On windows it is usually stored in the %USERPROFILE%\ssh or
%USERPROFILE%.ssh folders.
However I do not see the ssh folders when going to %USERPROFILE%.
Is it possible to create the ssh folder and the known_hosts file myself?
Yes, this is expected.
You can in a CMD do:
cd "%USERPROFILE%"
mkdir .ssh
From there, assuming you have ssh-keygen in your PATH (which is included in Git For Windows for example), you can type:
ssh-keygen -t rsa -P ""
That will generate a key in the default path ~/.ssh(/id_rsa[.pub]), with ~/.ssh being translated in %USERPROFILE%\.ssh
I'm constantly setting up passwordless ssh environments. And, while there are many howTos out there, most are rather long. This is going to be very short and without much explanation. Read the load documents for the details. I plan to add screen-shots, but that has to wait until after my wrist heals. I broke it badly just the day before yesterday.
PuTTY doesn't natively support the private key format (.pem)
You must convert your private key into a .ppk file
before you can connect to your instance using PuTTY
ssh-keygen generates 2 files.
- id_rsa: The private key
- id_rsa.pub: The public key
PuTTYgen will genrate the ppk for use with PuTTY.
On Linux (I’m using CentOS 8)
=================================
mkdir -p ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa -C "yourEmailAddr#yahoo.com"
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 400 ~/.ssh/*
cp ~/.ssh/* /VMShare/ssh/ #a common mount between my virtual machines and windows
on Windows
----------
1. open PuTTYgen Click Load and open the private file (normally id_rsa)
2. Click “Save Private Key” and choose a name. I use id_rsa.ppk
3. Open Putty
3.1. Set Connection->Data->Auto-login username as appropriate
3.2. set the Connection->SSH->Auth->”Private key file for authentication” to the ppk file.
To setup 1 way ssh between 2 Linux machines
-------------------------------------------
copy the id_rsa file to ~/.ssh on the second machine
Next: chmod 400 ~/.ssh/id_rsa
Now you can ssh from the second machine to the first
To setup 1 way ssh between 2 Linux machines
-------------------------------------------
Copy the id_rsa and id_rsa.pub file to ~/.ssh on the second machine
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 400 ~/.ssh/authorized_keys ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
To Test the ssh use:
--------------------
ssh -i id_rsa.pub user#host1
<https://help.dreamhost.com/hc/en-us/articles/215464758-How-do-I-set-up-passwordless-login-in-PuTTY->
Is there a way to add root's ssh private key in ssh-agent, with a standard sudo user?
I'm not really sure, but is this the restriction with this command?
In the ssh-add man page I found this:
Identity files should not be readable by anyone but the user. Note that ssh-add ignores identity files if they are accessible by others.
Thats the output:
sudouser#myhost:/ $ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-Yppfd3Xp0Yrm/agent.2429; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2430; export SSH_AGENT_PID;
echo Agent pid 2430;
sudouser#myhost:/ $ eval $(ssh-agent)
Agent pid 2435
sudouser#myhost:/ $ ssh-add /home/sudouser/.ssh/id_rsa
Enter passphrase for /home/sudouser/.ssh/id_rsa:
Identity added: /home/sudouser/.ssh/id_rsa (/home/sudouser/.ssh/id_rsa)
Works as expected.
But with root's key i get:
sudouser#myhost:/ sudo ssh-add /root/.ssh/ansible/id_rsa
or
sudouser#myhost:/ sudo sh -c 'ssh-add /root/.ssh/ansible/id_rsa'
Could not open a connection to your authentication agent.
sudo clears environment variables. ssh-add needs SSH_AUTH_SOCK and SSH_AGENT_PID in order to know how to speak to ssh-agent. So you must trick it by adding them back in the command:
sudo sh -c 'export SSH_AUTH_SOCK="'"$SSH_AUTH_SOCK"'"; export SSH_AGENT_PID="'"$SSH_AGENT_PID"'"; ssh-add /path/to/roots/private/key'
Possible alternative answer, sudo has a option to preserve environment variables:
sudo --preserve-env=SSH_AUTH_SOCK -i
Alternatively you can add this line to the sudoers file to get the same effect:
Defaults env_keep+=SSH_AUTH_SOCK
What does the ssh-copy-id command do, exactly? I've used it numerous times and it works great. However, when I try to manually cut and paste my .pub keyfile to my remote authorized_keys, it doesn't work.
I've compared the contents of my authorized_keys file where I've cut and pasted the .pub into it vs subsequently using ssh-copy-id and I'm not seeing any differences between the two, including whitespace.
Is there anything that ssh-copy-id does beyond copying the public key into authorized_keys?
This little one liner script works on sh, bash, and zsh. I use it every time there is no ssh-copy-id, for example when I'm on older version of OSX.
cat ~/.ssh/id_rsa.pub | ssh <user>#<hostname> 'cat >> ~/.ssh/authorized_keys'
How it works
I am sending the public keay to the Unix standard output (STDOUT) using the cat command. I then connect the STDOUT of cat to the standard input (STDIN) of the ssh.
The ssh executes the cat command on the server. Remember that the we have our key in the STDIN now? This key gets passed from ssh to the cat command executed on a server. The >> operator redirects the STDOUT of the cat to the end of the ~/.ssh/authorized_keys file. This way the key from public keys is appended to the authorized_keys on the server.
IMO It's better than manual copying and pasting: in this case you know exactly what content will end up in the file
I usually copy-paste keys into authorized_keys as you describe (I forget about ssh-copy-id), so it can work. Note thatchmod 600 ~/.ssh/authorized_keys is required if you're creating the file.
ssh-copy-id is a shell script so you can open it in a text editor to see what it does, this looks like the relevant bit:
printf '%s\n' "$NEW_IDS" | ssh "$#" "
umask 077 ;
mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi"
restorecon in the last line restores default SELinux security contexts. I haven't had to run that, but it might be necessary in your case.
I need to do rsync by ssh and want to do it automatically without the need of passing password for ssh manually.
Use "sshpass" non-interactive ssh password provider utility
On Ubuntu
sudo apt-get install sshpass
Command to rsync
/usr/bin/rsync -ratlz --rsh="/usr/bin/sshpass -p password ssh -o StrictHostKeyChecking=no -l username" src_path dest_path
You should use a keyfile without passphrase for scripted ssh logins. This is obviously a security risk, take care that the keyfile itself is adequately secured.
Instructions for setting up passwordless ssh access
You can avoid the password prompt on rsync command by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option.
I got it to work like this:
sshpass -p "password" rsync -ae "ssh -p remote_port_ssh" /local_dir remote_user#remote_host:/remote_dir
If you can't use a public/private keys, you can use expect:
#!/usr/bin/expect
spawn rsync SRC DEST
expect "password:"
send "PASS\n"
expect eof
if [catch wait] {
puts "rsync failed"
exit 1
}
exit 0
You will need to replace SRC and DEST with your normal rsync source and destination parameters, and replace PASS with your password. Just make sure this file is stored securely!
The following works for me:
SSHPASS='myPassword'
/usr/bin/rsync -a -r -p -o -g --progress --modify-window=1 --exclude /folderOne -s -u --rsh="/usr/bin/sshpass -p $SSHPASS ssh -o StrictHostKeyChecking=no -l root" source-path myDomain:dest-path >&2
I had to install sshpass
Use a ssh key.
Look at ssh-keygen and ssh-copy-id.
After that you can use an rsync this way :
rsync -a --stats --progress --delete /home/path server:path
Another interesting possibility:
generate RSA, or DSA key pair (as it was described)
put public key to host (as it was already described)
run:
rsync --partial --progress --rsh="ssh -i dsa_private_file" host_name#host:/home/me/d .
Note: -i dsa_private_file which is your RSA/DSA private key
Basically, this approach is very similar to the one described by #Mad Scientist, however you do not have to copy your private key to ~/.ssh. In other words, it is useful for ad-hoc tasks (one time passwordless access)
Automatically entering the password for the rsync command is difficult. My simple solution to avoid the problem is to mount the folder to be backed up. Then use a local rsync command to backup the mounted folder.
mount -t cifs //server/source/ /mnt/source-tmp -o username=Username,password=password
rsync -a /mnt/source-tmp /media/destination/
umount /mnt/source-tmp
The official solution (and others) were incomplete when I first visited, so I came back, years later, to post this alternate approach in case any others wound up here intending to use a public/private key-pair:
Execute this from the target backup machine, which pulls from source to target backup
rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' user#10.9.9.3:/home/user/Server/ /home/keith/Server/
Execute this from the source machine, which sends from source to target backup
rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' /home/user/Server/ user#10.9.9.3:/home/user/Server/
And, if you are not using an alternate port for ssh, then consider the more elegant examples below:
Execute this from the target backup machine, which pulls from source to target backup:
sudo rsync -avi --delete user#10.9.9.3:/var/www/ /media/sdb1/backups/www/
Execute this from the source machine, which sends from source to target backup:
sudo rsync -avi --delete /media/sdb1/backups/www/ user#10.9.9.3:/var/www/
If you are still getting prompted for a password, then you need to check your ssh configuration in /etc/ssh/sshd_config and verify that the users in source and target each have the others' respective public ssh key by sending each over with ssh-copy-id user#10.9.9.3.
(Again, this is for using ssh key-pairs without a password, as an alternate approach, and not for passing the password over via a file.)
Though you've already implemented it by now,
you can also use any expect implementation (you'll find alternatives in Perl, Python: pexpect, paramiko, etc..)
I use a VBScript file for doing this on Windows platform, it servers me very well.
set shell = CreateObject("WScript.Shell")
shell.run"rsync -a Name#192.168.1.100:/Users/Name/Projects/test ."
WScript.Sleep 100
shell.SendKeys"Your_Password"
shell.SendKeys "{ENTER}"
Exposing a password in a command is not safe, especially when using a bash script, if you tried to work with keyfiles thats will be nice.
create keys in your host with ssh-keygen and copy the public key with ssh-copy-id "user#hostname.example.com and then use rsync addin the option -e "ssh -i $HOME/.ssh/(your private key)" to force rsync using ssh connection via the the private key that you create earlier.
example :
rsync -avh --exclude '$LOGS' -e "ssh -i $HOME/.ssh/id_rsa" --ignore-existing $BACKUP_DIR $DESTINATION_HOST:$DESTINATION_DIR;
Here's a secure solution using a gpg encrypted password.
1.Create a .secret file containing your password in the same folder as your rsync script using the command:
echo 'my-very-secure-password' > .secret
Note that the file is hidden by default for extra security.
2.Encrypt your password file using the following gpg command and follow the prompts:
gpg -c .secret
This will create another file named .secret.gpg. Your password is now encrypted.
3.Delete the plain text password file
rm .secret
4.Finally in your rsync script use gpg and sshpass as follows:
gpg -dq secret.gpg | sshpass rsync -avl --mkpath /home/john user_name#x.x.x.x/home
The example is syncing the entire home folder for the user named john to a remote server with IP x.x.x.x
Following the idea posted by Andrew Seaford, this is done using sshfs:
echo "SuperHardToGuessPass:P" | sshfs -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user#example.com:/mypath/ /mnt/source-tmp/ -o workaround=rename -o password_stdin
rsync -a /mnt/source-tmp/ /media/destination/
umount /mnt/source-tmp