I understand setting up SSH from the command line of your local computer.
But app users shouldn't be using the command line, obviously.
How can a private SSH key be generated for each user, enabling passwordless connection to the remote server without using the command line?
SSH is a popular, more secure alternative to typical login methods, right? How is it usually done from the users point of view?
Related
I am fairly new to ssh and still learning it. Recently I have made a tunnel connection with an ssh host and managed to successfully transfer data/files from my machine to the server with the command: scp file.extension user#hostIP:/directory/directory.
While this was successful, I am kinda struggling to reverse it, sending data/files from the server to the client. How would one go about completing that? Do I need to make some changes to ssh_config or just CLI commands are enough?
You need to change the order:
scp user#hostIP:/directory/directory file.extension
that's accomplishing the invert operation, off course, assuming that the address is correct, the file exists and you have the necessary privileges.
I am trying to automate SSH login by using password. I can't use expect command or sshpass etc. So I am left with only option to use password directly.
Did lot of research in google and didn't get any solution... :(
Please help me with this.
The code I tried is.
#!/bin/bash
USERNAME=user1
PASSWORD=abcd1234
HOSTS="server01.mat.us"
ssh ${HOSTS} -l ${USERNAME} -p ${PASSWORD}
The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input. This also applies to the scp and sftp file transfer utilities, which invoke ssh to make the SSH connection. I believe this is a deliberate decision on the part of the OpenSSH developers. You have these options available to you:
Use an SSH key for authentication, instead of a password.
Use sshpass, expect, or a similar tool to invoke ssh through a TTY and automate responding to the password prompt.
Use (abuse) the SSH_ASKPASS feature to get ssh to get the password by running another program, described here or here, or in some of the answers here.
Get the SSH server administrator to enable host-based authentication and use that. Note that host-based authentication is only suitable for certain network environments. See additional notes here and here.
Write your own ssh client using perl, python, java, or your favorite language. There are ssh client libraries available for most modern programming languages, and you'd have full control over how the client gets the password.
Download the ssh source code and build a modified version of ssh that works the way you want.
Use a different ssh client. There are other ssh clients available, both free and commercial. One of them might suit your needs better than the OpenSSH client.
I'd recommend to use ssh keys instead of password if it's possible.
This script can help you to upload your public key to desired remote machine:
https://github.com/aprey10/ssh-authorizer
Following the basic instructions to secure the server, I took the following steps:
added a ssh-key
disabled password authentication
disabled rootlogin
created another user with sudo
As an another user I've no problem in accessing my server through terminal.
Now, I've also added my server on serverpilot [serverpilot.io], and my curiosity lies in the fact that without ssh key the server can't be accessed then how the user serverpilot is accessing the server with password and without sshkey which is not shared with serverpilot.
I purchased shared hosting from Vexxhost.I wanted to host my Rails application with them.I was given cpanel details.I generated SSH keys using the cPanel and converted it to .ppk format.Next, i downloaded the key.But when i try SSH login using Putty, i get the message Server Refused Our Key.Then i'm prompted for the password.When i enter password, message is displayed: Shell access is not available for your account.Contact support.I did contact support, but no reply.Am I doing any mistake in the procedure?
I haven't used cpanel to generate ssh keys, usually I do it at the ubuntu console. Is it possible that the ppk conversion has encoding issues? or it not done right?
Do you have access to a linux box? It would be simpler to test it there.
I have configured a server myself with ssh access, and if user does not have ssh access they are presented with user/pass. So it appears that your ssh credentials are denied, but your password is recognized as accurate. Authentication is happening.
About the issue of shell support. It could be that they enable shell support only if you connect with valid ssh credentials - in which case, you need to contact support.
Or, your account does not have ssh access, and you still need to contact support.
hope it helps
I am trying to do the following. I have an internal ssh server at work (e.g. internal#192.168.1.13). This server is behind a gateway (external#gateway.work.com).
I would like to ssh to internal#internal-ssh.work.com from my home machine. To do so, I have been first doing ssh to log into the external gateway, and then from there I will log into the internal machine. the account names on the two systems are different.
I was wondering if this can be done in one step through some type of SSH tunneling. I have tried a few approaches that adapt what I see in different places, but keep getting error messages.
You can use
ssh -t external#gateway.work.com ssh internal#192.168.1.13
and you will need to either have public key crypto set up, or enter your external password, then your internal password.