I'm using pyinfra to run some script on server X that rsyncs some files from server Y. However I'm getting a Permission denied (publickey). error as the public key of X is not on Y.
Is there a way to forward my ssh key to server X so that it can use it to connect to server Y? (Basically, is it possible to do run commands with something like ssh -A with pyinfra?)
Thanks a lot!
Related
I am trying to SSH into the server as part of the deployment job in CircleCI
ssh -oStrictHostKeyChecking=no $DEV_DROPLET_USER#$DEV_DROPLET_IP
I have my SSH private key for the user on this server loaded into CircleCI but everytime I run the job, I get this output
Warning: Permanently added '$host' (ECDSA) to the list of known hosts.
<$user>#<$host>'s password:
How can I stop it prompting me for the password?
I have added the SSH key for this user to the SSH Agent on the server (these instructions)
For a passwordless ssh connection, you must:
put the private ssh key into a file in the directory $HOME/.ssh/ on the client computer connecting to the server (example : $HOME/.ssh/MyServer)
copy the public ssh key into the file $HOME/.ssh/authorized_keys on the server
have writing permission on the file $HOME/.ssh/known_hosts on the client computer
The sshd service is normally already configured to accept key based authentication.
From the client computer, you can now do a passwordless connection ssh -i $HOME/.ssh/MyServer $DEV_DROPLET_USER#$DEV_DROPLET_IP
Of course, on the client computer your $DEV_DROPLET_USER must have appropriate permissions for accessing the ssh related files.
You don’t need to do anything with the ssh agent, on the client or on the server.
Late reply, but I hope it helps somebody else in the future.
Assuming you followed these instructions in the CircleCI docs, then the private key will automatically be copied to the machine being used by CircleCI when the add_ssh_keys step is run.
Make sure one the server you are trying to SSH into, the public key generated (in ~/.ssh/id_rsa.pub or something similar) is copied to the ~/.ssh/authorized_hosts file on the same server. This crucial step is what allows anybody with the private key (CircleCI) to be allowed into the server.
I am trying to get access to my server via SSH using Terminal.
I have created a key in cPanel which required me to set a password. I'm trying to connect in Terminal using this password but it says Permission Denied.
I am trying connect by doing:
ssh mysite.co.uk
Am I doing something wrong?
Server wasn't SSH enabled properly. Switched servers to another provider and did:
ssh your_remote_username#mysite.co.uk
works fine.
You can try using following format:
ssh <Your user>#mysite.co.uk
Make sure that your user has correct right to connect via SSH.
I'm sorry to have to ask this question, but I feel like I've tried every answer so far on SO with no luck.
I have my local machine and my remote server. Jenkins is up and running on my server.
If I open up terminal and do something like scp /path/to/file user#server:/path/to/wherever then my ssh works fine without requiring a password
If I run this command inside of my Jenkins job I get 'Host Key Verification Failed'
So I know my SSH is working correctly the way I want, but why can't I get Jenkins to use this SSH key?
Interesting thing is, it did work fine when I first set up Jenkins and the key, then I think I restarted my local machine, or restarted Jenkins, then it stopped working. It's hard to say exactly what caused it.
I've also tried several options regarding ssh-agent and ssh-add but those don't seem to work.
I verified the local machine .pub is on the server in the /user/.ssh folder and is also in the authorized keys file. The folder is owned by user.
Any thoughts would be much appreciated and I can provide more info about my problem. Thanks!
Update:
Per Kensters suggestion I did su - jenkins, then ssh server, and it asked me to add to known hosts. So I thought this was a step in the right direction. But the same problem persisted afterward.
Something I did not notice before I can ssh server without password when using my myUsername account. But if I switch to the jenkins user, then it asks me for my password when I do ssh server.
I also tried ssh-keygen -R server as suggested to no avail.
Try
su jenkins
ssh-keyscan YOUR-HOSTNAME >> ~/.ssh/known_hosts
SSH Slaves Plugin doesn't support ECDSA. The command above should add RSA key for ssh-slave.
Host Key Verification Failed
ssh is complaining about the remote host key, not the local key that you're trying to use for authentication.
Every SSH server has a host key which is used to identify the server to the client. This helps prevent clients from connecting to servers which are impersonating the intended server. The first time you use ssh to connect to a particular host, ssh will normally prompt you to accept the remote host's host key, then store the key locally so that ssh will recognize the key in the future. The widely used OpenSSH ssh program stores known host keys in a file .ssh/known_hosts within each user's home directory.
In this case, one of two things is happening:
The user ID that Jenkins is using to run these jobs has never connected to this particular remote host before, and doesn't have the remote host's host key in its known_hosts file.
The remote host key has changed for some reason, and it no longer matches the key which is stored in the Jenkins user's known_hosts file.
You need to update the known_hosts file for the user which jenkins is using to run these ssh operations. You need to remove any old host key for this host from the file, then add the host's new host key to the file. The simplest way is to use su or sudo to become the Jenkins user, then run ssh interactively to connect to the remote server:
$ ssh server
If ssh prompts you to accept a host key, say yes, and you're done. You don't even have to finish logging in. If it prints a big scary warning that the host key has changed, run this to remove the existing host from known_hosts:
$ ssh-keygen -R server
Then rerun the ssh command.
One thing to be aware of: you can't use a passphrase when you generate a key that you're going to use with Jenkins, because it gives you no opportunity to enter such a thing (seeing as it runs automated jobs with no human intervention).
I would like to not have to type the user I ssh to a server as when I ssh to said server.
If there was a way I could set ssh to only connect to servers x and y with username z, that would be good. It still has to connect to all other servers with my username.
That seems like the only possibility right now, because I don't want to do any of the following:
change my username
make an alias for ssh ( ssh = ssh -l z )
create a script that is specific for a single server.
I'm starting to think this isn't really possible in the way I want.
create a ~/.ssh/config file or edit your existing one.
and an entry like this;
Host foo
HostName foo.bar.com
Port 22
User username
Then you can just type ssh foo
I am trying to run a shell script on a remote host (A) through ssh. The shell script inturn uses SSH to connect to another host (B) to perform some database related operations. However it looks the agent is not being forwarded when connecting to Host B and I see a connection refused.
This is equivalent to executing ssh command as follows
ssh -A some#A.com "ssh some#B.com 'ls'"
I have used -A to enable agent forwarding but still no luck.
Please let me know how to achieve this? Thanks.
So silly of me. Firewall issue rather than ssh issue. Host A had no permission to connect to Host B. Should have thought this through! Thanks.