Managing SSH Identities on Chrome OS

  05 Nov 2018     Chrome OS

The default shell in Chrome OS (“crosh” shell, invoked by Ctrl-Alt-T) only comes with a small set of command line commands. In order to get a full Linux development environment, the most convenient way is still to connect a remote server with the Secure Shell Extension (As of Nov 2019, Crostini, the Linux container on Chrome OS, has not come to many Chromebook models, e.g., my Samsung Chromebook Pro). However, because the Secure Shell App on Chrome OS is essentially browser based, it is not as straightforward as a normal Linux machine when it comes to management of ssh identities (public and secret keys) or known_hosts. This article tries to give solutions to some common issues.

Question: “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”

This issue happens when the host key of the server you are reaching does not match the record saved on your Chromebook. Secure Shell App blocks the connection to prevent potential man-in-the-middle attacks. However, in most cases, this simply happens after you reinstall the OS on your server. To address this issue, you can delete the corresponding entry in /.ssh/known_hosts.

First toggle the JavaScript console by Ctrl-Shift-J (within the Secure Shell App page). To delete a single record with index (the index can be found in the error message), type the following command in the console:

term_.command.removeKnownHostByIndex(INDEX);

To delete all records:

term_.command.removeAllKnownHosts();

Question: How to import ssh pub/private key identities (and delete them)?

Very often you want to use ssh keys instead of password to connect. You can import the keys by selecting the “Import…” link in the connection dialog page. Two files should be imported: one is a private key without file extension, and the other is a public which must ends in “.pub”. E.g., the keys generated by a Linux system are most liked “id_rsa” and “id_rsa.pub”.

It’s trickier To delete a saved identity (ssh key pair). To do this, you can select an identity from the dropdown and press the Delete key. However, since Chromebook does not come with Delete keys, you need to use Alt+Backspace instead.

Alternatively, to remove all keys, type the following in the JavaScript console:

term_.command.removeDirectory('/.ssh/')

References

  1. hterm/Secure Shell FAQ
  2. ChromeOS – removing SSH known_hosts from Chromebook

License

Creative Commons License This work by Yeguang Xue is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Comments