I've added my public key to the metadata for my project in the developer's console, when I ssh into an Ubuntu VM instance I can see my public key in the file ~/.ssh/authorized_keys but when I try to use it to clone a project from Bitbucket I receive the error Permission denied (publickey)
If I ssh-add -l I just get The agent has no identities. Is there something else I'm supposed to be doing to use my existing public key on GCE instances?
You are mixing up things. There are two keys, public and private (for example ~/.ssh/id_rsa{,.pub}). You are adding public key where you want to ssh/login and store private key on you computer/computer from where you want to ssh/login.
If you want to use your key pair for cloning from BitBucket from your VM, you need to do one of these things:
Using local forwarded keys
create key pair on local machine: ssh-keygen
store public key in BitBucket
add this key pair into ssh agent: ssh-add path/to/private/key
ssh into VM with agent forwarding: ssh -K your-vm
do your clone: git clone your-repo
Using separate key pair
ssh to your VM: ssh your-vm
create key pair on VM: ssh-keygen
store public key in BitBucket
do your clone: git clone your-repo
The first solution is more useful if you don't want to have many keys and the operations with repository will not happen without your participation (cron jobs). The second one is more helpful if you want to update repo using cron and run some automation on this.
Related
I have already copied an SSH key to a server with ssh-copy-id -i ~/.ssh/skynet_key.pub.
Now I am building the gitlab-ci pipeline and have generated an new SSH key pair on my computer. I saved the private key as a variable in my gitlab project account.
Now I want to upload the new public key to the server.
My question is can I do this again from my local computer with ssh-copy-id?
Because I already have an SSH key pair distributed on both systems.
Would there be any problems here?
If so, how can I transfer the public key to the server?
Manually add the pubKey to authorized_keys?
As mentioned here, you can use the -o option (passed to SSH) to specify an existing key, in order to copy your second key:
ssh-copy-id -i ~/.ssh/<your-new-id-to-install> \
-o 'IdentityFile ~/.ssh/<your-already-existing-id>' \
<servername>`
I've used ssh-keygen to generate a ssh key pair, and then ssh-copy-id to copy the public key to the remote server. This has worked for all systems in my local network. I followed instructions similar to this link
However, on bitbucket and github, I see this additional step of adding the private key to the ssh-agent using ssh-add <private key>
This page explains what this additional step but why is that not needed for my local network when it is needed for github and bitbucket?
Thanks
The "Adding your SSH key to the ssh-agent" documented on GitHub (same on GitLab) is only there if you generate a private SSH key protected by a passphrase (meaning, encrypted)
The idea is that, for a private SSH key used for authenticating to a remote public service like GitHub or GitLab, it is better to have an encrypted key, which makes it less dangerous if said key is leaked.
This is different for a private SSH key used inside a LAN (in your local network): using a passphrase is still a good idea but not mandatory: if the SSH key leak, you still need access to the LAN in order to use it.
I'm stuck with a little ssh problem. I'm working with a Windows10 which has its pair of ssh keys generated via PuttyGen (rsa) by using domain's mail. I use this pair to connect via Ssh to my GitLab repository and all works fine.
I decided to create a Ubuntu VM via VirtualBox on the same machine, then I generated a new ssh keys pair into the VM using
ssh-keygen -t rsa -C "my.email#example.com" -b 4096
with the same mail of windows10's domain. After that I added this new public key into my GitLab account. However, when I test this new pair of keys via
ssh -Tv git#gitlab.com
where "gitlab.com" is my gitlab repository, I receive, along with some debug messages (which don't contain any useful information)
Permission denied (publickey)
Now, my question is as follows:
is there something that I should do differently as usual to setup a new pair of SSh keys into a VirtualMachine which use the same network of the Host machine? Or, theoretically, should it work fine just as I did?
Thank you
EDIT: I've also tried to copy the same VM SSH keys into my Windows machine, replacing the old one, and they works. So it's not a generation key problem, I think it's really a problem of VirtualBox or Virtualization in general, any help?
I've got two EC2 instances and I'm trying to see if I can ssh from one to another.
If I try from my Windows instance to PuTTY each of them it works( by providing the .ppk file).
Now, both instances were associated to the same key-pair and if I chekc in the .ssh/authorized_keys there is the same public key(obviously because it refers to the same Key-pair that I generated in AWS).
I tried to ssh <other host> but it asks me for a passphrase of the key which doesn't exist.
SO what I did now is to create a key-pair from instance A with ssh-keygen, then I tried
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
but it gives me this error:
Permission denied (publickey).
Please if you have any ideas they are welcome.
You can't use ssh-copy-id if the only authentication method you have is publickey.
When you generated the key on the first instance, you need to copy public part from ~/.ssh/id_rsa.pub to the other instances ~/.ssh/authorized_keys.
The typical procedure for a user to add an authorized key to ~/.ssh/authorized_keys is:
Copy the public key on the remote host with scp.
Connect with ssh and add the key to the file.
Such a procedure is for instance described in an answer to ”How to add a ssh key to remote server?”
Is this possible to add the key in only one step — with only one login to the remote server? An answer working on FreeBSD and Debian GNU/Linux (both with OpenSSH) would be great.
ssh-copy-id user#hostname.com -i filename_of_key_to_copy