Why do I need public key for auth?

[T3rm1]

Isn't it possible to derive the public key from the private key? Why do I need to set the public key in the KeyProvier? It would be easier to only set the private key.

[hierynomus]

Can you clearly describe (including code sample) what you're trying to do and with methods you're invoking? 2017-08-16 17:14 GMT+02:00 T3rm1 <notifications@github.com>:

…

Isn't it possible to derive the public key from the private key? Why do I need to set the public key in the KeyProvier? It would be easier to only set the private key. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#350>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAHLo8ZExosaXYFcyk3b1EjqENU_CtXPks5sYwdSgaJpZM4O5Eaj> .

[T3rm1]

sshClient.loadKeys(keypair) requires a KeyPair. In order to auth I have to set the private key and the public key of it. If I'm not mistaken the public key can be derived from the private key. If you do that in your library the user wouldn't need to load the public key first and it would be enough to set only the private key.

[hierynomus]

@T3rm1, if you look at the methods to authenticate, there are actually multiple ways that handle this exact usecase for you...

• SSHClient.authPublicKey(String username): Uses the default named keys in the users' home-dir
• SSHClient.authPublicKey(String username, Iterable<KeyProvider>): Takes a KeyProvider which can be instantiated with SSHClient.loadKeys(...)

The SSHClient.loadKeys() method has a number of alternative interesting overloads:

• loadKeys(String location): Takes the location of an unencrypted private key file
• loadKeys(String location, PasswordFinder/char[]/String password): Takes the location of an encrypted private key file
• loadKeys(String privKey, String pubKey, PasswordFinder): Takes the location of both the private and public key and the password needed to unlock the encrypted private key.
• loadKeys(KeyPair kp): Takes an already loaded keypair to use.

As you see there are a number of methods which do all the magic for you, adn there is one that allows you to override the defaults. So I really do no see any problem or something that is missing.

[T3rm1]

I was talking about the publickey auth mechanism. Sorry if that wasn't obvious. You named some methods suitable for that method. All of the method require that you load the public and the private key.
Can you explain to me, why in any of these methods, it is required to specify the public key?

[hierynomus]

I'm not so sure what you mean still. Most of the methods I mentioned (which all do public key auth) do not require you to load the public key. It will take care of that for you.

Public keys are sometimes easily guessable from the private key, but this is only in specific cases. More generally, most private key encodings actually also contain the public key in an encoded format (so no need to do the mathematical guessing game). But this is not for all and always the case.

[T3rm1]

Ok, check out this link
I have my private key in a file that is not located at the default location. So I need to use either loadKeys(KeyPair kp) or SSHClient.authPublicKey(String username, Iterable<KeyProvider>). Both methods require a public key! This doesn't make sense. Why did you design these methods to require a public key when, in reality, only the private key is really needed?

[hierynomus]

The link you're referring to uses the fact that openssh private key files contain an encoded copy of the public key. But that is not the case for all types of keys. Just an artefact of how the openssh format works. Op 22 aug. 2017 5:04 p.m. schreef "T3rm1" <notifications@github.com>:

…

Ok, check out this link <https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key> I have my private key in a file that is not located at the default location. So I need to use either loadKeys(KeyPair kp) or SSHClient.authPublicKey(String username, Iterable<KeyProvider>). Both methods require a public key! This doesn't make sense. Why did you design these methods to require a public key when, in reality, only the private key is really needed? — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#350 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAHLo9kmOtxrPLjifpUqu6Q_7liAyZp_ks5sau30gaJpZM4O5Eaj> .

[T3rm1]

Oh okay, I didn't know that. Since OpenSSH is the defacto standard implementation of SSH, what other kind of keys do you support?

[hierynomus]

We support a number of key files:

• OpenSSHv1
• OpenSSH
• PKCS#5
• PKCS#8
• Putty

But also be aware (I forgot that was possible) that you may set the second parameter of loadKeys to null (ie. the publicKey), which means there is no separate public key. It will then try to use the encoded key if possible.

[dixon961]

When I try to connect by SSH to server i can input in terminal:
ssh -i ./private_key root@IP (IP == ip of my server)
where private_key is a file where only private key is written (i created it by myself, just paste known private key)

Using your library i want to connect to server only having serverIp and private key as String.
I can use OpenSSHKeyFile and my private_key file and it works well. How can I use only String without creating a file? Want to write something like:
ssh.authPrivateKey(String username, String privateKey)

[hierynomus]

@dixon961 You can implement a new type of KeyProvider which could take the privatekey as a byte array or base64 encoded string.

Please note that htis issue was closed. If you want to raise a feature request, please submit a new issue.