id -p 23 -s [email protected]

Upload without ssh-copy-id / Manually #

If you have an older OpenSSH client software, you can upload the public key also manual:

ssh -p 23 [email protected] mkdir .ssh
scp -P 23 .ssh/id_rsa.pub [email protected]:.ssh/authorized_keys

#

SSH Service on Port 22 (SFTP) #

For the SSH service on port 22, you must convert your public key into the RFC4716 format and then upload it.

#

Converting your key to RFC4716 format #

To convert the public SSH key into the correct format, enter the following command:

The public SSH key should now look like the one below:

server> cat .ssh/id_rsa_rfc.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "<comment>"
AAAAB3NzaC1yc2EAAAABIwAAAQEAz+fh731CVfH3FPM0vK5hX7NT5HogdBEQ4ryGJIeVMv
mCQJWwrFtdWh1pXMyXsYzXq1xbjILgCZGn+H0qUBKopJaa/Pzsw5U0UyRgiFhU2k0eiHUq
pkiixTbHcLsCj3kjAv5i07wZJ/ot246hLQD1PtSQtcX7nHvhdhenOTGO+ccpM2KEdX1E64
eaTtO9Bf7X4OTXnRxS7tjYH9sls5DOunpvoIZLvbmcVw1+wMdJBXOAU6/tnkN5N3mYE4Hu
JjnRtBAI9MS9Tt3DNAp1K/udUHA6hfYf08fxYs9uwsCM793b7FczmVvHEIwIKszG7Jwiwo
Dqit4EExR8bNNCeD6D3Q==
---- END SSH2 PUBLIC KEY ----

#

Upload #

Now upload the created file:

echo "mkdir .ssh" | sftp [email protected]
scp .ssh/id_rsa_rfc.pub [email protected]:.ssh/authorized_keys

#

Test #

Depending on which SSH key format you have uploaded, you should be able to log in without a password on port 22 and/or 23:

sftp -P <22 or 23> <username>@<username>.your-storagebox.de
Connected to <username>.your-storagebox.de.
sftp> quit