I have three servers A,B, and C. I need to do is to run something like:
my_self#A:~$ ssh B "ssh C run_a_script_here"
This works if I have my ssh keys setup correctly on A,B,C, and I do not use SSH passphrase. But if I run this as a different user who has a SSH passphrase, I got an error:
user_has_passphrase#A:~$ ssh B "ssh C run_a_script_here"
Pseudo-terminal will not be allocated because stdin is not a terminal.
user_has_passphrase#A: Permission denied (publickey).
I checked online and it looks like this is a ssh-agent and/or keychain setup issue, and I have no idea how to set it up as I never used passphrase with my ssh keys.
Thanks,
Philip
You don't need to copy your private key on host-B and host-C.
Normally, you only add the public key to .ssh/authorized_keys and host-b and host-c.
Then you can use a proxy jump:
ssh hostC -o ProxyJump=hostB
You will be asked only once for your passphrase (on host-A)
Related
I want to add my ssh public key to the ESXi 7 host, so that I can login via ssh without using password.
But the esx host keep prompting me for the password.
I have tried the following:
Scenario A
When using the "normal" way of adding ssh keys to a host.
Make a ssh key pair with ssh-keygen -t rsa
Push ssh public key to ESXi host with ssh-copy-id root#esx.host
Now try login to esx host using ssh root#esx.host
This will prompt you for a password again.
Reason for failing
The ssh key is added to the esx hosts ~/.ssh/authorized_keys - but the SSH service, expect to find the keys in /etc/ssh/keys-root/authorized_keys.
Scenario B
Adding the the right place
Copy the key into esx by cat ~/.ssh/id_rsa.pub | ssh root#esx.host 'cat >>/etc/ssh/keys-root/authorized_keys'
Try login again with ssh root#esx.host
Still asking for password.
Scenario B is failing for a reason
Reason for failing
The ssh key is generated with by default 2048 bits, but should be 4096 bits.
Final Solution
# Generate the 4096 ssh key
ssh-keygen -t rsa -b 4096
# Copy the public key the right place on the esx host
cat ~/.ssh/id_rsa.pub | ssh root#esx.host 'cat >>/etc/ssh/keys-root/authorized_keys'
# Then login
ssh root#esx.host
Tada - now logged in without using password
Password:
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root#esx.host:~]
I'm trying to create an ansible and I want an ssh key specific for the ansible that requires no passphrase (for automation pourposes). Here's what I've done:
> ssh-keygen -t ed25519 -C "ansible"
Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\user_name/.ssh/id_ed25519): C:\Users\user_name/.ssh/ansible
At the following:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
I left them empty and just pressed enter and
the public/private key files get created.
I copied the public key to the VM I want to connect to and made sure it's there by looking inside the
~/.ssh/authorized_keys
But when I try connecting to the VM, with the ansible specific ssh key I just created (which doesn't require a passphrase) it asks me for the password...
ssh -i C:\Users\user_name/.ssh/ansible ip_addr
user_name#ip_addr's password:
Now, I believe the password is asking for it's the one of the VM itself, not the ssh key, but I was expecting to ssh inside without having to enter any sort of password. What am I missing?
The host machine is Windows 10, the VM has Ubuntu 20.04
My problem is that one user forgot his ssh passphrase for key, so i had to generate new one and install it on all environments.
Here's the thing: I have created key without any passphrase and copied it to all servers (single key pair on all servers) so every server has the same id_rsa key and id_rsa.pub key added to authorized_keys. And the problem is I still can't login to these servers.
output:
user#server1:~$ ssh user#server2
Enter passphrase for key '/home/user/.ssh/id_rsa': <empty>
Permission denied (publickey).
user#server1:~$
I have no idea what may cause the problem. I have generated those keys twice, tried to use ssh-add command to be sure that system can see those keys but nothing helped.
Do you have any idea how to solve this problem?
Remove ".ssh" forlder in every user folder (e.g. /home/user1), then try to generate new keys again. ".ssh" folder is hidden by default, press CTRL + H to showing the hidden file and folders.
Also, you can ssh to a system as password-less :
ssh-keygen
ssh-copy-id user#host
After the key is copied, ssh into the machine is password-less :
ssh user#host
After change your key, type:
ssh-add
And to verify, type:
ssh-add -l
And verify with md5sum your id_rsa.pub in your host and authorized_keys on the server.
I've got two EC2 instances and I'm trying to see if I can ssh from one to another.
If I try from my Windows instance to PuTTY each of them it works( by providing the .ppk file).
Now, both instances were associated to the same key-pair and if I chekc in the .ssh/authorized_keys there is the same public key(obviously because it refers to the same Key-pair that I generated in AWS).
I tried to ssh <other host> but it asks me for a passphrase of the key which doesn't exist.
SO what I did now is to create a key-pair from instance A with ssh-keygen, then I tried
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
but it gives me this error:
Permission denied (publickey).
Please if you have any ideas they are welcome.
You can't use ssh-copy-id if the only authentication method you have is publickey.
When you generated the key on the first instance, you need to copy public part from ~/.ssh/id_rsa.pub to the other instances ~/.ssh/authorized_keys.
I'm using rsync to backup our server to another running an rsync daemon on our LAN using the command
rsync -av /volume1/ Public/ root#192.168.2.20:/shares/Backup/Public/
It's working great except that it requires a manual password entry, so I'd like to automate it with a key pair. Running ssh-keygen I get the below where I hit return 3 times
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
ssh-copy-id script isn't on our system, so I used the line below to copy the password file to the backup destination server. I checked and it copied correctly
> cat /root/.ssh/id_rsa.pub | ssh root#192.168.2.20 "cat >> /root/.ssh/authorized_keys"
As a test, I ssh to the destination server to ensure there's no longer a password prompt, but I'm still getting one?
DiskStation> ssh 192.168.2.20
root#192.168.2.20's password:
I'm not strong in unix, so am likely missing something obvious. Suggestions please?
___ Edit ____
Followed up with adding the following settings to sshd_config but still no luck:
RSAAuthentication yes
PubkeyAuthentication yes
Not sure if it matters, but the machine hosting the public key as a WD Sharespace which is a Debian Lenny build.
The correct procedure for passwordless SSH is as follows:
Begin by executing the ssh-keygen command to generate a key
ssh-keygen
Once you have the key, then you can copy it to the remote server. Use this command which makes it easier
ssh-copy-id user#host
The command assumes that you are using port 22 for ssh, if not use, with xxxx being the port number
ssh-copy-id "user#host -p xxxx"
See here for a detailed description of this command
In your case, when you are editing
/etc/ssh/sshd_config
Make sure you modify PasswordAuthentication from
PasswordAuthentication yes
to
PasswordAuthentication no
then restart sshd with
service sshd restart
Make sure the key is in your chain. ssh-add ~path/to/private/key otherwise you need to do ssh -i /path/to/key . Then make sure you're using ssh root#whatever. Then make sure the file is written to the remote node properly. Try copying and pasting rather than your cat and pipe. And lastly, try restarting ssh on the remote and perform those steps again (to permit the permitrootlogin to be active).
By the way, the fact that you are trying to avoid entering passwords and then you added a passphrase for the key, makes this entire process pointless.