Setting up ssh key without a passphrase - ssh

I'm trying to create an ansible and I want an ssh key specific for the ansible that requires no passphrase (for automation pourposes). Here's what I've done:
> ssh-keygen -t ed25519 -C "ansible"
Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\user_name/.ssh/id_ed25519): C:\Users\user_name/.ssh/ansible
At the following:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
I left them empty and just pressed enter and
the public/private key files get created.
I copied the public key to the VM I want to connect to and made sure it's there by looking inside the
~/.ssh/authorized_keys
But when I try connecting to the VM, with the ansible specific ssh key I just created (which doesn't require a passphrase) it asks me for the password...
ssh -i C:\Users\user_name/.ssh/ansible ip_addr
user_name#ip_addr's password:
Now, I believe the password is asking for it's the one of the VM itself, not the ssh key, but I was expecting to ssh inside without having to enter any sort of password. What am I missing?
The host machine is Windows 10, the VM has Ubuntu 20.04

Related

ESXi keeps prompting for password after adding ssh public key to authorized_keys

I want to add my ssh public key to the ESXi 7 host, so that I can login via ssh without using password.
But the esx host keep prompting me for the password.
I have tried the following:
Scenario A
When using the "normal" way of adding ssh keys to a host.
Make a ssh key pair with ssh-keygen -t rsa
Push ssh public key to ESXi host with ssh-copy-id root#esx.host
Now try login to esx host using ssh root#esx.host
This will prompt you for a password again.
Reason for failing
The ssh key is added to the esx hosts ~/.ssh/authorized_keys - but the SSH service, expect to find the keys in /etc/ssh/keys-root/authorized_keys.
Scenario B
Adding the the right place
Copy the key into esx by cat ~/.ssh/id_rsa.pub | ssh root#esx.host 'cat >>/etc/ssh/keys-root/authorized_keys'
Try login again with ssh root#esx.host
Still asking for password.
Scenario B is failing for a reason
Reason for failing
The ssh key is generated with by default 2048 bits, but should be 4096 bits.
Final Solution
# Generate the 4096 ssh key
ssh-keygen -t rsa -b 4096
# Copy the public key the right place on the esx host
cat ~/.ssh/id_rsa.pub | ssh root#esx.host 'cat >>/etc/ssh/keys-root/authorized_keys'
# Then login
ssh root#esx.host
Tada - now logged in without using password
Password:
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root#esx.host:~]

cannot login after changing key ssh

My problem is that one user forgot his ssh passphrase for key, so i had to generate new one and install it on all environments.
Here's the thing: I have created key without any passphrase and copied it to all servers (single key pair on all servers) so every server has the same id_rsa key and id_rsa.pub key added to authorized_keys. And the problem is I still can't login to these servers.
output:
user#server1:~$ ssh user#server2
Enter passphrase for key '/home/user/.ssh/id_rsa': <empty>
Permission denied (publickey).
user#server1:~$
I have no idea what may cause the problem. I have generated those keys twice, tried to use ssh-add command to be sure that system can see those keys but nothing helped.
Do you have any idea how to solve this problem?
Remove ".ssh" forlder in every user folder (e.g. /home/user1), then try to generate new keys again. ".ssh" folder is hidden by default, press CTRL + H to showing the hidden file and folders.
Also, you can ssh to a system as password-less :
ssh-keygen
ssh-copy-id user#host
After the key is copied, ssh into the machine is password-less :
ssh user#host
After change your key, type:
ssh-add
And to verify, type:
ssh-add -l
And verify with md5sum your id_rsa.pub in your host and authorized_keys on the server.

Why do I still have to enter password after I entered ssh-agent and ssh-add?

I'm learning Ansible, in a setup document : http://docs.ansible.com/intro_getting_started.html
It says if I don't want to enter password every time, I can do :
$ ssh-agent bash
$ ssh-add ~/.ssh/id_rsa
I did it, but how come I still have to enter password every time ?
Then it says "you may wish to use Ansible’s --private-key option", but I can't find any document on that. Whay's that for and how to do it ?
I'm not sure about Ansible, but I know a bit about how ssh keys work
When you generate a new SSH key with the ssh-keygen command (which by default goes to the ~/.ssh/id_rsa file), it asks you to put in a passphrase(password)
Whenever you use that key, it will ask you for that passphrase.
If you create a new key with
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/YOUR_USERNAME/.ssh/id_rsa_nopass
Enter passphrase (empty for no passphrase): [just press enter, don't type anything]
Enter same passphrase again: [just press enter again]
This will create both an id_rsa_nopass private key file, and an id_rsa_nopass.pub public key file in the directory you chose (/home/user/.ssh)
You should then be able to use the following command, assuming ansible is set up to use your ssh keys correctly
$ ssh-add ~/.ssh/id_rsa_nopass
NOTE: Using an ssh key without a passphrase can be dangerous, as anybody can access your device and connect without knowing your password. If you don't mind this, then a no-passphrase ssh key is a good way to avoid typing a password everyone
edit: Just looked into Ansible a bit, it's basic setup is just to run a command on an ssh server, right?
In which case, you may need to add your public key to whichever server you are connecting to, this can usually be done via the command
ssh-copy-id -i /path/to/your/public/key/file yourname#yourserver.com -p your_server's_ssh_port
For example, to authorize the id_rsa_nopass key from earlier to the account foobar on the server example.org, with ssh port 10022 you would do
ssh-copy-id -i ~/.ssh/id_rsa_nopass.pub foobar#example.org -p 10022
This will prompt you for the password to foobar#example.org, upon filling in the password it will authorize that public key to connect to that server, and since id_rsa_nopass has no passphrase, you should now be able to connect without any password prompt

Vagrant asks for password after SSH key update

I remade my SSH key after switching to a new machine and just copied over my existing customized Vagrant box I packaged up.
When I tried to ssh into the box, I got the REMOTE HOST IDENTIFICATION HAS CHANGED error. So I cleared the entry out of the known_hosts and ssh'd back into the box. The new key was accepted, but now every time I ssh in I am required to enter the default vagrant password instead of just using my ssh key.
What am I missing here?
"The new key was accepted"?
Have you verified that the private key on Host and the public key on Guest paired?
If the key was accepted, no password prompt should pop up.
To verify your private/public keys:
Locate your private key on Host OS(IdentityFile for vagrant):
vagrant ssh-config
Generate public key from private key:
ssh-keygen -y -f private_key > public_key
cat public_key
Compare the generated public_key with the public_key on Guest OS(you can login by password).
cat ~/.ssh/authorized_keys
I have this issue and it seems to be caused by multiple VM running. I typed vagrant ssh-congfig and noticed that it reported port 2200 instead of 2222 which I was connecting on. When I connected on 2200 it didn't require password. Not sure if that is same for you but it's what happened to me.
Do you have the line like below in your ~/.ssh/config ?
PubkeyAcceptedKeyTypes ssh-dss,ssh-rsa
In my case, after removing this, vagrant ssh stopped asking me for password.

ssh still asking for password

I have two servers called: "eps" and "dev". On server dev I have added the public key of eps to the authorized_keys file. I have then restarted SSH service on the dev server to ensure it picks up the new public key I added to the authorized_keys file.
However when I then try and ssh into "dev" from "eps", I'm prompted for passphrase for a key. the exact prompt is: Enter passphrase for key '/home/webmaster/.ssh/id_rsa':
Why is this happening? I thought it should just log me into the dev server right away.
When creating the SSH key using ssh-keygen you are prompted for a password to secure the private key. Therefore for SSH to use the key the password has to be entered to unlock the private key locally, which is why you are seeing the "Enter passphrase for key". This is not the same as the password to authenticate the user on the SSH server.
In order to have a password-less login you need to create a keyfile with ssh-keygen which has an empty password.