I want to change my remote server SSH. Currently I login through a .pem file
ssh -l ubuntu -i .ssh/myfile.pem XX.XX.XXX.XXX
I tried to find how to change that access key but I found only that methor :
ssh-keygen -t rsa -b 2048
cp id_rsa.pub authorised_keys
scp authorized_keys ubuntu#XX.XX.XXX.XXX:/home/ubuntu/.ssh
I see no .pem file generated, plus how can I connect now ?
I want to make sure before I do anything so I don't lose ability to connect via SSH.
Should I remove the old key with :
ssh-keygen -R hostname
If yes, when ? after or before the scp ? if after this will remove both keys, if before then I wouldn't be able to perform scp !!!
I am a bot confused.
I see no .pem file in my remote, the pem file is only in my local .ssh folder. in remote .ssh I see :
With "ssh-keygen" command you generate a pair of public and private keys (by default stored in $HOME/.ssh).
Then you copy the public key in your remote server, and the private key in your local client (with permissions 0600). You can use "ssh-add" command to add the private key to the authentication agent to be able to connect to the remote server.
So for permission reasons, I have had to change my default home directory to a non-standard location.
I did export HOME=/non/standard/home and then confirmed this was working with
$ cd ~
$ pwd
/non/standard/home
Even though man ssh says that it looks in ~/.ssh for keys and identity files, it doesn't seem to:
$ ls ~/.ssh
cluster_key cluster_key.pub config
$ ssh host
Could not create directory '/home/myname/.ssh'.
The authenticity of host 'host (<ip address deleted>)' can't be established.
RSA key fingerprint is <finerprint deleted>.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/myname/.ssh/known_hosts).
Permission denied (publickey,gssapi-with-mic).
What does it insist on looking in /home/myname? The man page state that is consults the HOME environment variable. Using the -F option also fails to work.
$ ssh -version
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Bad escape character 'rsion'.
When you run "export" command you actually affect only your process of BASH/SH. When .ssh looks for it it has it's own instance and thus looks in the default directory. You need to run the command usermod -m -d /path/to/new/home/dir userNameHere (change the user that .ssh uses, probably admin)
I would like to setup a rsync a folder inside /etc, I followed this link http://news.softpedia.com/news/How-to-Use-RSA-Key-for-SSH-Authentication-38599.shtml and created one user added in visudo and then with ssh keygen, transferred the public key to remote machine, but still its asking for password.
Any other way would be recommended.
Thanks.
The link that you gave us is right, but there is something that they miss. In the backup-server you must change the file /etc/ssh/sshd_config, uncomment this line
AuthorizedKeysFile .ssh/authorized_keys
and your no password access should be working. In resume:
Client (where you have yours original files)
In a terminal write:
$ ssh-keygen -t rsa
this create the id_rsa.pub file in /home/USER/.ssh/
Server (where you will backup yours files)
modify the ssh_config file:
#nano /etc/ssh/sshd_config
and uncomment the line
AuthorizedKeysFile %h/.ssh/authorized_keys
and now just copy the content of .ssh/id_rsa.pub(Client) at the end of .ssh/authorized_keys(Server) and the no-password will be working(to connect from Client to Server). Maybe you need to restart your ssh server with
/etc/init.d/ssh restart
To make your rsync just do (you don't gave us too much information, but I suppose this)
rsync -az --delete --progress /etc/ server:destinationFolder/
this will make a backup of /etc/ in the Client to destinationFolder/ in the Server, show you the progress of the backup, will delete the file that are not in the source and will send compress the files. The access permissions to the .ssh/ directory in the Server must be 700, i.e: chmod -R 700 .ssh/
Possible errors:
1."Agent admitted failure using the key"
Sol: After you disconnect from the server (logged with the password) you must type in your client terminal ssh-add
I'm new to Amazon web services and have managed to set up an instance.
I already have the ssh directory on my machine at: /usr/bin/ssh
I have also downloaded a Pem key file to my machine and have tried to copy my Pem key file into that directory but I cannot navigate to it. When I try:
cd /usr/bin/ssh
I get:
-bash: cd: /usr/bin/ssh: Not a directory
When I just try to type the command:
ssh
I get the following:
BEGIN: command not found
: command not found2: MIIEpAIBAAKCAQEAu6JORnapcVdvAwPm+6LVBA3n8chlGU4nE0g9nyD8zSDWlATJpf1Td35tPrxj
: No such file or directory
can anyone help with this?
I'm on OSX Lion 10.8.4 if that helps!
Your problem appears to be related to configuring the ssh keys. First, some clarifications:
/usr/bin/ssh is not a directory, it is the actual secure shell program. Do not modify it. (If you have already destroyed your ssh installation, you would need to restore the installation: http://support.apple.com/kb/PH10763).
ssh will use a public and a private key (keypair) to authenticate. The private key should be stored locally on your computer, generally in the .ssh folder inside your home directory (~/.ssh)
You may have generated the keypair yourself, or have gotten one generated by AWS.
I will assume your .pem file is the private key portion of the keypair, and that you have downloaded that from AWS after following a procedure along the lines of: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-to-have-aws-create-the-key-pair-for-you.html.
In that case, you need to simply:
copy the .pem file into your ~/.ssh directory.
rename it to id_rsa
ensure that you have correctly set permissions for the private key and .ssh directory (ssh is picky), typically 600 for the id_rsa file and 700 for the .ssh directory.
initiate the ssh connection via ssh username#host
I'm working to set up Panda on an Amazon EC2 instance.
I set up my account and tools last night and had no problem using SSH to interact with my own personal instance, but right now I'm not being allowed permission into Panda's EC2 instance.
Getting Started with Panda
I'm getting the following error:
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
Permissions 0644 for '~/.ec2/id_rsa-gsg-keypair' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
I've chmoded my keypair to 600 in order to get into my personal instance last night, and experimented at length setting the permissions to 0 and even generating new key strings, but nothing seems to be working.
Any help at all would be a great help!
Hm, it seems as though unless permissions are set to 777 on the directory, the ec2-run-instances script is unable to find my keyfiles.
I've chmoded my keypair to 600 in order to get into my personal instance last night,
And this is the way it is supposed to be.
From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.
The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.
Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.
Any problems you are having are client side, so be sure to include local OS information with any follow up questions!
Make sure that the directory containing the private key files is set to 700
chmod 700 ~/.ec2
To fix this,
you’ll need to reset the permissions back to default:
sudo chmod 600 ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa.pub
If you are getting another error:
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/geek/.ssh/known_hosts).
This means that the permissions on that file are also set incorrectly, and can be adjusted with this:
sudo chmod 644 ~/.ssh/known_hosts
Finally, you may need to adjust the directory permissions as well:
sudo chmod 755 ~/.ssh
This should get you back up and running.
I also got the same issue, but I fix it by changing my key file permission to 600.
sudo chmod 600 /path/to/my/key.pem
The private key file should be protected. In my case i have been using the public_key authentication for a long time and i used to set the permission as 600 (rw- --- ---) for private key and 644 (rw- r-- r--) and for the .ssh folder in the home folder you will have 700 permission (rwx --- ---). For setting this go to the user's home folder and run the following command
Set the 700 permission for .ssh folder
chmod 700 .ssh
Set the 600 permission for private key file
chmod 600 .ssh/id_rsa
Set 644 permission for public key file
chmod 644 .ssh/id_rsa.pub
Change the File Permission using chmod command
sudo chmod 700 keyfile.pem
On windows, Try using git bash and use your Linux commands there. Easy approach
chmod 400 *****.pem
ssh -i "******.pem" ubuntu#ec2-11-111-111-111.us-east-2.compute.amazonaws.com
Keep your private key, public key, known_hosts in same directory and try login as below:
ssh -I(small i) "hi.pem" ec2-user#ec2-**-***-**-***.us-west-2.compute.amazonaws.com
Same directory in the sense,
cd /Users/prince/Desktop.
Now type ls command
and you should see
**.pem **.ppk known_hosts
Note: You have to try to login from the same directory or you'll get a permission denied error as it can't find the .pem file from your present directory.
If you want to be able to SSH from any directory, you can add the following to you ~/.ssh/config file...
Host your.server
HostName ec2-user#ec2-**-***-**-***.us-west-2.compute.amazonaws.com
User ec2-user
IdentityFile ~/.ec2/id_rsa-gsg-keypair
IdentitiesOnly yes
Now you can SSH to your server regardless of where the directory is by simply typing ssh your.server (or whatever name you place after "Host").
Just to brief the issue, that pem files permissions are open for every user on machine i.e any one can read and write on that file
On windows it difficult to do chmod the way I found was using a git bash.
I have followed below steps
Remove user permissions
chmod ugo-rwx abc.pem
Add permission only for that user
chmod u+rw
run chmod 400
chmod 400 abc.pem
4.Now try ssh -i for your instance
If you are on a windows machine just copy the .pem file into C drive any folder and
re-run the command.
ssh -i /path/to/keyfile.pem user#some-host
In my case, I put that file in downloads and this actually works.
Or follow this https://99robots.com/how-to-fix-permission-error-ssh-amazon-ec2-instance/
I am thinking about something else, if you are trying to login with a different username that doesn't exist this is the message you will get.
So I assume you may be trying to ssh with ec2-user but I recall recently most of centos AMIs for example are using centos user instead of ec2-user
so if you are
ssh -i file.pem centos#public_IP please tell me you aretrying to ssh with the right user name otherwise this may be a strong reason of you see such error message even with the right permissions on your ~/.ssh/id_rsa or file.pem
The solution is to make it readable only by the owner of the file, i.e. the last two digits of the octal mode representation should be zero (e.g. mode 0400).
OpenSSH checks this in authfile.c, in a function named sshkey_perm_ok:
/*
* if a key owned by the user is accessed, then we check the
* permissions of the file. if the key owned by a different user,
* then we don't care.
*/
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("###########################################################");
error("# WARNING: UNPROTECTED PRIVATE KEY FILE! #");
error("###########################################################");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
error("It is required that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return SSH_ERR_KEY_BAD_PERMISSIONS;
}
See the first line after the comment: it does a "bitwise and" against the mode of the file, selecting all bits in the last two octal digits (since 07 is octal for 0b111, where each bit stands for r/w/x, respectively).
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa.pub
The above 3 commands should solve the problem!
Just a note for anyone who stumbles upon this:
If you are trying to SSH with a key that has been shared with you, for example:
ssh -i /path/to/keyfile.pem user#some-host
Where keyfile.pem is the private/public key shared with you and you're using it to connect, make sure you save it into ~/.ssh/ and chmod 777.
Trying to use the file when it was saved elsewhere on my machine was giving the OP's error. Not sure if it is directly related.