Does anybody know a way of either converting (on android) a putty key to something I can use in ConnectBot, or a good android SSH app that can use Putty keys natively?
I am away from home without my laptop, which I would usually use. I only have my android phone with me.
A few months ago I tried creating RSA key pairs to use with Putty on my laptop and ConnectBot but for some reason I just could not crack it so gave up. I also used puttygen to create an RSA key but it would not work on ConnectBot
ElderWendigo@sh.itjust.works 11 months ago
Why are you trying to reuse an ssh key? That seems like a really bad practice. It’s just not the way key pair authentication is supposed to work. Passing around and sharing private keys is BAD. Client devices create their own private keys and only share public keys. Just create a new key from ConnectBot and get it to your server via other methods. If you’re already away from home without any other means of connecting, that last part is admittedly tricky and you may be SOL.
Isn’t ConnectBot a dead project anyway. Last I checked, it hadn’t been updated in years.
alphapuggle@programming.dev 11 months ago
I use the same identity file for all of my computers. I don’t have password auth enabled on my server and it’s an extreme inconvenience when I’m on a new machine and have to dig out a different machine to get a copy of my new key to the server. Best practice? Probably not, but I’d rather that than having password auth enabled. I keep an encrypted copy of my id_rsa on my thumb drive so I’ve always got it when I need it.
I had never personally heard of ConnectBot, but it says last updated in February of this year on Google Play. I don’t see a real reason to use it over Termux however.
ElderWendigo@sh.itjust.works 11 months ago
No, you’re missing the point and creating a false choice here. You’re supposed to generate new keys for each client device and load their various public keys into the authorized keys file in your server user’s home folder. Copying around your private key like that is just BAD security and not how public key authentication is designed to work. It’s not as if the only two options are your bad way or passwords.
As an example, you copy your single private key to various devices and even carry (a probably un encrypted) copy around with you on a thumb drive, while I generate a fresh key set from each client that I use to connect. When your private key is compromised (when, NOT if), you must remove that public key from your server to lock out the bad actor, but that also completely locks you out. Unless you have physical password access to the machine at the moment its compromised, you’re also locked out. When one of my keys is compromised, I can just exclude that machine’s key from my authorized keys list on the server and continue accessing my machine remotely via any of the other uncompromised clients.
aard@kyu.de 11 months ago
If you want to stick with that “one key” approach - get a hardware token like a Nitrokey or a Yubikey. That should also work with most Android SSH clients.