Host key verification failed

Today I got the error "host key verification failed" when trying to connect from my Linux desktop to my Google Cloud VM "linuxintro.org":

# ssh thorsten@linuxintro.org
The authenticity of host 'linuxintro.org (34.122.183.250)' can't be established.
ED25519 key fingerprint is SHA256:7F9VxKJOEhY/ulnvywkGuQRZUB6S5xd2hG2oWbCSd2E.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? 
Host key verification failed.
The reason was that I had never logged in before, so the system did not know the key of my target VM. Solution was to call:
# ssh -o "StrictHostKeyChecking no" thorsten@linuxintro.org
A question that remains open with me is why I did not have to do it earlier. Earlier, the host keys were automatically added to the known_hosts file.

Now I get the next error:
# ssh thorsten@linuxintro.org
thorsten@linuxintro.org: Permission denied (publickey).

To resolve this error, I need a private/public ssh key pair on my laptop.
If you don't have a public key, create it using the command

ssh-keygen
Type ENTER for every question from ssh-keygen. Then you will find your public key file in your home directory under .ssh/id_rsa.pub. Find out how it looks, here is mine:

# cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa5um7k0qOD8xC+I+4EWJR1NAG7GBT3ho5IIouOo3fVSXteApdmTfoX0qfdezR1/+pxAvK1fqoIHNVI1IWDEiqFnVBB1skkh/B5M/BvBECmtPZPbXTtJbwgNJ6Uq8VT0DH0FiOtpO+Qn40rEjDXRmrtKQZcuzF0WrboAuUld+L7Ma374o6hZiiSRztTEfIPCUaWdRzGyk/zBLYLf8TPIxk0/Qor/G+Gqf5ulW+FHn4veDoythdJRa0pQoBJzWzDWNuCRPgNk0wrOElivaGNDIesSAYnhLZvwzWNJlHlh3jeAEmi5Y5AhLo5f/sS7eaI28xaJ2Uym4FG/yC0VjgTcmpGB27YL/6bogsHu3OWyqcW0F+2rBv3lcDXTI8kFSgc+724RbFLuhuxbfrcs/t9TL4eTBsx4YcI15BMrMcX8hIw8LTIwzGIWtBwE0HrBmaZtPfXcDm5p+gI1899n2oRauBFBjlZ35Q5YJQpVRDDcEqSns54FEZ+HlLXWyUkPMRf6c= thorsten@tweedleburg

I copy the content to the clipboard and surf to console.cloud.google.com -> VM Instances. Then I click on my VM -> edit and set os_login to false:

Then I scroll to "SSH Keys" and add the ssh key:

and click on "Save". Then I test it again and it works:
thorsten@tweedleburg:~/.ssh$ ssh thorsten@linuxintro.org
Linux instance-2 4.19.0-23-cloud-amd64 #1 SMP Debian 4.19.269-1 (2022-12-20) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon May  1 08:26:32 2023 from 77.179.28.99
thorsten@linuxintro:~$ 

TroubleShooting

If you run into issues, it will mostly be one of the two error messages above to my experience. It is important to make sure enable_oslogin is set to false. Please leave me a comment if it does not work for you.
Keep your fingers away from .ssh/authorized_keys, this will be managed from the data input into the Cloud Console.

Further thought recommendations

  • You can now trigger remote command executions using the ssh command, for example here you see the VM's uptime on your laptop:
# ssh thorsten@linuxintro.org uptime
 08:55:16 up 89 days, 18:37,  0 users,  load average: 0.00, 0.04, 0.01
  • You can now copy files to your VM using the command scp, e.g.:
# scp /var/log/messages thorsten@linuxintro.org:
  • You can also set project-wide SSH keys in the Cloud Console. In the search bar, type Metadata and select compute engine metadata.
  • You can run graphical programs on the VM, being displayed on your laptop:
The xeyes command displays two eyes focusing on your
mouse cursor, so you can easier find it.

Sources and references

Comments

Post a Comment

Popular posts from this blog

My SAT>IP Server

Image
I bought a SAT>IP Server to bring my satellite TV into my WLAN. I want this because my satellite's connection is in another place in the room than my TV. First learning: You need a SAT>IP Server, not a SAT>IP Receiver. A SAT>IP Server receives signals from the LNB. A SAT>IP Receiver receives a connection from the SAT>IP Server and transforms it into an HDMI stream (for example). As SAT>IP Receiver you can also use the VLC software which will just display the video stream. When buying, make sure you buy a server. Second learning: The latest Kathrein EXIP 418  SAT>IP Server did not work with my setup. It needs a multi-switch between the LNB and the server. When buying, make sure you understand the setup. Mine looks like this: So I settled for a Telestar  TwinBit SAT>IP Server. Laptop To watch TV on my Windows Laptop, I download VLC and start it. Click View->Playlist. Point it to Universal Plug'n'Play, and wait 6 minutes, 47 seconds, and the ser
Read more

Set up a webcam with Linux

Image
You want to use your webcam with a Linux computer? Good, then this article is for you. If you have a notebook or a laptop with an integrated webcam, this will most probably work out of the box. If you have a USB webcam, connect it to your computer. Then, you  open a console (aka terminal)  and type  cheese The "cheese" application will start up and show your webcam's output like this: A capture from a webcam in the program Cheese If this works, congratulations, you can now use your webcam with video editors, conferencing software, and so on. But: cheese may not be installed the drivers (aka kernel modules) for the webcam may not work your Linux computer may not have a graphical user interface (or you may not want it) you may want to switch between several webcams Install Cheese If you do not have the software cheese installed, you can install it by means of your distribution.  Find out your Linux distribution , open a terminal and enter: for Debian, Raspbian, Ubuntu, Kubu
Read more

Network Engineer Certification

Image
I prepare for being certified as Network Engineer. This means you have to digest a lot of complicated topics... or you make it fun by using analogies. I bet I will teach you BGP , Interconnects and VPN in the next 10 minutes so that you won't forget it or you get your money back. Let's start like this: Imagine the internet is the highway network connecting towns (datacenters). Then, the cars are network packets driving over it. If highways are the internet, network packets are cars The cars deliver pizza. There are routes where you can drive fast and there are slow routes. Some have four lanes, others are just narrow alleys. That's latency and bandwidth aka throughput . Now I tell you, if I want a pizza, I want it in 10 minutes. Having 5 pizzas after 50 minutes just isn't the same experience although throughput would be the same.  Next time you wait for a pizza - think of this blog and agree: nothing beats latency ;) Do you know Lombard street? That's the curviest
Read more