ssh authentication fails after ssh-agent terminates - ssh

Backstory: currently running Arch Linux and attempting to authenticate into Github using SSH keys. I have openssh 7.1p1-1 installed as well as git 2.6.4-1.
Problem: After the ssh-agent terminates (system reboot or shell closure), I get the "Permission Denied (publickey)" message when attempting to connect to git using:
ssh -vT git#github.com
Any ideas as to why my identity does not persist? Do I have to add anything special to the ~/.ssh/config or /etc/ssh/ssh_config files?
Thank you for any help you can provide.

After ssh-agent is gone, ssh is no longer aware that id_github exists, so it never tries authenticating with that key. If you want to force ssh to always use that key for github.com, you can add this to ~/.ssh/config:
Host github.com
IdentityFile ~/.ssh/id_github
User git # Handy addition so you can skip the username part in Github URLs

Related

Gitlab SSH Key | must the ssh have the same username as gitlab account

Problem
Does the 'user#host' of the id_rsa.pub need to match with the actual machine username - host and then with the username in Gitlab?
Example:
Gitlab username name: #john.doe
Ubuntu Machine hostname command hostname: JOHNDOE
Ubuntu username: mark
Username in the id_rsa.pub: ...fsdfsdfsdfsd mark#JOHNDOE
So as you can see, my user in Ubuntu is mark and the ssh rsa key generated has a mark#JOHNDOE as last domain. But should it be john.doe#JOHNDOE instead (both in Ubuntu user and in the ssh pub key)?
And let's say that for some reason I cannot change the user in my Ubuntu machine.
I honestly think the answer is no and the issue is on my user in Gitlab that has some missing permissions or some network related problem, and I'm just paranoid but just to make sure that is not related with the ssh keys.
I think the ssh key just need to match the one in Gitlab and the username in the key has nothing to do (because actually, you can change it with command -C "john.doe#JOHNDOE" which is a Comment and anyway it still gives me errors. But again I have the doubt is ALSO the username of the Ubuntu must be john.doe
Command run / Troubleshot
OS: Ubuntu 18.04.6 LTS on Windows 10 x86_64 (WSL)
I need to connect via VPN (all other https services works via Browser so it should be fine)
Creating ssh
ssh-keygen -t rsa -b 2048
Add SSH
cat ~/.ssh/id_rsa.pub
# Then copy the key to gitlba key - etc..
Also try do
eval $(ssh-agent -s)
ssh-add -D
ssh-add ~/.ssh/id_rsa.pub
Error
Do a git clone
Please make sure you have the correct access rights and the repository exists.
Connecting
ssh -T git#gitlab.example.com
banner exchange: Connection to [here the IP but removed] port 22: Connection timed out
Ok so the problem is the VPN software that I used.
As #Raya pointed out the answer to my question is:
No, the user in the ssh public key does not matter
As soon as I changed the VPN it start to work therefore the problem was Network related
Will auto-post the answer and mark as accepted, but won't close the question so if anyone has better information can add it.

github deploy key not working for my cyberpanel user

I have a site on CyberPanel, user "thows3051" and want to use git to manage my site. But when I try ssh -T git#github.com I get git#github.com: Permission denied (publickey)..
If I ssh into the server on that user ssh thows3051#mysite.com, into the .ssh directory, there is a thows3051.pub file which I copied the contents into the repo on github under "deploy keys".
EDIT
Was able to explicitly use the correct key with ssh -i ~/.ssh/thows3051 -T git#github.com which shows You've successfully authenticated....
So my question is why isn't the user using the right ssh key?
Thanks in advance
Was able to fix it. I'm not sure what key was being used, if any?
But if you create a file in ~/.ssh/config, you can put the following inside:
IdentityFile ~/.ssh/thows3051
And it will use that key.
Note that you can set specific keys for certain hosts, for example:
Host github.com
IdentityFile ~/.ssh/github.key

fatal: Authentication failed when trying to clone GitLab project even though "ssh -i" command prints "Welcome to GitLab, [username]"

I cannot clone the project although
ssh -T git#gitlab.com
shows what I want: Welcome to GitLab, #vagnerwentz!.
The error during cloning:
Cloning into 'jobfygo'...
Username for 'https://gitlab.com': vagnerwentz
Password for 'https://vagnerwentz#gitlab.com':
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab.com/jobfy/backend/jobfygo.git/'
I resolved changing the SSH Key to RSA Key.
First, you are cloning with an HTTPS URL, which means all your SSH settings is for naught.
Second, regarding HTTPS, double-check if you have 2FA activated, because if you do, your password would actually be a PAT (Personal Access Token)
Third, if you do want to use SSH, then use the SSH URL:
git#gitlab.com:jobfy/backend/jobfygo.git
By default, such an url would use the default private SSH key ~/.ssh/id_rsa.
So if you have a key with another name, you would need to:
either rename it to id_rsa
specify it directly ssh -i /path/to/second/private/key
use a ~/.ssh/config file

SSH deploy from Bitbucket. Disable passphrase?

So basically my setup is that i'm creating an ssh pair on my remote server, then copying the pub key to bitbucket, and my server's authorized_keys file.
I'm still getting permission denied when I run my deploy on Bitbucket.
Any SSH key you use in Pipelines should not have a passphrase.
I'm assuming this has something to do with it, even tho i created the ssh pair with a blank password, my sshd_config file has:
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
Should I change this to yes?
Bitbucket's documentation says I should ssh-copy-id -i my_ssh_key user#host, but that doesn't make sense to me since all ssh gen is either happening on the remote or in Bitbucket itself.
Have no idea why this isn't clearer.
Edit: here's the error on the bitbucket build:
+ cat ./deploy.sh | ssh username#remote.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added the RSA host key for IP address ‘XXX.XXX.XX.XX’ to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
Here are some values of my sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
Ok, got it. For some reason, i had my ssh logic backwards. I re-created the ssh key pair in Bitbucket, added the public key to my remote server's ~/ssh/authorized_keys file, AND ... I assured that the permissions of that file was set to 600. Once I fixed that permission, I had my first successful build. Hope this helps someone.

Pass ssh options to ssh-copy-id

I'm stuck in the Permission denied (publickey) hell trying to copy public key to a remote server so Jenkins can rsync files during builds.
Running:
sudo ssh-copy-id -i id_rsa.pub ubuntu#xx.xx.xx.xx
I have done this for another server, but that one has a separate key pair for SSH assigned by EC2, and my current guess is that ssh-copy-id is trying to use wrong private key for this connection. Is there a way to pass -vv to ssh-copy-id so I can see what jey it's trying to use. I've looked into the -o switch, but can't seem to get it right.
Thank you.
So here's what I've done:
added following to /etc/ssh/ssh_config:
Host xx.xx.xx.xx
User ubuntu
IdentityFile ~/.ssh/key-name-for-that-machine.pem
Then copied key-name-for-that-machine.pem into /var/lib/jenkins/.ssh
Didn't run ssh-copy-id again, simply have rsync use that key file when moving stuff, here's the rsync script:
rsync -rvh -e 'ssh -v' "/tmp/project-DEV-${BUILD_ID}/" ubuntu#xx.xx.xx.xx:"/www/www.project-dir.net/"
my guess would by running it without sudo. But that's depending on how you normally log into the server.
If you normally login by using ssh ubuntu#xx.xx.xx.xx then lose the
sudo.
If not than try to login with sudo ssh ubuntu#xx.xx.xx.xx
Reading your question, at least one of these should fail.