I am trying to configure a SSH Key-Based Authentication and after i created one, i want to copy the SSH Public Key to my server. When i give the following command on git bash : ssh-copy-id username#remote_host , i am asked for a password.
remote_host must be the floating_ip of the VM that i am trying to connect to ?
Which password should i type in ?
It would be really helpful if you could answer my questions.
On the first SSH operation (here an ssh-copy-id), you would need the password of the remote account, in order for the command to add your public kay to said remote user account ~/.ssh/authorized_keys.
Only then subsequent SSH commands would work without asking for password (only passphrase, if your private key is passphrase-protected, and if you have not added the private key to an ssh agent, for caching said passphrase).
Related
I am trying to SSH into the server as part of the deployment job in CircleCI
ssh -oStrictHostKeyChecking=no $DEV_DROPLET_USER#$DEV_DROPLET_IP
I have my SSH private key for the user on this server loaded into CircleCI but everytime I run the job, I get this output
Warning: Permanently added '$host' (ECDSA) to the list of known hosts.
<$user>#<$host>'s password:
How can I stop it prompting me for the password?
I have added the SSH key for this user to the SSH Agent on the server (these instructions)
For a passwordless ssh connection, you must:
put the private ssh key into a file in the directory $HOME/.ssh/ on the client computer connecting to the server (example : $HOME/.ssh/MyServer)
copy the public ssh key into the file $HOME/.ssh/authorized_keys on the server
have writing permission on the file $HOME/.ssh/known_hosts on the client computer
The sshd service is normally already configured to accept key based authentication.
From the client computer, you can now do a passwordless connection ssh -i $HOME/.ssh/MyServer $DEV_DROPLET_USER#$DEV_DROPLET_IP
Of course, on the client computer your $DEV_DROPLET_USER must have appropriate permissions for accessing the ssh related files.
You don’t need to do anything with the ssh agent, on the client or on the server.
Late reply, but I hope it helps somebody else in the future.
Assuming you followed these instructions in the CircleCI docs, then the private key will automatically be copied to the machine being used by CircleCI when the add_ssh_keys step is run.
Make sure one the server you are trying to SSH into, the public key generated (in ~/.ssh/id_rsa.pub or something similar) is copied to the ~/.ssh/authorized_hosts file on the same server. This crucial step is what allows anybody with the private key (CircleCI) to be allowed into the server.
i write a script to ssh to a server in a loop using public key. However, because of some reason my public key was not correctly copied to the login server. So, i will be hanged at servers with fault public key. the situation can be exampled like below:
i use eval /usr/local/bin/ssh-attach on my desktop to record the passphrase corresponging to private file A when login to the remote servers
however, serverA have added A.pub corresponding to private key file A to authorized_keys file
i have a private key file B on my desktop, so when trying to ssh login serverA it will hang with a prompt to ask passphrase.
Does ssh have some params to config to bypass this situation?
You can use the -i option to specify the key you want the ssh to use.
ssh -i path/to/key/file user#example.com
or you can add the equivalent setting to your ssh config file
Host Example
User john
IdentityFile /path/to/file
I have two servers called: "eps" and "dev". On server dev I have added the public key of eps to the authorized_keys file. I have then restarted SSH service on the dev server to ensure it picks up the new public key I added to the authorized_keys file.
However when I then try and ssh into "dev" from "eps", I'm prompted for passphrase for a key. the exact prompt is: Enter passphrase for key '/home/webmaster/.ssh/id_rsa':
Why is this happening? I thought it should just log me into the dev server right away.
When creating the SSH key using ssh-keygen you are prompted for a password to secure the private key. Therefore for SSH to use the key the password has to be entered to unlock the private key locally, which is why you are seeing the "Enter passphrase for key". This is not the same as the password to authenticate the user on the SSH server.
In order to have a password-less login you need to create a keyfile with ssh-keygen which has an empty password.
I have used servers on amazon AWS where they send me a public key .pem file and when I ssh in, all I have to do is:
ssh -i key.pem user#server
I now have a server of my own and am trying to figure out how I can do this with my server so I can automate commands to my server via ssh.
I imagine that I need to generate this key on my server and copy it to my client machine. How do I generate this key?
On the client machine you wish to login from, run ssh-keygen. For a quick and easy key, just hit enter on all of the questions. This will create a key pair in ~/.ssh. Specifically, ~/.ssh/id_rsa is your private key (keep this one safe), and ~/.ssh/id_rsa.pub is your public key (okay to distribute).
Copy your public key (~/.ssh/id_rsa.pub) onto the server that you wish to login to (e.g. scp ~/.ssh/id_rsa.pub me#myserver:. On the server, run cat id_rsa.pub >> .ssh/authorized_keys. To make sure that it has the correct permissions, you can run chmod 644 ~/.ssh/authorized_keys. Also, you can now delete the id_rsa.pub file that you copied over.
That's it! You should have password-less login from client to server. You must repeat the process with client and server swapped if you want password-less login from server to client.
Notes:
If the ~/.ssh directory does not exist on your server, the best way to create it is to ssh from the server to some other machine (e.g. the client). This will ensure that it has the correct permissions.
If you are paranoid about someone getting access to the client, you can password protect the key (one of the prompts when running ssh-keygen), but then you will have to enter that password every time you log in. The solution to this problem is to use ssh-agent.
I need to create a script that automatically setup a ssh tunnel. I think that a dedicated ssh key without password is a good start but I couldn't find if this is possible and how to do it.
This key should have limited privileges (only set the tunnel up) but I need another private key (with a password) for myself.
Thanks !
Ok, I've found the answer.
First, ssh-keygen -f theNewPrivateKey otherwise it will overwrite the old private key.
Second, ssh -i theNewPrivateKey me#mycomputer the -i option changes the private key used for the authentication.
Now I can try my script.
Edit: how does my new key has limited privileges:
When copying the public key to $HOME/.ssh/authorized_keys2 file of the target computer, I added this:
command="sleep 99999999999" ssh-dss AAAAB3NzaC1kc3MA...
(+ the rest of the key)
Then the only command allowed is to wait forever.
Since the purpose of creating this key was to create a reverse ssh tunnel this should be fine.
I then create the tunnel:
ssh -T -R 7878:localhost:22 -i .ssh/mynewkey me#myhomecomputer
Finally I can log from my home computer:
ssh myworklogin#localhost -p7878
I hope that this does not have security issues. If this is a bad thing, please let me know !
Try the
ssh-keygen
command.
I had a similar situation where i had to synch a server content automatically without having to proivide the password in my robocopy script.
This Link helped me.