I want to be able to execute shell commands on remote nodes using Rundeck and I found this video that explains how to do that but I don't understand the private-key part and how to configure it. I keep getting the following error:
Authentication failure connecting to node: "test-001". Make sure your
resource definitions and credentials are up to date. Failed:
AuthenticationFailure: Authentication failure connecting to node:
"test-001". Make sure your resource definitions and credentials are up
to date.
I have a remote server set up and I configured the resource.xml file like the following:
<node name="test-001" description="demo for test" tags="demo" hostname="10.10.10.10:22" osFamily="unix" osName="Linux" osVersion="2.6.32" username="demo" />
Do I need to add the ssh-key value to the xml file? If so, do I have to copy the public or private keys from the Rundeck server to the host server?
Also, the username demo has a password too, so how can I define it?
Rundeck host server connects to the node by means of private key authentication which is exactly similar to SSH private key authentication. Follow these steps to add a node to your server rundeck.
Open up the resources.xml file and add the following.
<node name="rundeck node2" description="Rundeck node2" tags="node2" hostname="10.1.0.1" osArch="amd64" osFamily="unix" osName="Linux" osVersion="3.11.10-03111015-generic" username="leo" ssh-keypath="/var/lib/rundeck/node2.key"/>
You can change the SSH user name in node and private key file name. In addition to that, you can change all the other naming parameters too like node name and tags etc.
Now get into your node server.
Create a ssh user, here its leo
switch to user leo. Generate a SSH key
ssh-keygen
Append the public key to authorized_keys
leo#c1a5f48a6c4c:~/.ssh$ pwd
/home/leo/.ssh
leo#c1a5f48a6c4c:~/.ssh$ cat id_rsa.pub >> authorized_keys
leo#c1a5f48a6c4c:~/.ssh$ chmod g-w authorized_keys
Copy the private key
leo#c1a5f48a6c4c:~/.ssh$ cat id_rsa
Save the private key to the file "/var/lib/rundeck/node2.key" on rundeck host. Now the authentication is okay and ready to execute adhoc commands from rundeck dashboard
Documentation is fairly all over the place with different versions having different keywords and there being no warnings in case you are using the wrong one.
The relevant documentation is here:
https://docs.rundeck.com/2.11.3/plugins-user-guide/ssh-plugins.html
You need to specify:
ssh-authentication: privateKey
...and:
ssh-keypath: /path/directly/to/.ssh/id_rsa
(Assuming you are using filesystem key storage.)
Remove passphrase from your keys with:
ssh-keygen -p -m PEM -f /path/to/your/.ssh/id_rsa
...and do not forget to mke sure the id_rsa file is owned by rundeck and has suitably restricted permissions.
In my case I had a passpharse in my private key. Make sure your private key passpharse is empty.
Related
I've done enough search on google and in this site, but I don't find any answer to my problem. I simply want to transfer file from local windows machine into remote ubuntu server.
This is the command I tried:
scp C:/Users/myself/Documents/personal/gd_bundle-g2-g1.crt bitnami#11.123.12.123:/etc/ssl/certs
I get this error:
Permission Denied (Publickey)
Obviously because I didnt key in the keyfile and I dont know where to key in. So please guide me how can I transfer file to remove server with public key specified.
Thanks
edit:
scp -i C:\Users\myself\Documents\personal\ppk\myfile.ppk bitnami#11.123.12.123:/C:/Users/myself/Documents/personal/gd_bundle-g2-g1.crt /etc/ssl/certs
Getting error : wrong format
You need to create an ssh key pair, a public and private key. There are many sites that explain how to do it, usually you run ssh-keygen, such as specified here.
The private key is "id_rsa" and the public key is "id_rsa.pub". On the remote machine you need to place the contents of id_rsa.pub at the end of the $HOME/.ssh/authorized_keys file. If you don't have an authorized_keys file then create one by copying id_rsa.pub there. You will need to use other means than scp to get it there.
Additionally your $HOME/.ssh directory on both machines needs to have good permissions, this is "chmod 700 .ssh" on a unix machine.
I am trying to SSH into the server as part of the deployment job in CircleCI
ssh -oStrictHostKeyChecking=no $DEV_DROPLET_USER#$DEV_DROPLET_IP
I have my SSH private key for the user on this server loaded into CircleCI but everytime I run the job, I get this output
Warning: Permanently added '$host' (ECDSA) to the list of known hosts.
<$user>#<$host>'s password:
How can I stop it prompting me for the password?
I have added the SSH key for this user to the SSH Agent on the server (these instructions)
For a passwordless ssh connection, you must:
put the private ssh key into a file in the directory $HOME/.ssh/ on the client computer connecting to the server (example : $HOME/.ssh/MyServer)
copy the public ssh key into the file $HOME/.ssh/authorized_keys on the server
have writing permission on the file $HOME/.ssh/known_hosts on the client computer
The sshd service is normally already configured to accept key based authentication.
From the client computer, you can now do a passwordless connection ssh -i $HOME/.ssh/MyServer $DEV_DROPLET_USER#$DEV_DROPLET_IP
Of course, on the client computer your $DEV_DROPLET_USER must have appropriate permissions for accessing the ssh related files.
You don’t need to do anything with the ssh agent, on the client or on the server.
Late reply, but I hope it helps somebody else in the future.
Assuming you followed these instructions in the CircleCI docs, then the private key will automatically be copied to the machine being used by CircleCI when the add_ssh_keys step is run.
Make sure one the server you are trying to SSH into, the public key generated (in ~/.ssh/id_rsa.pub or something similar) is copied to the ~/.ssh/authorized_hosts file on the same server. This crucial step is what allows anybody with the private key (CircleCI) to be allowed into the server.
So I am working with Jenkins and I need to use the Jenkins CLI, but I cannot get the authentication figured out.
I was following their rather short description here: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI which said I need to convert my .ppk file from Putty into openssh format. They link you to this post here How to convert SSH keypairs generated using PuttyGen(Windows) into key-pairs used by ssh-agent and KeyChain(Linux) and I followed those instructions and tried with the file it generated, but I end up with a file that is a single line and looks like:
ssh-rsa [KEY]
When I use this file with the Jenkins CLI I get this error:
Exception in thread "main" java.io.IOException: Invalid PEM structure, '-----BEGIN...' missing
at com.trilead.ssh2.crypto.PEMDecoder.parsePEM(PEMDecoder.java:138)
at com.trilead.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:313)
at hudson.cli.PrivateKeyProvider.loadKey(PrivateKeyProvider.java:143)
at hudson.cli.PrivateKeyProvider.loadKey(PrivateKeyProvider.java:126)
at hudson.cli.PrivateKeyProvider.readFrom(PrivateKeyProvider.java:107)
at hudson.cli.CLI._main(CLI.java:440)
at hudson.cli.CLI.main(CLI.java:387)
I am really not familiar with ssh keys at all and have been searching around for a while with no luck. Can anyone instruct me on how to get my .ppk file into the correct format to use with the Jenkins CLI? Thanks!
You have to generate a public SSH key on your machine and to declare this SSH key on your Jenkins server.
To generate a public key on your machine (with no passphrase):
ssh-keygen -t rsa
The default location for your public key is:
/Users/your.user/.ssh/id_rsa.pub
Copy your public SSH key (ssh-rsa XXXXXXXX your.email#domain.com).
Next, go on your Jenkins server and edit your Jenkins user information (via the top right corner, by clicking on your username).
Go to the "SSH Public Keys" section and paste your public key.
You should be able to access your Jenkins server with the CLI.
I've tested this configuration on my Jenkins server and it works.
brunolavit#MBP ~/Downloads$ java -jar jenkins-cli.jar -s http://myjenkinsserver.mydomain.com:8080/ version
1.577
i write a script to ssh to a server in a loop using public key. However, because of some reason my public key was not correctly copied to the login server. So, i will be hanged at servers with fault public key. the situation can be exampled like below:
i use eval /usr/local/bin/ssh-attach on my desktop to record the passphrase corresponging to private file A when login to the remote servers
however, serverA have added A.pub corresponding to private key file A to authorized_keys file
i have a private key file B on my desktop, so when trying to ssh login serverA it will hang with a prompt to ask passphrase.
Does ssh have some params to config to bypass this situation?
You can use the -i option to specify the key you want the ssh to use.
ssh -i path/to/key/file user#example.com
or you can add the equivalent setting to your ssh config file
Host Example
User john
IdentityFile /path/to/file
hg clone ssh://denis#medsecop.com//var/www/vhosts/medsecop.com/stage/symphony
returns
remote: Permission denied (publickey).
abort: no suitable response from remote hg!
I have the .ppk file but I don't know how to add options to the ssh command above to use (it says "hg clone doesn't take more arguments")
-i /path/to/keys.ppk
I connect to SSH with this:
sudo ssh -v denis#medsecop.com -i /home/denis/Desktop/MedSec/my-openssh-key
Any ideas?
If you tag question with putty tag, I suppose, you use Windows at your side (and some Win-specific details I'll mention later)?
I don't know how to add options to the ssh command above to use
Well, for any ssh-powered repositories you must to define used ssh-client in (global, user- or repository-specific) config file. For key-based authorization you can define private-key file as parameter of used command or use special additional tool (ssh-agent in *Nix or pageant in Win or...)
Sample
Windows-box with Mercurial (TortoiseHG), full Putty, without Cygwin
Key-based authorization for ssh-repositories: Plink + Pageant
Global mercurial.ini part
[ui]
merge = ...
username = ...
ssh = "PATH\TO\TortoisePlink.exe"
Also Pageant is running and (putty-type) private keys for published public keys loaded into it
When I connect to any ssh-repo, authorization happens automagically
Pageant-less version may include
-i KEYFILE option for TortoisePlink at the repository level - in the .hg\hgrc
--load SESSION option for TortoisePlink (same location as above) for using previously created Putty's session, which have all needed authorization predefined
I solved it by adding the public key
ssh-add file.ppk