I created another user in a vagrant machine, and I would like to log into it by default. I wanted to know if there is a way of logging into it with it's password without having to put the password in plain-text Vagrantfile.
Related
Recently our web hoster (Domainfactory) changed the method to externally access our online mysql database. From simple ssh "port forwarding" to a "unix socks tunnel".
The ssh call looks like this (and it works!):
ssh -N -L 5001:/var/lib/mysql5/mysql5.sock ssh-user#ourdomain.tld
The problem: you have to enter the password every single time.
In the past I used BitVise SSH client to create a profile (which also stores the encrypted password). By simply double-clicking on the profile you'll be automatically logged in.
Unfortunately, neither the "BitVise SSH client" nor "Putty" (plink.exe) supports the "Unix socks tunnel" feature/extension, so I can't use these tools any more.
Does anyone have an idea how to realize an automated login (script, tool, whatever)?.
The employees who access the database must not know the SSH password in any case!
I got a solution. The trick is to generate a SSH Key pair (private and public) on client side (Windows machine) calling 'ssh-keygen'. Important: don't secure the ssh keys with a password (simply press [enter] if you're asked for a password, otherwise you'll be asked for the SSH-Key password every time you try to SSH). Two files will be generated inside 'c:\Users\your_user\.shh\': 'id_rsa' (private key) and 'id_rsa.pub ' (public key).
On server side create a '.shh' directory within your user's home directory. Inside the '.ssh' directory create a simple text file called 'authorized_keys'. Copy the contents of 'id_rsa.pub' into this file (unfortunately 'ssh-copy-id' isn't available yet for Windows. So you have to do the copy and paste stuff on your own.) Set permissions of 'authorized_keys' file to '600'.
Now you should be able to simply SSH into your server by calling 'ssh-user#ourdomain.tld' without entering a password. Create a batch file with your individual ssh-call and you're done.
Thanks to Scott Hanselman for his tutorial: https://www.hanselman.com/blog/how-to-use-windows-10s-builtin-openssh-to-automatically-ssh-into-a-remote-linux-machine
As in the title. I WANT to type in my password every time I do a git push or pull. Currently, it prompts me to enter in the passphrase every restart and then caches it, but I don't want that.
I'm not sure what I did to cause this as it never happened before on any of my other machines across the years
With SSH, only a passphrase (if you have created a private SSH key protected with a passphrase) would be asked, then cached by the ssh-agent.
Typing a password would mean using an HTTPS URL (one requiring your remote GitHub or GitLab user account name, and password or token).
Today I configured ssh keys access to my server. Then I tested them and by mistake I forgot to specify the user, so instead of doing it like that:
ssh username#myserver.com
I did it like that
ssh myserver.com
but I successfully logged in as username. How is that possible? How does ssh server know under which user to log me in? If it's a key, than it's possible that I'll have the same key added to multiple users, what's going to happen in this case?
if you didn't include the username in the ssh command it will take the username that you logged in with from the environment, so there is two possibilities for what happened, 1. the username which is related to the ssh key is the username that you logged in with, or the other username that you logged in with has the his public key in the authorized_keys file in the server side
I have been locked out of ssh. I'm on the Google Cloud, so I can move the hd over and change the ssh config files, but after a few attempts, I cannot login still. The problem began shortly after I changed the password to the primary account, but since SSH was not using password authentication, I am surprised that affected SSH. I tried turning password authentication on, generating new keys, have Google's platform generate new keys, etc, but nothing has allowed me to log in.
I keep getting this error, regardless of key combo or whether or not password authentication is on.
Permission denied (publickey).
I have a slightly older backup (a couple hours, before the issue), and it's telling me too many authentication failures for any user (regarless of user#domain.com).
I was wondering if there are any config setting I can set to be able to log back in.
Not sure this belongs stackoverflow or serverfault but..
Try adding -vv to your ssh command. It shows a lot more debugging info
For example:
ssh -vv username#host
See if that gets you any hints! It could be a number of things, it searching for private key in the wrong place, etc.
The issue could be ssh keys saved in your local computer. Can you move the ssh keys from .ssh/ to a different directory in your local computer and see if that resolves the issue.
Or can you enable password authentication for your ssh and use -o flag with ssh command which forces non-key authentication to confirm if the issue was with the key: ssh -o PubkeyAuthentication=no username#
You also set MaxAuthTries to higher number in your sshd_config.
I'm trying to write a provisioning script for Vagrant that pulls all software sources to the machine.
However, pretty soon, I found out that I needed SSH keys to do this.
I would like to reuse existing keys.
With the config.ssh.forward_agent option it is possible to forward these keys to the Vagrant guest.
In the provisioning script, I also created a user (just like the production env).
With this user I would like to pull sources to its home directory.
However, I found out that this key-forwarding doesn't work in that case.
Now, I found out only the vagrant user has access to these keys!!
Is that what must be expected? And is there a way to solve this issue?
Can I forward the keys to my specific guest user?
Or should I do all provisioning with the vagrant user? and then add user, move stuff around and chown it to the new user?
Vagrant runs its actions with user vagrant by default.
So when you run provision, it will be user vagrant that will be used for SSH.
If you want to use another username, you need that username to exist on your box before your first vagrant up and have the config.ssh.username setting.
You can also do something like:
Provision machine like you do now (and create new user)
Copy .ssh directory from vagrant user home to new user's home directory
Add new user to sudoers
Add config.ssh.username setting to Vagrantfile with the new username
Run vagrant reload
Now Vagrant should use the new user for provision
However I don't recommend second approach at all since it includes manual step.