How to make an SSH RSA key auto accept? - ssh

I need to check a bunch of servers via SSH (RAM, disk, CPU model, etc).
I want to make a script for it. But the RSA key yes/no is getting in the way.
Is it possible to auto accept the RSA key while connecting to the server via SSH?
(I.e. ssh root#ip "yes" or some workaround?)

To tell ssh not to worry about host keys, simply set the StrictHostKeyChecking option to no, i.e.
ssh -o StrictHostKeyChecking=no root#ip
If you also want to pass the password to it, you can do that using sshpass:
sshpass -p your_password ssh -o StrictHostKeyChecking=no root#ip
However, you'd be much better off using an ssh agent (such as PAgeant) and ssh key pairs - better than having your password hard-coded into a script somewhere.

Related

what is the difference between ssh-add and ssh-keygen

I know ssh-keygen it can create a public and private key inside ~/.ssh by default as id_rsa and id_rsa.pub
eg:
ssh-keygen
Later on we add the id_rsa.pub to the known_hosts of the server, so that we can do
ssh user#hostname.com
But I see we use ssh-add to pass private key so that we can login without the need of password
Eg:
ssh-add <(echo "$SSH_PRIVATE_KEY")
for this we need to start ssh-agent
eval $(ssh-agent -s)
and then
ssh user#hostname.com
Assuming there is already ~/.ssh/id_rsa. So here how does ssh know which private key it has to use
ssh, if it finds a value for SSH_AUTH_SOCK in the environment, will ask that agent for all private keys and try them one by one, unless you tell it which specific key to use via the -i command-line option or the IdentitiyFile configuration option.
The main benefit of ssh-agent is that it can hold unencrypted keys in memory, so that you only need to use the key's passphrase once, when it is added to the agent, rather than every time ssh tries to use the key.
(The other benefit is that if you have multiple ssh connections in a chain, you can keep the private keys in an agent on the first machine. The ssh client can forward the agent connection to the remote machine, where ssh clients can access the agent to use keys for the next step in the chain.)

Remote port forwarding with ssh keys

I'm trying to access localhost:6006 on my remote ubuntu machine using public keys, and put it on my localhost:6006.
The command is something similar to:
ssh -N -L 127.0.0.1:6006:127.0.0.1:6006 ubuntu#XXX.XX.XX.XXX
but I keep getting public key denied (but I can access the computer with my keys via normal ssh)
You should specify your private key with option -i.
ssh -i [path_of_your_private_key] -N -L 127.0.0.1:6006:127.0.0.1:6006 ubuntu#XXX.XX.XX.XXX

Host key verification failed even though I use `-o StrictHostKeyChecking=no`

I try to run:
ssh -o StrictHostKeyChecking=no ${REGR_IP_ADDR}/deploy_jar.sh 1
and I get
14:02:54 Host key verification failed.
14:02:54 lost connection
StrictHostKeyChecking does not turn off the verification, if you already stored the public key of this host. Common combination is with UserKnownHostsFile=/dev/null, which makes sure that there is no other previous public key.
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${REGR_IP_ADDR}/deploy_jar.sh 1
Should do the job for you. But note that it is not recommended in live environment, because it is the only mechanism protecting you against MITM attack.

Pass ssh options to ssh-copy-id

I'm stuck in the Permission denied (publickey) hell trying to copy public key to a remote server so Jenkins can rsync files during builds.
Running:
sudo ssh-copy-id -i id_rsa.pub ubuntu#xx.xx.xx.xx
I have done this for another server, but that one has a separate key pair for SSH assigned by EC2, and my current guess is that ssh-copy-id is trying to use wrong private key for this connection. Is there a way to pass -vv to ssh-copy-id so I can see what jey it's trying to use. I've looked into the -o switch, but can't seem to get it right.
Thank you.
So here's what I've done:
added following to /etc/ssh/ssh_config:
Host xx.xx.xx.xx
User ubuntu
IdentityFile ~/.ssh/key-name-for-that-machine.pem
Then copied key-name-for-that-machine.pem into /var/lib/jenkins/.ssh
Didn't run ssh-copy-id again, simply have rsync use that key file when moving stuff, here's the rsync script:
rsync -rvh -e 'ssh -v' "/tmp/project-DEV-${BUILD_ID}/" ubuntu#xx.xx.xx.xx:"/www/www.project-dir.net/"
my guess would by running it without sudo. But that's depending on how you normally log into the server.
If you normally login by using ssh ubuntu#xx.xx.xx.xx then lose the
sudo.
If not than try to login with sudo ssh ubuntu#xx.xx.xx.xx
Reading your question, at least one of these should fail.

Trouble setting up SSH keys

I'm using rsync to backup our server to another running an rsync daemon on our LAN using the command
rsync -av /volume1/ Public/ root#192.168.2.20:/shares/Backup/Public/
It's working great except that it requires a manual password entry, so I'd like to automate it with a key pair. Running ssh-keygen I get the below where I hit return 3 times
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
ssh-copy-id script isn't on our system, so I used the line below to copy the password file to the backup destination server. I checked and it copied correctly
> cat /root/.ssh/id_rsa.pub | ssh root#192.168.2.20 "cat >> /root/.ssh/authorized_keys"
As a test, I ssh to the destination server to ensure there's no longer a password prompt, but I'm still getting one?
DiskStation> ssh 192.168.2.20
root#192.168.2.20's password:
I'm not strong in unix, so am likely missing something obvious. Suggestions please?
___ Edit ____
Followed up with adding the following settings to sshd_config but still no luck:
RSAAuthentication yes
PubkeyAuthentication yes
Not sure if it matters, but the machine hosting the public key as a WD Sharespace which is a Debian Lenny build.
The correct procedure for passwordless SSH is as follows:
Begin by executing the ssh-keygen command to generate a key
ssh-keygen
Once you have the key, then you can copy it to the remote server. Use this command which makes it easier
ssh-copy-id user#host
The command assumes that you are using port 22 for ssh, if not use, with xxxx being the port number
ssh-copy-id "user#host -p xxxx"
See here for a detailed description of this command
In your case, when you are editing
/etc/ssh/sshd_config
Make sure you modify PasswordAuthentication from
PasswordAuthentication yes
to
PasswordAuthentication no
then restart sshd with
service sshd restart
Make sure the key is in your chain. ssh-add ~path/to/private/key otherwise you need to do ssh -i /path/to/key . Then make sure you're using ssh root#whatever. Then make sure the file is written to the remote node properly. Try copying and pasting rather than your cat and pipe. And lastly, try restarting ssh on the remote and perform those steps again (to permit the permitrootlogin to be active).
By the way, the fact that you are trying to avoid entering passwords and then you added a passphrase for the key, makes this entire process pointless.