# .pem Files Location Summary ## Files Found ### 1. Validator Keys (Besu Validator Keys) **Location**: `/home/intlc/projects/smom-dbis-138/keys/validators/` These are **Besu validator keys**, not SSH keys: - `keys/validators/validator-1/key.pem` - Validator 1 private key - `keys/validators/validator-1/pubkey.pem` - Validator 1 public key - `keys/validators/validator-2/key.pem` - Validator 2 private key - `keys/validators/validator-2/pubkey.pem` - Validator 2 public key - `keys/validators/validator-3/key.pem` - Validator 3 private key - `keys/validators/validator-3/pubkey.pem` - Validator 3 public key - `keys/validators/validator-4/key.pem` - Validator 4 private key - `keys/validators/validator-4/pubkey.pem` - Validator 4 public key **Purpose**: These are used for Besu validator node authentication, not for SSH access. ### 2. SSH Keys on Nginx Proxy **Location**: `~/.ssh/` on Nginx proxy (20.160.58.99) **Found**: - `~/.ssh/id_rsa.pub` - **Public key** (exists) - `~/.ssh/id_rsa` - **Private key** (NOT FOUND - missing) **Status**: - ✅ Public key exists - ❌ Private key missing (this is why SSH from Nginx proxy to backend VMs fails) ### 3. SSH Keys in Project Directory **Location**: Project root **Found**: None ## Issue Identified The Nginx proxy has the **public key** (`id_rsa.pub`) but is **missing the private key** (`id_rsa`). This is why: 1. SSH connections from Nginx proxy to backend VMs fail with "Permission denied (publickey)" 2. The public key cannot be used to authenticate without the matching private key ## Solutions ### Option 1: Generate New SSH Key Pair on Nginx Proxy ```bash # SSH to Nginx proxy ssh besuadmin@20.160.58.99 # Generate new key pair ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" # Copy public key to backend VMs for IP in 10.1.1.4 10.2.1.4 10.3.1.4 10.4.1.4 10.5.1.4; do ssh-copy-id -o StrictHostKeyChecking=no besuadmin@$IP done ``` ### Option 2: Copy Private Key from Local Machine If you have the private key on your local machine: ```bash # Copy private key to Nginx proxy scp ~/.ssh/id_rsa besuadmin@20.160.58.99:~/.ssh/id_rsa ssh besuadmin@20.160.58.99 "chmod 600 ~/.ssh/id_rsa" ``` ### Option 3: Use Azure Run Command to Add Public Key Since we have the public key, we can add it to backend VMs using Azure Run Command (once it's working): ```bash PUBLIC_KEY=$(ssh besuadmin@20.160.58.99 "cat ~/.ssh/id_rsa.pub") # Then add to each VM's authorized_keys via Azure Run Command ``` ## Validator Keys The `.pem` files in `keys/validators/` are **Besu validator keys**, not SSH keys. They are used for: - Validator node authentication in the Besu network - Signing blocks and transactions - Not for SSH access to VMs --- **Last Updated**: After comprehensive search for .pem files