On windows it is usually stored in the %USERPROFILE%\ssh or
%USERPROFILE%.ssh folders.
However I do not see the ssh folders when going to %USERPROFILE%.
Is it possible to create the ssh folder and the known_hosts file myself?
Yes, this is expected.
You can in a CMD do:
cd "%USERPROFILE%"
mkdir .ssh
From there, assuming you have ssh-keygen in your PATH (which is included in Git For Windows for example), you can type:
ssh-keygen -t rsa -P ""
That will generate a key in the default path ~/.ssh(/id_rsa[.pub]), with ~/.ssh being translated in %USERPROFILE%\.ssh
I’ve an automated tests repository and want to put that in a step of build, before to do a deploy.
But the clone repository steps fails (only last run step):
automation:
executor: web-app-executor
steps:
- add_ssh_keys:
fingerprints:
- '<my_fingerprint>'
- run:
name: Trust github ssh
command: >-
GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_myfingerprint'
mkdir -p ~/.ssh
echo 'github.com ssh-rsa <key>
bitbucket.org ssh-rsa <key>
' >> ~/.ssh/known_hosts
- run:
name: Github host
command: ssh-keyscan -p 443 ssh.github.com >> ~/.ssh/known_hosts
- run:
name: Clone automation repository
command: git clone git#github.com:<Domain>/tests-cypress.git
Error:
#!/bin/bash -eo pipefail
git clone git#github.com:Onyo/tests-cypress.git
Cloning into 'tests-cypress'...
The authenticity of host 'github.com (140.82.113.3)' can't be established.
RSA key fingerprint is SHA256:<finger>.
A typical ssh preparation step would involve setting the right protection:
# Prepare SSH
mkdir -p .ssh
chmod 700 .ssh
pushd .ssh
touch authorized_keys # Edit to add allowed connections
touch id_rsa # Edit to add private key
touch id_rsa.pub # Edit to add public key
chmod 600 authorized_keys
chmod 600 id_rsa
chmod 644 id_rsa.pub
popd
In your case, the chmod are missing, which could cause the issue (but the exact error message would be helpful)
Regarding the host authentication, adds as in here:
##
## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
## with your own domain name. You can copy and repeat that command if you have
## more than one server to connect to.
##
- ssh-keyscan github.com >> ~/.ssh/known_hosts
- ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
Here is what my dashboard looks like:
Not really sure where to add an SSH key. Anyone have any idea?
You need to sign in. Green button top right.
Click 'profile settings' on the left side menu.
Click SSH Keys and follow the instructions on the page.
Go to your GitLab account: https://gitlab.com/
Click on Settings on the top right drop-down, which will appear once you select the icon(white-fox image [specific to my profile]).
Click on Settings on the top right drop-down, which will appear once you select the icon(white-fox image).
Click on SSH Keys:
Add/Paste the SSH Key.
How to generate the ssh key: Download gitbash or putty:
After downloading gitbash/putty follow the steps:
Open a terminal on Linux or macOS, or Git Bash / WSL on Windows.
Generate a new ED25519 SSH key pair:
ssh-keygen -t ed25519 -C "email#example.com"
Or, if you want to use RSA:
ssh-keygen -t rsa -b 4096 -C "email#example.com"
It will generate the key in => C:\Users\yourname.ssh directory.
Copy the public key and paste in the gitlab location:
Command to run on gitbash to clone the repository:
ssh-agent $(ssh-add C:\Users\youname\.ssh\id_rsa; git clone git#gitlab.com:xyz/SpringBootStarter.git)
Just follow the official guides to Create and Add SSH keys.
Goto https://gitlab.com/profile/keys.
If you are a new user a banner will show at the top of each project page.
You won't be able to pull or push project code via SSH until you add
an SSH key to your profile
However, you can dismiss this warning.
First, you need to do open terminal after that type
mkdir -p ~/.ssh
echo public_key_string >> ~/.ssh/authorized_keys
chmod -R go= ~/.ssh
chown -R shabeer:shabeer ~/.ssh
ssh-keygen or ssh-keygen -t ed25519 -C "mail#example.com"
xclip -sel clip < ~/.ssh/id_ed25519.pub
~/.ssh/gitlab_rsa.pub
in this time can see your key and copy it, After that Go to the Gitlab settings and chose SSH Keys, you can see there have to option add that copied key
I have a SSH key string, how would I add this to .ssh/authorized_keys file, does this need to be file already on the remote server?
You want to do that for ssh to server without password. Yes the file (the key file) must be on the server side and added to the .ssh/authorized_keys .
You can do it in a single command:
cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
This command append to ssh/authorized_keys your .ssh/id_rsa.pub.
More info: http://www.linuxproblem.org/art_9.html
The ssh-copy-id command (in the openssh-client package and installed by default) does exactly this:
ssh-copy-id -p PORT_NUMBER USER#REMOTE_MACHINE
See more at https://askubuntu.com/a/4833/209229
I need to do rsync by ssh and want to do it automatically without the need of passing password for ssh manually.
Use "sshpass" non-interactive ssh password provider utility
On Ubuntu
sudo apt-get install sshpass
Command to rsync
/usr/bin/rsync -ratlz --rsh="/usr/bin/sshpass -p password ssh -o StrictHostKeyChecking=no -l username" src_path dest_path
You should use a keyfile without passphrase for scripted ssh logins. This is obviously a security risk, take care that the keyfile itself is adequately secured.
Instructions for setting up passwordless ssh access
You can avoid the password prompt on rsync command by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option.
I got it to work like this:
sshpass -p "password" rsync -ae "ssh -p remote_port_ssh" /local_dir remote_user#remote_host:/remote_dir
If you can't use a public/private keys, you can use expect:
#!/usr/bin/expect
spawn rsync SRC DEST
expect "password:"
send "PASS\n"
expect eof
if [catch wait] {
puts "rsync failed"
exit 1
}
exit 0
You will need to replace SRC and DEST with your normal rsync source and destination parameters, and replace PASS with your password. Just make sure this file is stored securely!
The following works for me:
SSHPASS='myPassword'
/usr/bin/rsync -a -r -p -o -g --progress --modify-window=1 --exclude /folderOne -s -u --rsh="/usr/bin/sshpass -p $SSHPASS ssh -o StrictHostKeyChecking=no -l root" source-path myDomain:dest-path >&2
I had to install sshpass
Use a ssh key.
Look at ssh-keygen and ssh-copy-id.
After that you can use an rsync this way :
rsync -a --stats --progress --delete /home/path server:path
Another interesting possibility:
generate RSA, or DSA key pair (as it was described)
put public key to host (as it was already described)
run:
rsync --partial --progress --rsh="ssh -i dsa_private_file" host_name#host:/home/me/d .
Note: -i dsa_private_file which is your RSA/DSA private key
Basically, this approach is very similar to the one described by #Mad Scientist, however you do not have to copy your private key to ~/.ssh. In other words, it is useful for ad-hoc tasks (one time passwordless access)
Automatically entering the password for the rsync command is difficult. My simple solution to avoid the problem is to mount the folder to be backed up. Then use a local rsync command to backup the mounted folder.
mount -t cifs //server/source/ /mnt/source-tmp -o username=Username,password=password
rsync -a /mnt/source-tmp /media/destination/
umount /mnt/source-tmp
The official solution (and others) were incomplete when I first visited, so I came back, years later, to post this alternate approach in case any others wound up here intending to use a public/private key-pair:
Execute this from the target backup machine, which pulls from source to target backup
rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' user#10.9.9.3:/home/user/Server/ /home/keith/Server/
Execute this from the source machine, which sends from source to target backup
rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' /home/user/Server/ user#10.9.9.3:/home/user/Server/
And, if you are not using an alternate port for ssh, then consider the more elegant examples below:
Execute this from the target backup machine, which pulls from source to target backup:
sudo rsync -avi --delete user#10.9.9.3:/var/www/ /media/sdb1/backups/www/
Execute this from the source machine, which sends from source to target backup:
sudo rsync -avi --delete /media/sdb1/backups/www/ user#10.9.9.3:/var/www/
If you are still getting prompted for a password, then you need to check your ssh configuration in /etc/ssh/sshd_config and verify that the users in source and target each have the others' respective public ssh key by sending each over with ssh-copy-id user#10.9.9.3.
(Again, this is for using ssh key-pairs without a password, as an alternate approach, and not for passing the password over via a file.)
Though you've already implemented it by now,
you can also use any expect implementation (you'll find alternatives in Perl, Python: pexpect, paramiko, etc..)
I use a VBScript file for doing this on Windows platform, it servers me very well.
set shell = CreateObject("WScript.Shell")
shell.run"rsync -a Name#192.168.1.100:/Users/Name/Projects/test ."
WScript.Sleep 100
shell.SendKeys"Your_Password"
shell.SendKeys "{ENTER}"
Exposing a password in a command is not safe, especially when using a bash script, if you tried to work with keyfiles thats will be nice.
create keys in your host with ssh-keygen and copy the public key with ssh-copy-id "user#hostname.example.com and then use rsync addin the option -e "ssh -i $HOME/.ssh/(your private key)" to force rsync using ssh connection via the the private key that you create earlier.
example :
rsync -avh --exclude '$LOGS' -e "ssh -i $HOME/.ssh/id_rsa" --ignore-existing $BACKUP_DIR $DESTINATION_HOST:$DESTINATION_DIR;
Here's a secure solution using a gpg encrypted password.
1.Create a .secret file containing your password in the same folder as your rsync script using the command:
echo 'my-very-secure-password' > .secret
Note that the file is hidden by default for extra security.
2.Encrypt your password file using the following gpg command and follow the prompts:
gpg -c .secret
This will create another file named .secret.gpg. Your password is now encrypted.
3.Delete the plain text password file
rm .secret
4.Finally in your rsync script use gpg and sshpass as follows:
gpg -dq secret.gpg | sshpass rsync -avl --mkpath /home/john user_name#x.x.x.x/home
The example is syncing the entire home folder for the user named john to a remote server with IP x.x.x.x
Following the idea posted by Andrew Seaford, this is done using sshfs:
echo "SuperHardToGuessPass:P" | sshfs -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user#example.com:/mypath/ /mnt/source-tmp/ -o workaround=rename -o password_stdin
rsync -a /mnt/source-tmp/ /media/destination/
umount /mnt/source-tmp