I have created an account and added my public key it.
however trying to push my signing key or push a repo to nest.pijul.com doesn’t work.
I get this error:
Hi! Thanks for reporting this. This is supposed to be fixed when the next version of thrussh-keys comes out, but this is currently blocked by the following PR of mine in *ring*: https://github.com/briansmith/ring/pull/582
I had trouble myself getting SSH auth to work, though I never ran into the ring errors.
While pijul keys --generate-ssh creates an SSH key in pkcs8 format at ~/.pijulconfig/id_ed25519.pkcs8, I couldn’t figure out how to convert/extract a public key suitable for adding to my profile on the nest.
Here’s the steps I took to get SSH auth working if the --generate-ssh method doesn’t work for you.
Generate an ed25519 SSH key in ~/.ssh/id_ed25119 in PEM format that isn’t password protected. (updated to correct command)
Copy the public key ~/.ssh/id_ed25119.pub to your nest profile.
Profit
I never tested to see if pijul could load the DER file format, so the PEM conversion may not be necessary, but the final key must be ~/.ssh/id_ed25519.
I also built pijul from the latest source. Dunno if you need to do the same or not. I can provide pointers there if needed.
I used ed25119 because pijul was reporting errors with the RSA key I made. Though, after looking at pijul’s code, I suspect it wanted both the public and private keys, and I had my RSA pubkey outside ~/.ssh.
I got it to work without the conversion!
So just created an ed25519 key pair and made sure as you said the naming was id_ed25529
Uploaded the public to nest, and after initial push I got
The authenticity of host "nest.pijul.com":22 cannot be established.
You’re right. I’m using openssh 7.6p1 and forgot about the unsupported key type. The conversion wasn’t necessary as you found. Sorry about that.
The authenticity of host “nest.pijul.com”:22 cannot be established.
Not sure why you ran into that, but pretty sure it means your client wasn’t able to fingerprint the server’s SSH key, or at least recognize the fingerprint. This is done so that the next time you SSH into the server, your client can verify whether it connected to the same host or a different host.
I may have seen that message appear once after pmeunier migrated the nest to another server, but I don’t recall the exact message I saw and it hasn’t happened since.