SSH authenticate with public key (not private key)

Is it possible to connect to a server using a public key? The server holds the private key in authorized_keys, and the client can connect with: ssh -i id_rsa.pub server

It is the exact opposite as the usual way with public/private keys: the client keeps the public key, and the server holds the private key.

Now the reason: For machines being deployed to customers, I want to setup a remote connection to rescue the machines in case of problems.

  1. the machine initiates a reverse SSH connection to the rescue server: connect using the public key (the same on all the machines: ssh -i id_rsa.pub -NR 64000:localhost:22 rescue@server)
  2. the machine opens a channel, but cannot execute commands (prompt /bin/false)
  3. on the server, do a SSH to the machine through the open channel and authenticate with the private key (the usual way: ssh -i id_rsa -p 64000 localhost).

Answers


You can't use keys to authenticate in opposite order of private/public, because of the way how asymmetric cryptography works.

The alternative solution for you can be to use openssh certificates as described in manual pages and many how-to's.


Need Your Help

How do I execute two tasks simultaneously and wait for the results in Groovy?

groovy concurrency gpars

I have a large processing task which I believe is ripe for being made more efficient with concurrency and parallelism.