ssh using key of the remote host - ssh

Say I want to ssh using key from client to a server. On the server, this key exists /home/alice/.ssh/id_rsa. Can I copy this key file to the client and use it to ssh to the server client like:
[john#clienthost] ssh -i /path/to/alice/id_rsa alice#server

Related

Deploying with CircleCI - SSH into server requires password but I have SSH key associated

I am trying to SSH into the server as part of the deployment job in CircleCI
ssh -oStrictHostKeyChecking=no $DEV_DROPLET_USER#$DEV_DROPLET_IP
I have my SSH private key for the user on this server loaded into CircleCI but everytime I run the job, I get this output
Warning: Permanently added '$host' (ECDSA) to the list of known hosts.
<$user>#<$host>'s password:
How can I stop it prompting me for the password?
I have added the SSH key for this user to the SSH Agent on the server (these instructions)
For a passwordless ssh connection, you must:
put the private ssh key into a file in the directory $HOME/.ssh/ on the client computer connecting to the server (example : $HOME/.ssh/MyServer)
copy the public ssh key into the file $HOME/.ssh/authorized_keys on the server
have writing permission on the file $HOME/.ssh/known_hosts on the client computer
The sshd service is normally already configured to accept key based authentication.
From the client computer, you can now do a passwordless connection ssh -i $HOME/.ssh/MyServer $DEV_DROPLET_USER#$DEV_DROPLET_IP
Of course, on the client computer your $DEV_DROPLET_USER must have appropriate permissions for accessing the ssh related files.
You don’t need to do anything with the ssh agent, on the client or on the server.
Late reply, but I hope it helps somebody else in the future.
Assuming you followed these instructions in the CircleCI docs, then the private key will automatically be copied to the machine being used by CircleCI when the add_ssh_keys step is run.
Make sure one the server you are trying to SSH into, the public key generated (in ~/.ssh/id_rsa.pub or something similar) is copied to the ~/.ssh/authorized_hosts file on the same server. This crucial step is what allows anybody with the private key (CircleCI) to be allowed into the server.

SSH connection with .pub file

I am given with id_rsa.pub from client. And I was told to connect to it. I tried adding the key with ssh-copy-id user#ec2-remoteserver.com
But it gave the error. Permission denied (publickey).
Then I thought of trying to connect with
ssh -i /c/Users/kdash/Desktop/id_rsa.pub user#ec2-instance.com
It now says the error
Load key "/c/Users/kdash/Desktop/id_rsa.pub": invalid format
Can anyone please help me understand how shall I add the given .pub key file and access to the remote server.
Earlier I had connected to servers with .pem files as such:
ssh -i /c/Users/kdash/Desktop/server.pem user#ec2-instance.com
I am not clear how .pub file can be used.
Client should provide you the private key to connect to server.
I am sure client must have added the public key in their ~/.ssh/authorized_keys
Once client provide you the private-key file, then you can connect as
ssh -i <private-key> user#ec2-instance.com
See example here, remote machine is adding public key in ~/.ssh/authorized_keys and then user can connect to it using private key.
So I guess, you need private key file to connect to remote ssh server.
Remote machine should never add private key in ~/.ssh/authorized_keys.

Connecting to my remote site using git bash shell SSH

I can connect using these credentials through ftp but not through ssh.
Timothy#ement MINGW64 ~
$ ssh timothy#mywebsite.com
ssh: connect to host mywebsite.com port 22: Connection timed out
I'm sure this question has been asked a million times before. Does it have anything to do with ssh keys?
I'm using siteground and in the ssh/shell access area i've added this:
t r timothy#mywebsite.com KtV/T4QvP4K9n7Zki9n+ZWp6 0.0.0.0/0 - ALL Remove Key | Add IP | Private Key
any help would be appreciated. Thank you.
Does it have anything to do with ssh keys?
Yes: see the official SiteGround documentation How to use SSH.
you need to enable ssh access and register your public ssh key.
then you can use ssh (provided in your <path-to-git>/usr/bin) in order to access
ssh -p18765 <user>#yourdomain
SiteGround chooses to run its sshd on port 18765, not the default 22.
The siteground tutorials are junk, two out of the three chat support staff I spoke with just referred me to the tutorials when I was attempting to make a connection to my siteground server over ssh.
These are the steps that finally worked:
From the cPanel Advanced section select SSH/Shell Access
Generate a new key using their utility (make note of the password you used for later use).
*** They have a tutorial that should allow you to create a private key on linux then upload the public key to their site. That is "not recommended" and I was unable to get that to work.
Once you have their key listed in the current keys table click the Private Key link
Copy the Private Key to a file in your local .ssh directory (make sure the mask is 0600)
run the following command:
ssh-add
enter the passphrase you used when generating the key using their utility
If you get a response "Identity added: ..." you are all set
you should now be able to use the command:
ssh # -p18765
It doesn't look like they have X11 forwarding enabled though so if you use ssh -X you will get:
X11 forwarding request failed on channel 0

Add authorized key with only one SSH login

The typical procedure for a user to add an authorized key to ~/.ssh/authorized_keys is:
Copy the public key on the remote host with scp.
Connect with ssh and add the key to the file.
Such a procedure is for instance described in an answer to ”How to add a ssh key to remote server?”
Is this possible to add the key in only one step — with only one login to the remote server? An answer working on FreeBSD and Debian GNU/Linux (both with OpenSSH) would be great.
ssh-copy-id user#hostname.com -i filename_of_key_to_copy

How to generate an ssh key for logging into a server without a password

I have used servers on amazon AWS where they send me a public key .pem file and when I ssh in, all I have to do is:
ssh -i key.pem user#server
I now have a server of my own and am trying to figure out how I can do this with my server so I can automate commands to my server via ssh.
I imagine that I need to generate this key on my server and copy it to my client machine. How do I generate this key?
On the client machine you wish to login from, run ssh-keygen. For a quick and easy key, just hit enter on all of the questions. This will create a key pair in ~/.ssh. Specifically, ~/.ssh/id_rsa is your private key (keep this one safe), and ~/.ssh/id_rsa.pub is your public key (okay to distribute).
Copy your public key (~/.ssh/id_rsa.pub) onto the server that you wish to login to (e.g. scp ~/.ssh/id_rsa.pub me#myserver:. On the server, run cat id_rsa.pub >> .ssh/authorized_keys. To make sure that it has the correct permissions, you can run chmod 644 ~/.ssh/authorized_keys. Also, you can now delete the id_rsa.pub file that you copied over.
That's it! You should have password-less login from client to server. You must repeat the process with client and server swapped if you want password-less login from server to client.
Notes:
If the ~/.ssh directory does not exist on your server, the best way to create it is to ssh from the server to some other machine (e.g. the client). This will ensure that it has the correct permissions.
If you are paranoid about someone getting access to the client, you can password protect the key (one of the prompts when running ssh-keygen), but then you will have to enter that password every time you log in. The solution to this problem is to use ssh-agent.