this post was submitted on 13 Dec 2023
14 points (81.8% liked)

Selfhosted

40347 readers
463 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Does anybody know a way of either converting (on android) a putty key to something I can use in ConnectBot, or a good android SSH app that can use Putty keys natively?

I am away from home without my laptop, which I would usually use. I only have my android phone with me.

A few months ago I tried creating RSA key pairs to use with Putty on my laptop and ConnectBot but for some reason I just could not crack it so gave up. I also used puttygen to create an RSA key but it would not work on ConnectBot

you are viewing a single comment's thread
view the rest of the comments
[–] ElderWendigo@sh.itjust.works 14 points 11 months ago* (last edited 11 months ago) (9 children)

Why are you trying to reuse an ssh key? That seems like a really bad practice. It's just not the way key pair authentication is supposed to work. Passing around and sharing private keys is BAD. Client devices create their own private keys and only share public keys. Just create a new key from ConnectBot and get it to your server via other methods. If you're already away from home without any other means of connecting, that last part is admittedly tricky and you may be SOL.

Isn't ConnectBot a dead project anyway? ~~Last I checked, it hadn't been updated in years.~~ Well, I guess I was wrong here. I can't find a simple full list of all the past updates, but I seem to remember moving away from ConnectBot because it lacked some feature I wanted and no longer worked on my new Android device. I've been satisfied with JuiceSSH, but I'm happy that ConnectBot is still alive since it was one of the first apps I installed on the first generation Android phone.

[–] alphapuggle@programming.dev -5 points 11 months ago (8 children)

I use the same identity file for all of my computers. I don't have password auth enabled on my server and it's an extreme inconvenience when I'm on a new machine and have to dig out a different machine to get a copy of my new key to the server. Best practice? Probably not, but I'd rather that than having password auth enabled. I keep an encrypted copy of my id_rsa on my thumb drive so I've always got it when I need it.

I had never personally heard of ConnectBot, but it says last updated in February of this year on Google Play. I don't see a real reason to use it over Termux however.

[–] aard@kyu.de 11 points 11 months ago (2 children)

If you want to stick with that "one key" approach - get a hardware token like a Nitrokey or a Yubikey. That should also work with most Android SSH clients.

[–] alphapuggle@programming.dev 1 points 11 months ago (1 children)

This is actually quite handy, I've got a yubikey already and didn't know they could be used for ssh

[–] aard@kyu.de 3 points 11 months ago

Unless you have one of the dumbed down Fido or whatever only versions yubikey is just a smartcard with key storage, and multiple different applications for interfacing with the keys - and as everybody (at least everybody sane) uses the same crypto algorithms those can be shared for whatever needs that.

For SSH you'll have at least two options - if you have a GPG key on that thing just use the auth-key on there (create one if you don't have that yet) for SSH, if not maybe adding a PIV key is the better option, that should be available via PKCS#11 then. There might be additional options as well, though.

load more comments (5 replies)
load more comments (5 replies)