SSH - Retrieve public key from incoming connections

I have setup an ssh connection (autossh) from a remote machine with IP xxx.yyy.148.203 to do reverse port forwarding. Today I came to the server (oversea) and accidentally deleted the public key of my remote machine on the server. This is server's logs :

authpriv.info dropbear[6422]: Child connection from xxx.yyy.148.203:43363
authpriv.info dropbear[6422]: Exit before auth (user 'root', 0 fails): Exited normally

Is there any way to retrieve the remote machine's public key from it's incomming connections?

Worth to mention that I am currently have no other ways to access the remote machine or ask anyone from that country, and unable to go back any time soon.


I don't quite understand what you deleted...


If you deleted the public key belonging to a private ssh key: that can simply be regenerated from the private key file with ssh-keygen and the -e -f /path/to/private.key options. That works for both the private key used by an ssh client as well as for the private key used by the OpenSSH sshd server.


If you deleted an entry in a ~/.ssh/authorized_keys file: yes, in theory you can recover that entry from the incoming connection:

As far as I know when your SSH server allows public key authentication and the client attempts public key authentication, the client will send the full public key(s) to the remote server.

If the first public key is not accepted by the server then the client will typically send the next available key(s) until either:

  • all public keys from the client have been sent
  • the server limit for maximum login attempts has been reached and the connection closed
  • the server responds with a message that a particular key will be accepted

As far as I know the normal log levels on the OpenSSH sshd server won't actually log/display the full public_key client tries to use but only the fingerprint(s) but I haven't tested that recently. (See what happens on LogLevel Verbose and for instance with DEBUG[1-3])

This blog and the linked customized sshd may be of interest: https://blog.goeswhere.com/2015/10/ssh-key-capture/ if logging with your normal sshd is insufficient to recover the public key.