Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Is there any possibility to change the authentication method of an SSH user user#xxx.xxx.xxx.xxx from password authentication to public-key authentication, without knowing its current password?
Thanks for your answer!
Regardless of the authentication method (password or public-key authentication) two things must happen:
"user" must come up with a password or generate a key pair;
the password hash or the public key must be configured in the server ("xxx.xxx.xxx.xxx") "user" wants to connect to.
If you are an admin (root) of the server (xxx.xxx.xxx.xxx) you can ask "user" to send you his public key and put it in the right place and you don't need to know the password of "user".
If you are "user", you need to connect to "xxx.xxx.xxx.xxx" at least once with your password so that you can upload your public key.
Here I am assuming that the SSH server is using the default OpenSSH configuration where the "authorized_keys" file of each user is in the user's home directory, under his/her control.
If you then want to "force" the authentication method to "public key", an admin will need to edit the configuration of the SSH server to disable password authentication (either for everybody or just for "user").
Here is a help post about the ssh config.
https://man.openbsd.org/ssh_config.5
You can disable password authentication by using:
ssh -o PasswordAuthentication=no user#xxx.xxx.xxx.xxx
If your interested how ssh is working. You can use ssh -v user#xxx.xxx.xxx.xxx to use verbose mode. That sometimes helps with debugging.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I currently have access to a supercomputer cluster.
The problem starts when I enter.
When I try to perform the following command line ssh -i user # extension, I get the following error
Warning: Identity file user # extension not accessible: No such file or directory.
I have tried testing the public root key and if it recognizes it, instead when I run in /home/user, I get the error.
I've been trying some permission changes with the chmod command and I can't get a solution.
ssh -i is to reference a private ssh key.
So if you have a key pair named user.rsa/user, that might work.
But in your case, "user" is not the name of the key, but simply the remote user you want to open a secure shell with on the remote server
ssh user#remoteServer
You don't need -i, if you have a default id_rsa/id_rsa.pub key pair in your local ~/.ssh
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I've been given by someone a private key to log into their machine with SSH. I got no public key, and the password authentication works. I added the key to /root/.ssh/id_rsa, but it still doesn't work. What am I missing? I thought I would have to get the public key from the private one, but I have no idea how to do that.
I cannot generate a new key pair, because I don't have writing permissions to that remote machine. I have to do it just with the private key.
Found the answer:
First check if what you have is a private key (you will need the passcode for that):
ssh-keygen -lf ~/.ssh/id_rsa
Then generate the public side of the key and output it to id_rsa.pub
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I can't seem to log in to my droplet on digitalocean.
When I try ssh root#162.243.123.123 I get a Permission denied (publickey). I tried resetting the root password and logging in via the digitalocean droplet console, but it won't take the root login or password that was reset. Nor will it take the other username and password that I set up.
Everything was working fine yesterday, but when I started work today I ran into the Permission denied issue. So I'm not sure what changed to make this no longer work. I also checked my github keys to see if it hadn't been added, but my local machines key is there and correct. I've also tried adding the key to the droplet with ssh-copy-id admin#162.243.123.123, but got the same error.
Looking at the keys found when logging into the digitalocean website shows the correct key.
The issue was on the server-side authorized_keys, but not the ~/.ssh/authorized_keys. It was in a separate /home/user/.ssh/authorized_keys file, where I had to add the ssh-keys. Once I did this the issue went away. Not sure how it got removed from that file since I hadn't modified it.
This video helped.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm having an issue where I try to SSH into my API server (EC2 instance running Ubuntu). I've been SSH'ing in just fine for the past few weeks, but I suspect I messed something up because now it tells me to login as user ubuntu (I am!) :
% ssh ubuntu#ec2-50-17-143-255.compute-1.amazonaws.com -i ~/dev/key.pem
Please login as the user "ubuntu" rather than the user "root".
Is there something I could have done to mess with the ubuntu user? Is there anyway to resolve this without having to save the AMI and boot up a new instance?
Please use ssh -v ... or ssh -vv ... to see what is going on.
In your case it looks like you copied ~root/.ssh/authorized_keys to ~ubuntu/.ssh/.
According to this, the root account is configured to reject logins with this message using the authorized_keys file. If you copied this file, now the user ubuntu will reject logins with this key, too...
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
ssh user#host works (in a script via Apple Terminal)
does anybody know an easier way than ssh-agent to combine the passphrase with the ssh command ?
regards
You can use:
sshpass -p password ssh user#host
However if you wanted the luxory of not typing in your password, I would HIGHLY suggest setting up public/private ssh keys:
http://www.ece.uci.edu/~chou/ssh-key.html
and http://www.linuxproblem.org/art_9.html
This is extremely secure, and very convient.
For scrub just take a look to the configuration files of your installation of open ssh, cause you'll find every single option you can include or deactivete while you connect to the server. There is an option of fusemount for example if you'd like to have your machine conneted to the one in which you're logging in ( i used it with my netbook when they were REAL netbook and not computers). Fusemount is an option when you want more abilities to be added to you computer or you need data from both sides (the one of the server and the one of the client) but security cannot be omitted in any case.