I need to perform "SCP" command in a crontab without entering passphrase.
So I have created the key
ssh-keygen -t rsa
Then transferred the id_rsa.pub file to host_dest.
After, copied the contents of id_rsa.pub to ~/.ssh/authorized_keys
$ cat id_rsa.pub >>~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys
If I try to perform an SCP, a passphrase is still required.
I also tried using
ssh-add ~/.ssh/id_rsa
But also in that case I need to enter the passphrase.
Any suggestion?!?
Passphrase is not a password.
Your key is encrypted and unless you provide the passphrase, it will ask for it. Cronjob does not have access to your ssh-agent that is running inside of your session. You have two options:
Remote the passphrase from the key -- it will be less secure, but simpler to automate
ssh-keygen -p -P old_passphrase -N "" -f /path/to/your.key
Use sshpass and provide the passphrase for the key on the command-line (it is not secure either to store the passphrase in plaintext).
Related
I generated a new keypair but it is generating OPENSSH key only. None of the below command generates RSA key.
ssh-keygen
ssh-keygen -t rsa
This just started happening this week. All keys I have generated earlier are RSA keys.
I do not want pem file or Any help?
New keys with OpenSSH private key format can be converted using ssh-keygen utility to the old PEM format.
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
AWS outputs this key line 2048 SHA256:2p2o3eIz/XxxX6IIegXx5FkHo3Lap7xR+Ue2qJ0zV4w root#ip-****** (RSA) to the system log. How can I replicate this format for the ssh-rsa key from the command line? I was scraping the logs until I realized that you can't rely on ec2's console-log fetching command because it's buffered and only stores a small amount of the output.
To clarify the ssh-key file in question is a PEM style file with the beginning and ending tags for a base64 encoded ----RSA PRIVATE KEY----
If it's helpful to know the ssh-rsa line value for the public key is base64 encoded.
I've tried...
sudo ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key
2048 MD5:10:b6:fd:21:fb:f4:ca:6b:ef:15:50:15:af:8b:5a:5d root#ip-****** (RSA)
and
sudo ssh-keygen -lf /etc/ssh/ssh_host_rsa_key
2048 SHA256:2p2o3eIz/XxxX6IIegXx5FkHo3Lap7xR+Ue2qJ0zV4w root#ip-****** (RSA)
But neither produce output looking
-----BEGIN SSH HOST KEY KEYS-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+hIGwj+cfT6tLdaVuUewnY/NwoQUdAaLw30auAHQS1B/HAEEJ+f+iLjC7JM2IV00Pgbt1trttRmaApghwkB75h0NXArxrfcHTKKV2FO0d8slO9HwDUMbLOEN+L5H0/T0Xtq9u1vnOz2LyMb5KeIywa0HXZ6bGqt1rYCV3Qi369+FUrtTFw8jo8Y21LmqHVltd/d7Kv40Hb3jzqAOCh3jtZ3bilenMA9pAtXM+XJP54oS6z0NutDJLU2n1DVg2q+5wwjJJqljgYg98t5Xj8VmGlWrtam6FMcaSJ77UwMyxLsSe/Ow7DYGAMrd6PLY5RA1stj4W0WYeB8IOSgyGWPf root#ip-******
-----END SSH HOST KEY KEYS-----
I had an ah-ha moment.
You can just use ssh-keyscan -t rsa localhost to generate the known_hosts key entry for the rsa public key of the server. Since I'm logging into the ec2 instance now instead of trying to scrape the logs I can just trust the results.
I use ssh-keygen -t rsa to generate ssh keys, I learned that my private key is saved to the id_rsa file in the .ssh directory, I wonder what mac ox command line that I should use to see what my private keys is? Thank you in advance.
cat ~/.ssh/id_rsa
or
open ~/.ssh/id_rsa
Works the same for id_rsa.pub
I'm trying to access my friend's AWS server via ssh. He's given me the host name as well as a pem file. I'm relatively new to this and am trying to use putty to connect to the login. For him on Windows, he uses the PuttyGen to convert his pem files into ppk files. But on Ubuntu I couldn't find a GUI version for puttygen and tried looking up on converting the pem file to a ppk file but with no luck. Tried converting it using
puttygen myFile.pem -o newFile.ppk
but get an error
puttygen: unable to load file `myFile.pem': not a private key
I've tried the same command with the -O private option at the end but with no luck either. Even if I try to use ssh with the -i option with the pem file itself, it asks me for a passphrase which I don't know and my friend says there is no passphrase.
My friend gave me his ppk file which I tried to use with Putty but it didn't work.
You can tell if the private key is encrypted or not by printing the public key
encrypted key:
$ ssh-keygen -y -f ~/.ssh/test_key_with_passphrase
Enter passphrase:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5kB+0TPMDH/OQ6t/ps67DDJvZzAFF4QyqTYFS3K86bmEz5DeIBtB8kgi3a7ecft6/ooeq+WnuyGvInwNY9GqrO3WDbP4joAqAc6waolEIcs8Nb6iNK+Zhv3O0BfAeXnb5aAztGFfzoBKz6MFGw6Haod3BkZiC40/owG11rjwvb7p4mlHsGrjPpBOGMZ66zPBPuEoFDcCDUnpgh9tNww4Wrzcp+jgZM1MP5ylRCiQE/ssgu3G0zZ3H+5YwRN/XNChomXW74W/yBnp5gAqJZNhiuxTaZBDANXAyiqwrysfzYFgzvTDfyf03aysPAMWkWucmMHxnHz5C649ikSLAOK+h
unencrypted key:
$ ssh-keygen -y -f ~/.ssh/test_key_in_the_clear.pem
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxNX8DHatQQYw05PHcEvwHwKaqDvZUQWG23uUxQSxEiq1crf2j9dPCfzigKcPxIYarTIJ6yvdP6Kl/ONb+OKM7j6dd8ljO5LOs7dsgA5Tr2gaWyjrjmg767VCN2PB6BJZ9xz+p3SGTdFWtUXYtaEPAGocRx09N9kofpecRbRMlnbfHotyK8canGYzzRfimzk/uDAC/CcpeG3YLphj7zhpRaXhgdu/FKcdiTryqgktlZreJEbefeq3CEBM9kmxvr2uDc+QSVnhbcdutTJ4u4DEop0ZuTREZ2tH2HoAVruiJQ7Nd/VP8jz3SD5ySFBzPGiPcNMQ2mOP0cffm55+3CTwT
Once you've worked that out, then ssh with -i to get on to the server, if you are using ubuntu there's no need to bother with putty.
EDIT
Here's what a pem file would normally look like:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,0E109A1A0F7582B0D8B5AAAFDAB18C2A
wzvkuSuXTFTSyKvkmU7bytC6xhNGybkcc9FKH6oCFL802ZnJIUWnqIV7x4vXuDxg
zQFggRxnEqJIPv+gNUCdBMqlKal9XqAVAXw6I2bDKJIymg/UB0ODVzqzxhD1w+fD
a1nArpapqfO2Vgfeb0ABv3yNHXNcsLGpv21wR6JY/SskQQflt59MJ3pdc5nFQ3nE
O0AMiI9YH6dLPOtk5HMGR1s55b6SgHkfiaDoIAqRJd8J9Zrg7qDV0oncQmxYT+A/
ye+5OmXVoRP1SskhhmMFbb84GZ5YSpeIXqFCVaH+Uvifzhxc0La53sZEdJw1QUf/
f1ZIgg+Kysir+HX3Cul6LPz60tzjkZrlhGzPBmwcrM1zM1ehzQqU5dKzp3uAjtP0
NUHMAg5TG8dLv7eaKQAPis6f2vYebjzd538sA5O0EpMuNuWk1/CrchrKxS7ii8Sj
LkD/3hIrpXC4UO1AVJq1+OmbXh3LOCiTh2i+hKhFBS2q8V4cCaW5VbQfup8gyn5K
jOstbx+oCH3OsfoG3Tcr75+TKl1m4jXZmFACzEIQeuiWTA58nbFQDDSQJo9AdC6n
eMnT2vLvZQo2Og1fKfaaHSsh/sfqIqDxQhqCZCT7QB4SAB+CtD5QnzaWkHAqMNHv
RjW9rDdM3/oQxXba0eiCa2XBcI+W9ZU1ItjyqfbP7PJIge4rICTA0EmgZiK8uEjl
opckNqCfCVuAJlFDPJKFA/hh1cA1q+HHNY+YsKu0nj3uWtQb1ihaXTvUbIZk/rub
rNwHT9pxf59lFaIQ6/bTTxEN29m4ocPLmbzLUsAILl5vGKKwqnORypvcQZFPxC8y
xdsSsFwV43EQUpKPlewFa2tj+KDCOtWtFzj7SJrISi5j3/85g2i61eYVSJb28Cl5
cxbKDuDNok9JbA4XUS10zSpJc5y674XBt3VsZB3O4Oap4SpyuobcrvTd9jnhs7eS
KMm+qgtMhzvNs9b5RZAsGyRCThOJX0LNI8AINaF75eThmtqCcW7/Xrij/ZWt0Fs+
p74fqh6YBCfyRe5rwtNEQ+clYivdbkkUqep/6suV8KU/e6SzcmjbMHrrwtgcjji1
1IS8f858IsDoSWtij/gyWcNI945GmN7DbqjwpwajyidGrY0iYm3lzJOG3lR61LCU
hVgt017BZQc5El67RYifMBFgHRUL5W5FgBbOlLBrdYSvvCoTfSvpH1KccY6GcqYJ
mWQd0bfhAkb7s4KSndNUakVNo6FXO2f9o9uRJfLcgyW6WQkxGSpXYySOjY0SpRUS
ep7Zv2/fdjtcXMR9kFV1Hj/qGal9HQ+DE9j9aO9TZ7a3PotMwglPpAgi01EwqVlz
6wLmrWAXc9zdEjk/xCxWfgaFtRYzyVX+2aPsKoMCnVggEsk2z2jSJx8dh3tFsRl7
s2cgtFaAQdatTj3xOyNOP/8q8XBGXEu27QLqjdJOxT8Ngl+OjXt02d+rFVQwWvyn
sXpNz7VQJM4Irh2/ZOs4ySfLmzu46yDp75h3WaAasKVV5PzEQad4Sr8CziKF9WQu
KnJA3jJ0Nu746xDMMHhFibNZ/Day95LRrAi97c4nNPgk8JV6mEHKBRcWFyRmpFo2
-----END RSA PRIVATE KEY-----
If the file doesn't look like that then you dont have a pem file.
Does anyone have a tool to use in order to differentiate an RSA public key vs a DSA public key? I have two SSH .pub files and i need to know if they're RSA or DSA.
As noted in the other answer, since the file is in SSH.COM format, you can convert to openssh format and just open the file to check for ssh-dsa or ssh-rsa:
To convert your SSH.COM key to OpenSSH format use:
ssh-keygen -i -f ssh_key.pub
From the ssh-keygen manpage
-i This option will read an unencrypted private (or public) key
file in SSH2-compatible format and print an OpenSSH
compatible private (or public) key to stdout. ssh-keygen
also reads the `SECSH Public Key File Format'. This option
allows importing keys from several commercial SSH
implementations.
-f Specifies the filename of the key file.
Source: http://landru.uwaterloo.ca/cgi-bin/wiki.pl?OpenSSH_-_SSH.Com_Interoperability
You can use ssh-keygen to get a fingerprint and type out of a .pub file:
ssh-keygen -lf id_rsa.pub