I remade my SSH key after switching to a new machine and just copied over my existing customized Vagrant box I packaged up.
When I tried to ssh into the box, I got the REMOTE HOST IDENTIFICATION HAS CHANGED error. So I cleared the entry out of the known_hosts and ssh'd back into the box. The new key was accepted, but now every time I ssh in I am required to enter the default vagrant password instead of just using my ssh key.
What am I missing here?
"The new key was accepted"?
Have you verified that the private key on Host and the public key on Guest paired?
If the key was accepted, no password prompt should pop up.
To verify your private/public keys:
Locate your private key on Host OS(IdentityFile for vagrant):
vagrant ssh-config
Generate public key from private key:
ssh-keygen -y -f private_key > public_key
cat public_key
Compare the generated public_key with the public_key on Guest OS(you can login by password).
cat ~/.ssh/authorized_keys
I have this issue and it seems to be caused by multiple VM running. I typed vagrant ssh-congfig and noticed that it reported port 2200 instead of 2222 which I was connecting on. When I connected on 2200 it didn't require password. Not sure if that is same for you but it's what happened to me.
Do you have the line like below in your ~/.ssh/config ?
PubkeyAcceptedKeyTypes ssh-dss,ssh-rsa
In my case, after removing this, vagrant ssh stopped asking me for password.
Related
I'm trying to create an ansible and I want an ssh key specific for the ansible that requires no passphrase (for automation pourposes). Here's what I've done:
> ssh-keygen -t ed25519 -C "ansible"
Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\user_name/.ssh/id_ed25519): C:\Users\user_name/.ssh/ansible
At the following:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
I left them empty and just pressed enter and
the public/private key files get created.
I copied the public key to the VM I want to connect to and made sure it's there by looking inside the
~/.ssh/authorized_keys
But when I try connecting to the VM, with the ansible specific ssh key I just created (which doesn't require a passphrase) it asks me for the password...
ssh -i C:\Users\user_name/.ssh/ansible ip_addr
user_name#ip_addr's password:
Now, I believe the password is asking for it's the one of the VM itself, not the ssh key, but I was expecting to ssh inside without having to enter any sort of password. What am I missing?
The host machine is Windows 10, the VM has Ubuntu 20.04
My problem is that one user forgot his ssh passphrase for key, so i had to generate new one and install it on all environments.
Here's the thing: I have created key without any passphrase and copied it to all servers (single key pair on all servers) so every server has the same id_rsa key and id_rsa.pub key added to authorized_keys. And the problem is I still can't login to these servers.
output:
user#server1:~$ ssh user#server2
Enter passphrase for key '/home/user/.ssh/id_rsa': <empty>
Permission denied (publickey).
user#server1:~$
I have no idea what may cause the problem. I have generated those keys twice, tried to use ssh-add command to be sure that system can see those keys but nothing helped.
Do you have any idea how to solve this problem?
Remove ".ssh" forlder in every user folder (e.g. /home/user1), then try to generate new keys again. ".ssh" folder is hidden by default, press CTRL + H to showing the hidden file and folders.
Also, you can ssh to a system as password-less :
ssh-keygen
ssh-copy-id user#host
After the key is copied, ssh into the machine is password-less :
ssh user#host
After change your key, type:
ssh-add
And to verify, type:
ssh-add -l
And verify with md5sum your id_rsa.pub in your host and authorized_keys on the server.
In SourceTree I'm using OpenSSH as authentication and created + added my SSH keys (on Windows) like this:
ssh-keygen -t rsa -C "my#email.com"
(and entered filename, password etc)
Added the key to the SSH agent:
eval "$(ssh-agent)"
ssh-add id_rsa
Added the SSH key to GitLab using
cat id_rsa.pub to print my public key
Added the public key to SourceTree by "Tools > Add SSH key" followed by the password ("Tools > options > SSH client configuration" I've selected OpenSSH).
After these steps I'm able to push and pull code.
However, each time I restart SourceTree a terminal pops-up and I have to re-enter my password again*. How can I make SourceTree / the SSH agent remember this password?
ps. my keys are saved in a directory like /d/MyName/Gitlab/ instead of ~/.ssh/ but that shouldn't be a problem, right?
EDIT:
*The message shown in the terminal:
SourceTree is loading your SSH key into the agent for authentication Please enter your passphrase if prompted to do so Enter passphrase for D:\MyName\GitLab\.ssh\id_rsa:
EDIT2:
This solution didn't solve my problem either:
You can use the Windows OpenSSH ssh-agent to manage your keys.
The problem is that Sourcetree on windows wants to start its own instance of the ssh-agent instead of using the already running service. Even if you can get that to work it will still prompt for your key passphrase on startup because Sourcetree's ssh-agent process doesn't save your keys to the the Windows keychain.
There are heaps of instructions on how to use Pageant as your ssh agent, but that is not why you're here. You're here because you want to use the OpenSSH agent, with OpenSSH formatted keys, with passphrases but without being prompted for said passphrase all over the place.
The trick is to proxy all requests to Pageant through to your OpenSSH agent.
Install OpenSSH.
Start the ssh-agent service and set to automatic.
Add your private keys to the agent with
ssh-add <key_file>
Add your public keys to the hosts you want to authenticate with.
Test that you can authenticate via ssh:
ssh -T git#github.com
Your private keys will now be loaded when you log in to your Windows account and you won't have to provide passphrases ever again.
To allow programs and libraries such as Sourcetree, WinSCP and Fabric that normally use Pageant to instead have keys provided by the ssh-agent there is an awesome program https://github.com/ndbeals/winssh-pageant
Follow instructions to install winssh-pageant, schedule it as a task to start on windows startup.
Now all calls to Pageant's NamedPipe will be proxied to the OpenSSH agent.
The last step to get SourceTree working with OpenSSH is a bit counter-intuitive.
Go to Tools | Options | General and set the SSH Client to PuTTY/Plink and uncheck the "Automatically start SSH agent when Sourcetree opens".
I solved this issue following these steps:
Find the path to Pageant (in my case was in C:\Users\{my-user}\AppData\Local\SourceTree\app-3.3.8\tools\putty\pageant.exe)
Do Window key + R or type run in Windows bar
In the text box put shell:startup
Make a shortcut of your pageant and paste it in the window that just opened
Right click on the shortcut and click on Properties
In Shortcut tab, in target put your-sourcetree-pageant-path\pageant.exe id_rsa.ppk
In Start in put C:\Users\{my-user}\.ssh and click ok
Note that your id_rsa.ppk must be inside C:\Users\{my-user}\.ssh directory
If for some reason your id_rsa.ppk is protected by a passphrase and you are sure you won't have security issues. Just remove the passphrase.
To remove the id_rsa.ppk's passphrase, follow these steps
Open PuttyGen
Go to Conversions => Import key
Remove the passphrase
Save the private key & public key
Replace the protected id_rsa.ppk with the unprotected id_rsa.ppk
Hope that helped!
You manually start your agent and set environment variables in order for commands to find it.
Whenever you start your a command (like SourceTree) without those environment variables set, that command is not able to access the agent and therefore asks for your password.
Making your agent start on system startup should solve things.
If ssh cannot reach the agent it will also look into ~/.ssh/ therefor if you place you keys there it should work, too. (Have a look at man ssh.)
After did below test, the password never asked for me.
To test whether your SSH key was added correctly, run the following command in your terminal (replacing gitlab.com with your GitLab's instance domain):
ssh -T git#gitlab.com
The first time you connect to GitLab via SSH, you should verify the authenticity of the GitLab host that you're connecting to. For example, when connecting to GitLab.com, answer yes to add GitLab.com to the list of trusted hosts:
The authenticity of host 'gitlab.com (35.231.145.151)' can't be established.
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.com' (ECDSA) to the list of known hosts.
NOTE: Note: For GitLab.com, consult the SSH host keys fingerprints, section to make sure you're connecting to the correct server. For example, you can see the ECDSA key fingerprint shown above in the linked section.
Once added to the list of known hosts, you should validate the authenticity of GitLab's host again. Run the above command once more, and you should only receive a Welcome to GitLab, #username! message.
If the welcome message doesn't appear, you can troubleshoot the problem by running ssh in verbose mode with the following command:
ssh -Tvvv git#gitlab.com
I'm trying to connect to vagrant via homestead ssh:
vagrant#127.0.0.1's password:
But my public key password doesn't work.
My Homestead.yaml looks like this:
authorize: ~/.ssh/id_rsa.pub
keys:
- ~/.ssh/id_rsa
I'm using "Laravel Homestead version 2.0.14" with "Vagrant 1.7.2".
After trying a lot of passwords and becoming totally confused why my public key password is not working I found out that I have to use vagrant as password.
Maybe this info helps someone else too - that's because I've written it down here.
Edit:
According to the Vagrant documentation, there is usually a default password for the user vagrant which is vagrant.
Read more on here: official website
In recent versions however, they have moved to generating keypairs for each machine. If you would like to find out where that key is, you can run vagrant ssh -- -v. This will show the verbose output of the ssh login process. You should see a line like
debug1: Trying private key: /home/aaron/Documents/VMs/.vagrant/machines/default/virtualbox/private_key
I've a same problem. After move machine from restore of Time Machine, on another host. There problem it's that ssh key for vagrant it's not your key, it's a key on Homestead directory.
Solution for me:
Use vagrant / vagrant for access ti VM of Homestead
vagrant ssh-config for see config of ssh
run on terminal
vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "/Users/MYUSER/.vagrant.d/insecure_private_key"
IdentitiesOnly yes
LogLevel FATAL
ForwardAgent yes
Create a new pair of SSH keys
ssh-keygen -f /Users/MYUSER/.vagrant.d/insecure_private_key
Copy content of public key
cat /Users/MYUSER/.vagrant.d/insecure_private_key.pub
On other shell in Homestead VM Machine copy into authorized_keys
vagrant#homestad:~$ echo 'CONTENT_PASTE_OF_PRIVATE_KEY' >> ~/.ssh/authorized_keys
Now can access with vagrant ssh
By default Vagrant uses a generated private key to login, you can try this:
ssh -l ubuntu -p 2222 -i .vagrant/machines/default/virtualbox/private_key 127.0.0.1
This is the default working setup https://www.youtube.com/watch?v=XiD7JTCBdpI
Use Connection Method: standard TCP/IP over ssh
Then ssh hostname: 127.0.0.1:2222
SSH Username: vagrant password vagrant
MySQL Hostname: localhost
Username: homestead password:secret
On a Windows machine I was able to log to to ssh from git bash with
ssh vagrant#VAGRANT_SERVER_IP without providing a password
Using Bitvise SSH client on window
Server host: VAGRANT_SERVER_IP
Server port: 22
Username: vagrant
Password: vagrant
In my case I learned through the output from:
vagrant ssh -- -v
The problem was my private key generated by vagrant was ignored because the permissions were too open (on Windows 10).
The log lines were:
Permissions for 'C:/My Folder/.vagrant/machines/default/virtualbox/private_key'
are too open. It is required that your private key files are NOT
accessible by others. This private key will be ignored.
So in Windows Explorer, navigate to the private key for the VM on the path in your log, right-click and select properties. Then go to the Security tab and click the Advanced button. Next, Add your specific user with Full Control, and then select whichever group also has permissions and click the Disable inheritance button at the bottom of the dialog and chose to remove all inheritance. You should be left with just your own user account having permissions on the private_key file. Click Apply and close the properties dialog, then try vagrant ssh again. It should now let you in without asking for a password.
I have two servers called: "eps" and "dev". On server dev I have added the public key of eps to the authorized_keys file. I have then restarted SSH service on the dev server to ensure it picks up the new public key I added to the authorized_keys file.
However when I then try and ssh into "dev" from "eps", I'm prompted for passphrase for a key. the exact prompt is: Enter passphrase for key '/home/webmaster/.ssh/id_rsa':
Why is this happening? I thought it should just log me into the dev server right away.
When creating the SSH key using ssh-keygen you are prompted for a password to secure the private key. Therefore for SSH to use the key the password has to be entered to unlock the private key locally, which is why you are seeing the "Enter passphrase for key". This is not the same as the password to authenticate the user on the SSH server.
In order to have a password-less login you need to create a keyfile with ssh-keygen which has an empty password.