LogMX and SSH Public Key Authentication

LogMX and SSH Public Key Authentication

What is SSH Public Key Authentication?

Public key authentication (sometimes also called "private key authentication") is an authentication method that relies on a generated public/private key pair (one file is the public key, one file is the private key). Owning the public key allows encrypting data, which can then only be read by a person who owns the private key.
This authentication method is not a LogMX specificity, and is widely used to connect to remote servers, for example SFTP, SCP, or SSH servers.

How to use SSH Public Key Authentication in LogMX?

Different types of keys

Public/private key pairs can be stored in many different formats, and not all applications handle all formats. The two main formats are the one from OpenSSH and OpenSSL. Until August 2018, both used to be same format, but since OpenSSH 7.8 (released in August 2018), OpenSSH has its own "proprietary" private key format, which is, sadly, not comptible with OpenSSL format. Even worse, the default format used by OpenSSH is now this new proprietary format.

Key types supported by LogMX

For now, LogMX only supports the OpenSSL / legacy-OpenSSH private key format, sometimes called "PEM" or "DER" (i.e. the new OpenSSH format introduced in August 2018 is not supported for now). The supported key types are RSA, ECDSA, and DSA.

How to generate a key pair for LogMX

With LogMX: Since LogMX 7.9.0, you can now generate a key pair directly with LogMX: menu "Tools", item "Options", tab "Network", and on a specific account, click on the button "Generate new key pair".
With ssh-keygen: Since OpenSSH 7.8, you have to use the "-m PEM" option to generate a key with the legacy PEM format. For example, you can use the command line "ssh-keygen -t rsa -m PEM" to generate a RSA key compatible with LogMX. Using an older version of ssh-keygen/OpenSSH, you can/should omit the "-m PEM" argument because the default behavior is/was to generate a PEM key pair.

How to convert a key pair for LogMX

You can use the following command line to convert an OpenSSH private key to a PEM private key file that will be compatible with LogMX:

ssh-keygen -p -m PEM -f your-private-ssh-key-file

How to use a key pair with LogMX

The public key must be copied on the server you want to connect to. Usually, it's done by pasting the content of the public key file in your file "~/.ssh/authorized_keys" on the server. Make sure the file permissions are set properly, usually "chmod 700 ~/.ssh ; chmod 600 ~/.ssh/authorized_keys" fixes any file permissions issues.
The private key must be reachable by LogMX. You can specify its path in your account settings (Options, Network).

How to tell which format is used by a private key

New OpenSSH private keys (not supported for now by LogMX) start with:
```
-----BEGIN OPENSSH PRIVATE KEY-----
		
```

Legacy (PEM) private keys usually start with one of these headers:

-----BEGIN RSA PRIVATE KEY-----
-----BEGIN DSA PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----