I had trouble myself getting SSH auth to work, though I never ran into the ring errors.
pijul keys --generate-ssh creates an SSH key in pkcs8 format at ~/.pijulconfig/id_ed25519.pkcs8, I couldn’t figure out how to convert/extract a public key suitable for adding to my profile on the nest.
Here’s the steps I took to get SSH auth working if the
--generate-ssh method doesn’t work for you.
- Generate an ed25519 SSH key in ~/.ssh/id_ed25119
in PEM format that isn’t password protected. (updated to correct command)
$ # ssh-keygen -t ed25519 -f ~/.ssh/id_ed25119.der
$ # ssh-keygen -f ~/.ssh/id_ed25519.der -e -m pem > ~/.ssh/id_ed25519
$ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25119
Copy the public key ~/.ssh/id_ed25119.pub to your nest profile.
I never tested to see if pijul could load the DER file format, so the PEM conversion may not be necessary, but the final key must be ~/.ssh/id_ed25519.
I also built pijul from the latest source. Dunno if you need to do the same or not. I can provide pointers there if needed.
I used ed25119 because pijul was reporting errors with the RSA key I made. Though, after looking at pijul’s code, I suspect it wanted both the public and private keys, and I had my RSA pubkey outside ~/.ssh.