SSH authenticate with public key (not private key)
Is it possible to connect to a server using a public key? The server holds the private key in authorized_keys, and the client can connect with: ssh -i id_rsa.pub server
It is the exact opposite as the usual way with public/private keys: the client keeps the public key, and the server holds the private key.
Now the reason: For machines being deployed to customers, I want to setup a remote connection to rescue the machines in case of problems.
- the machine initiates a reverse SSH connection to the rescue server: connect using the public key (the same on all the machines: ssh -i id_rsa.pub -NR 64000:localhost:22 rescue@server)
- the machine opens a channel, but cannot execute commands (prompt /bin/false)
- on the server, do a SSH to the machine through the open channel and authenticate with the private key (the usual way: ssh -i id_rsa -p 64000 localhost).
You can't use keys to authenticate in opposite order of private/public, because of the way how asymmetric cryptography works.
The alternative solution for you can be to use openssh certificates as described in manual pages and many how-to's.