In cygwin, I connect via ssh into an ec2 computer,
ssh -i xxxxxxx.pem ec2-user#ec2xxxxx.amazonaws.com
Ask who am I and get ec2-user
[ec2-user#ip-xxxxxxx]$ whoami
ec2-user
But when I run git clone with https, it asks me for my 'personal' password. So that for the user of my local computer, not the one at ec2.
Password for 'https://localuser#bitbucket.org'
What's going on? Why doesn't it use ec2-user? Isn't ssh supposed to handle only communication between my local and that remote computer?
It looks like you're using bitbucket. When you clone via BitBucket over SSH, use:
git clone git#bitbucket.org:<you>/<repository>.git
It looks like you're a) cloning over HTTPS rather than SSH, and, b) you're not specifying a username.
Before this will work, you'll need to generate an SSH key:
ssh-keygen -t rsa
And then copy the contents of ~/.ssh.id_rsa.pub to your clipboard, and then paste it into the BitBucket settings for your user account, under Account Settings -> SSH Keys. The user for SSH cloning from BitBucket will always be git, rather than your local username or ec2-user.
See here for more info.
Related
Here is my situation. I want to access a server through a jumpbox/bastion host.
so, I will login as normal user in jumpbox and then change user to root after that login to remote server using root. I dont have direct access to root in jumpbox.
$ ssh user#jumpbox
$ user#jumpbox:~# su - root
Enter Password:
$ root#jumpbox:~/ ssh root#remoteserver
Enter Password:
$ root#remoteserver:~/
Above is the manual workflow. I want to achieve this in ansible.
I have seen something like this.
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q user#jumpbox"'
This doesnot work when we need to switch to root and login to remote server.
There are a few things to unpack here:
General Design / Issue:
This isn't an Ansible issue, it's an ssh issue/proxy misconfiguration.
A bastion host/ssh proxy isn't meant to be logged into and have commands ran directly on it interactively (like su - root, enter password, then ssh...). That's not really a bastion, that's just a server you're logging into and running commands on. It's not an actual ssh proxy/bastion/jump role. At that point you might as well just run Ansible on the host.
That's why things like ProxyJump and ProxyCommand aren't working. They are designed to work with ssh proxies that are configured as ssh proxies (bastions).
Running Ansible Tasks as Root:
Ansible can run with sudo during task execution (it's called "become" in Ansible lingo), so you should never need to SSH as the literal root user with Ansible (shouldn't ssh as root ever really).
Answering the question:
There are a lot of workarounds for this, but the straightforward answer here is to configure the jump host as a proper bastion and your issue will go away. An example...
As the bastion "user", create an ssh key pair, or use an existing one.
On the bastion, edit the users ~/.ssh/config file to access the target server with the private key and desired user.
EXAMPLE user#bastion's ~/.ssh/config (I cringe seeing root here)...
Host remote-server
User root
IdentityFile ~/.ssh/my-private-key
Add the public key created in step 1 to the target servers ~/.ssh/authorized_keys file for the user you're logging in as.
After that type of config, your jump host is working as a regular ssh proxy. You can then use ProxyCommand or ProxyJump as you had tried to originally without issue.
I have a site on CyberPanel, user "thows3051" and want to use git to manage my site. But when I try ssh -T git#github.com I get git#github.com: Permission denied (publickey)..
If I ssh into the server on that user ssh thows3051#mysite.com, into the .ssh directory, there is a thows3051.pub file which I copied the contents into the repo on github under "deploy keys".
EDIT
Was able to explicitly use the correct key with ssh -i ~/.ssh/thows3051 -T git#github.com which shows You've successfully authenticated....
So my question is why isn't the user using the right ssh key?
Thanks in advance
Was able to fix it. I'm not sure what key was being used, if any?
But if you create a file in ~/.ssh/config, you can put the following inside:
IdentityFile ~/.ssh/thows3051
And it will use that key.
Note that you can set specific keys for certain hosts, for example:
Host github.com
IdentityFile ~/.ssh/github.key
I had been using VSCode's remote-ssh to access my virtual machines running on google cloud. This had been working perfectly fine until I made a snapshot of my most recent instance and created a new instance out of this on a larger VM. Now when I try to connect (through any method) I get: " Permission denied (publickey).". I have spent countless hours deleting and re-adding, and recreating my ssh keys to no avail. Before I simply ran "gcloud compute config-ssh" and this created a working config file, but now this works. Please help, I have tried everything and there is simply no way for me to ssh. On the website I can click the ssh button to open up their shell, but cannot do it from my terminal
The problem may be related to the lack of identification of your SSH private key during connection in VSCode. You can indicate your private key adding IdentityFile option pointing to your SSH private key, this in your SSH connection host entries in SSH configuration files:
Host vm_name
HostName external_ip
IdentityFile /path/to/ssh_private_key
Port port_number
Here the long story if you or someone need more information.
You can go from the start for ensure that you do no have compromise your SSH keys and that is the origin of problem.
Create SSH Key
First, create new ssh keys.In the computer that you will use to access your remote host, that is Google VM instance, open your terminal or cmd and go to the ssh folder to generate the keys.
My ssh config and keys are under my user directory, /home/my_user/.ssh on Linux or C:\Users\my_user\.ssh on Windows.
The I will cd to one of these path, depending on for which of them I using at the moment.
Linux:
cd /home/my_user/.ssh
Windows:
cd C:\Users\my_user\.ssh
Command to generate SSH key
ssh-keygen -t rsa -f my_ssh_key -C user
my_ssh_key: the name your key, you can put what you want to better identify
user: must be the user that you want to use to connect at your Google VM instance.
This will generate an Private Key named my_ssh_key and a Public key named my_ssh_key.pub.
Alternatively, stay in any location of operating system and passing the absolute path where to generate the keys:
Linux:
ssh-keygen -t rsa -f /home/my_user/.ssh/my_ssh_key -C user
Windows:
ssh-keygen -t rsa -f C:\Users\my_user\.ssh\my_ssh_key -C user
Copy the public key in your Google cloud VM authorized_keys file
/home/my_user/.ssh/authorized_keys
** Do not rewrite anyone public key that already exists jus append in the file of authorized_keys file.
Add new ssh Host entry for remote connection
Click on Remote SSH manager, the icon at the bottom right of the VS Code, click on the Remote SSH: Open Configuration File option and choose your ssh configuration file to add another SSH entry for remote connection.
The config file must be under SSH directory, the same path used in the step of generate SSH keys.
Linux:
/home/my_user/.ssh/config
Windows:
C:\Users\my_user\.ssh\config
To add another Host, write the following make the properly changes:
Host vm_name
HostName external_ip
IdentityFile /path/to/ssh_private_key
Port port_number
vm_name: is alias to connect with ssh command in practical way, could be what you want.
external_ip: the external of your Google VM instance, you can get in the VM instances panel at https://console.cloud.google.com/
IdentityFile: the path for yout private SSH key, the file that you generated that note have .pub extension.
Linux:
/home/my_user/.ssh/my_ssh_key
Windows:
C:\Users\my_user\.ssh\my_ssh_key
Port: the por number of SSH of your Google VM instance, 22 is the default port.
Now it is just choose this host to connect to your Google VM instance.
For more details about SSH settings on Google Cloud Platform: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#linux-and-macos_1
I'm on my work computer, which is already [successfully] configured to connect to our GitHub account and authenticate our commits using SSH and GPG keys, respectively. Before I began changing things, my original ~/.ssh/config file was this:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
To add my personal account, I generated a new SSH key (~/.ssh/id_rsa_personal), added the .pub part to my personal GitHub account, and modified my ~/.ssh/config file to the following:
# Default
Host *
AddKeysToAgent yes
UseKeychain yes
# Personal
Host github.com-PERSONAL
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_personal
# Work
Host github.com
HostName github.com
IdentityFile ~/.ssh/id_rsa
After this change, I am still able to interact with my work account without a problem – nothing has changed. However, when I attempt to interact with my personal account using
git clone git#github-PERSONAL:nikblanchet/myrepository.git
, I am getting an error message:
Cloning into 'myrepository'...
ssh: Could not resolve hostname github-personal: nodename nor servname provided, or not known
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
To narrow down the issue, I decided to try a simple SSH authentication
ssh -T git#github.com-PERSONAL
, and, surprisingly, it worked!
Hi nikblanchet! You've successfully authenticated, but GitHub does not provide shell access.
(Running ssh -T git#github.com authenticated with my work account, as expected.)
So now I'm lost. Why can ssh -T resolve the hostname while git clone cannot? What did I miss?
You URL should be:
github.com-PERSONAL:nikblanchet/myrepository.git
You tried first
git#github-PERSONAL:nikblanchet/myrepository.git
That is why it was not able to resolve github-PERSONAL, which is not in your config file.
github.com-PERSONAL is.
Note: no need to add the git# part: your config file does specify the User git already.
I'd like to run a rsync command from a vagrant vm to a remote server (to push files) without the need for a password.
So, the involved machines are: host, guest vm and remote
host is authorized on remote via authorized_keys, however when I run the rsync command from the vm I get asked for a password.
Is there a way to get passwordless rsync from the vm using the keys on the already-authorized host?
I'd like to avoid copying a new authorized key to the remote every time I create a vm.
Also, adding my server's password in the vagrant file is not an option.
Use ssh key forwarding via ssh-agent. Follow these steps:
On your host machine:
ssh-add PATH_TO_KEY <use Tab if unsure>
vagrant ssh
In the vagrant box edit your ~/.ssh/config:
Host name_or_ip_of_remote
ForwardAgent yes
Now try to connect to the remote from the vagrant box:
ssh name_or_ip_of_remote
It should work without a password. As rsync is using ssh under the hood, it will work without a password too.