I installed the OpenSSH on my Windows 7 Machine. I want to connect to the remote Linux machine without typing password. I followed the bellow instructions but the SSH needs password to establish the connection yet.
Open CMD and run: ssh-keygen -t rsa (The public and private keys are generated in the C:\Users\user.ssh) folder
Copy the id_rsa.pub content into /home/kouhi/.ssh/authorized_keys in my Linux remote machine
In Linux Machine run: chmod 700 .ssh
In Linux Machine run: chmod 644 .ssh/authorized_keys
When I try to Ssh kouhi#remote.com the connection ask me the password yet.
Also I tied Ssh -i C:\Users\user.ssh\id_rsa kouhi#remote.com
Also I get the following reply when run the ssh command:
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for 'C:\\Users\\user\\id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: C:\\Users\\user\\id_rsa
As per this other question:
Right-click on the [private key file], select Properties then Security. Click Advanced, then Edit. Uncheck "Inheritable" and choose "Remove" in the dialog. Remove any explicit permissions left, add a "Full Access" permission to your username.
Step 1 : Open your windows powershell
Step 2 : Type command ssh-keygen -t rsa
Step 3 : Now a private and public is generated and we have to copy this
public key into the remote linux server.For that do the below
steps.
- Copy the public key stored C:\Users\User/.ssh/id_rsa.pub
(Don't copy through GUI as it will give error,use powershell
itself)
Step 4 : Now login to your remote server using your ID and password
Step 5 : Now paste the copied public key in /.ssh/authorized_keys
using vim editor.
Step 6 : Now login from your windows powershell without password
TIPS : Try ssh restart , clear your earlier generated keys in authorised key folder and id_rsa.pub if you get errors and do as fresh
Related
I'm new to ssh and having some trouble with it.
I need to connect my pycharm on my windows10 to the remote server using OpenSSH and the private key in Tools->deployment->configuration, but now I can't see id_ed25519 or id_ed25519.pub file in the ssh file folder.
I have generated an Ed25519 key by using the following code:
cd ~
ssh-keygen -t ed25519
I can find my private and public key by the following command:
cd .ssh
ls
#return: id_ed25519 id_ed25519.pub id_rsa id_rsa.pub known_hosts
I'm wondering why the private and public key disappeared, or if they were stored somewhere else. But I can find other files returned by the command above.
I even successfully connected to my remote server using the pubkey.
Is there any solution?
I have found the answer!
I generated the key more than once. And every time I needed to copy the key to Windows file system with the following command.
cd /mnt/c/users/<my-account>/.ssh/
I have two accounts, one for personal utility, the other for work. That was where I made a mistake. I filled the wrong account in the <my-account>. That is to say, I logged into the other.
That's really silly.
I had been using VSCode's remote-ssh to access my virtual machines running on google cloud. This had been working perfectly fine until I made a snapshot of my most recent instance and created a new instance out of this on a larger VM. Now when I try to connect (through any method) I get: " Permission denied (publickey).". I have spent countless hours deleting and re-adding, and recreating my ssh keys to no avail. Before I simply ran "gcloud compute config-ssh" and this created a working config file, but now this works. Please help, I have tried everything and there is simply no way for me to ssh. On the website I can click the ssh button to open up their shell, but cannot do it from my terminal
The problem may be related to the lack of identification of your SSH private key during connection in VSCode. You can indicate your private key adding IdentityFile option pointing to your SSH private key, this in your SSH connection host entries in SSH configuration files:
Host vm_name
HostName external_ip
IdentityFile /path/to/ssh_private_key
Port port_number
Here the long story if you or someone need more information.
You can go from the start for ensure that you do no have compromise your SSH keys and that is the origin of problem.
Create SSH Key
First, create new ssh keys.In the computer that you will use to access your remote host, that is Google VM instance, open your terminal or cmd and go to the ssh folder to generate the keys.
My ssh config and keys are under my user directory, /home/my_user/.ssh on Linux or C:\Users\my_user\.ssh on Windows.
The I will cd to one of these path, depending on for which of them I using at the moment.
Linux:
cd /home/my_user/.ssh
Windows:
cd C:\Users\my_user\.ssh
Command to generate SSH key
ssh-keygen -t rsa -f my_ssh_key -C user
my_ssh_key: the name your key, you can put what you want to better identify
user: must be the user that you want to use to connect at your Google VM instance.
This will generate an Private Key named my_ssh_key and a Public key named my_ssh_key.pub.
Alternatively, stay in any location of operating system and passing the absolute path where to generate the keys:
Linux:
ssh-keygen -t rsa -f /home/my_user/.ssh/my_ssh_key -C user
Windows:
ssh-keygen -t rsa -f C:\Users\my_user\.ssh\my_ssh_key -C user
Copy the public key in your Google cloud VM authorized_keys file
/home/my_user/.ssh/authorized_keys
** Do not rewrite anyone public key that already exists jus append in the file of authorized_keys file.
Add new ssh Host entry for remote connection
Click on Remote SSH manager, the icon at the bottom right of the VS Code, click on the Remote SSH: Open Configuration File option and choose your ssh configuration file to add another SSH entry for remote connection.
The config file must be under SSH directory, the same path used in the step of generate SSH keys.
Linux:
/home/my_user/.ssh/config
Windows:
C:\Users\my_user\.ssh\config
To add another Host, write the following make the properly changes:
Host vm_name
HostName external_ip
IdentityFile /path/to/ssh_private_key
Port port_number
vm_name: is alias to connect with ssh command in practical way, could be what you want.
external_ip: the external of your Google VM instance, you can get in the VM instances panel at https://console.cloud.google.com/
IdentityFile: the path for yout private SSH key, the file that you generated that note have .pub extension.
Linux:
/home/my_user/.ssh/my_ssh_key
Windows:
C:\Users\my_user\.ssh\my_ssh_key
Port: the por number of SSH of your Google VM instance, 22 is the default port.
Now it is just choose this host to connect to your Google VM instance.
For more details about SSH settings on Google Cloud Platform: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#linux-and-macos_1
When I run competitions for Icelandic Horses, I want to automatically upload the results from our Synology NAS to a remote webserver. The program we use automatically generates the html-files that needs to be uploaded.
What is the easiest way to achieve this? I have SSH access on both the NAS and the webserver.
Any help is appreciated :)
In this case you can create a cron task in the synology console with the command:
sudo -i
vi /etc/crontab
Edit the file and add a line like this at the end of the file with a scp command:
0 0 * * * root scp -r "-i/root/.ssh/mykey" 'root#serverurl.com:/some/remote/path' '/some/local/path'
Finally you have to reload the configuration restarting the service with:
synoservice -restart crond
Before all this you must to configure a pair keys to avoid the password entry:
cd to a private directory of the user which will be running the script (typically "$HOME/.ssh", to be created if needed). That directory must be protected to write acces from other users, fix the modes if needed.
generate the keypair using command "ssh-keygen"
("/usr/syno/bin/ssh-keygen" if not in your PATH)
at the prompt "Enter file in which to save the key", choose a file
name (let's say "mykey")
at the prompt "Enter passphrase (empty for no passphrase):" press
return (this will create a passwordless private key)
Two files will be created: "mykey" and "mykey.pub"
copy the contents of mykey.pub inside "$HOME/.ssh/authorized_key"
file of user account on the remote machine your script is going to
connect to.
in your script, add "-i" as argument to the
ssh command
Also in this forum is explained how to make the copy with rsync instead of scp
In SourceTree I'm using OpenSSH as authentication and created + added my SSH keys (on Windows) like this:
ssh-keygen -t rsa -C "my#email.com"
(and entered filename, password etc)
Added the key to the SSH agent:
eval "$(ssh-agent)"
ssh-add id_rsa
Added the SSH key to GitLab using
cat id_rsa.pub to print my public key
Added the public key to SourceTree by "Tools > Add SSH key" followed by the password ("Tools > options > SSH client configuration" I've selected OpenSSH).
After these steps I'm able to push and pull code.
However, each time I restart SourceTree a terminal pops-up and I have to re-enter my password again*. How can I make SourceTree / the SSH agent remember this password?
ps. my keys are saved in a directory like /d/MyName/Gitlab/ instead of ~/.ssh/ but that shouldn't be a problem, right?
EDIT:
*The message shown in the terminal:
SourceTree is loading your SSH key into the agent for authentication Please enter your passphrase if prompted to do so Enter passphrase for D:\MyName\GitLab\.ssh\id_rsa:
EDIT2:
This solution didn't solve my problem either:
You can use the Windows OpenSSH ssh-agent to manage your keys.
The problem is that Sourcetree on windows wants to start its own instance of the ssh-agent instead of using the already running service. Even if you can get that to work it will still prompt for your key passphrase on startup because Sourcetree's ssh-agent process doesn't save your keys to the the Windows keychain.
There are heaps of instructions on how to use Pageant as your ssh agent, but that is not why you're here. You're here because you want to use the OpenSSH agent, with OpenSSH formatted keys, with passphrases but without being prompted for said passphrase all over the place.
The trick is to proxy all requests to Pageant through to your OpenSSH agent.
Install OpenSSH.
Start the ssh-agent service and set to automatic.
Add your private keys to the agent with
ssh-add <key_file>
Add your public keys to the hosts you want to authenticate with.
Test that you can authenticate via ssh:
ssh -T git#github.com
Your private keys will now be loaded when you log in to your Windows account and you won't have to provide passphrases ever again.
To allow programs and libraries such as Sourcetree, WinSCP and Fabric that normally use Pageant to instead have keys provided by the ssh-agent there is an awesome program https://github.com/ndbeals/winssh-pageant
Follow instructions to install winssh-pageant, schedule it as a task to start on windows startup.
Now all calls to Pageant's NamedPipe will be proxied to the OpenSSH agent.
The last step to get SourceTree working with OpenSSH is a bit counter-intuitive.
Go to Tools | Options | General and set the SSH Client to PuTTY/Plink and uncheck the "Automatically start SSH agent when Sourcetree opens".
I solved this issue following these steps:
Find the path to Pageant (in my case was in C:\Users\{my-user}\AppData\Local\SourceTree\app-3.3.8\tools\putty\pageant.exe)
Do Window key + R or type run in Windows bar
In the text box put shell:startup
Make a shortcut of your pageant and paste it in the window that just opened
Right click on the shortcut and click on Properties
In Shortcut tab, in target put your-sourcetree-pageant-path\pageant.exe id_rsa.ppk
In Start in put C:\Users\{my-user}\.ssh and click ok
Note that your id_rsa.ppk must be inside C:\Users\{my-user}\.ssh directory
If for some reason your id_rsa.ppk is protected by a passphrase and you are sure you won't have security issues. Just remove the passphrase.
To remove the id_rsa.ppk's passphrase, follow these steps
Open PuttyGen
Go to Conversions => Import key
Remove the passphrase
Save the private key & public key
Replace the protected id_rsa.ppk with the unprotected id_rsa.ppk
Hope that helped!
You manually start your agent and set environment variables in order for commands to find it.
Whenever you start your a command (like SourceTree) without those environment variables set, that command is not able to access the agent and therefore asks for your password.
Making your agent start on system startup should solve things.
If ssh cannot reach the agent it will also look into ~/.ssh/ therefor if you place you keys there it should work, too. (Have a look at man ssh.)
After did below test, the password never asked for me.
To test whether your SSH key was added correctly, run the following command in your terminal (replacing gitlab.com with your GitLab's instance domain):
ssh -T git#gitlab.com
The first time you connect to GitLab via SSH, you should verify the authenticity of the GitLab host that you're connecting to. For example, when connecting to GitLab.com, answer yes to add GitLab.com to the list of trusted hosts:
The authenticity of host 'gitlab.com (35.231.145.151)' can't be established.
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.com' (ECDSA) to the list of known hosts.
NOTE: Note: For GitLab.com, consult the SSH host keys fingerprints, section to make sure you're connecting to the correct server. For example, you can see the ECDSA key fingerprint shown above in the linked section.
Once added to the list of known hosts, you should validate the authenticity of GitLab's host again. Run the above command once more, and you should only receive a Welcome to GitLab, #username! message.
If the welcome message doesn't appear, you can troubleshoot the problem by running ssh in verbose mode with the following command:
ssh -Tvvv git#gitlab.com
i write a script to ssh to a server in a loop using public key. However, because of some reason my public key was not correctly copied to the login server. So, i will be hanged at servers with fault public key. the situation can be exampled like below:
i use eval /usr/local/bin/ssh-attach on my desktop to record the passphrase corresponging to private file A when login to the remote servers
however, serverA have added A.pub corresponding to private key file A to authorized_keys file
i have a private key file B on my desktop, so when trying to ssh login serverA it will hang with a prompt to ask passphrase.
Does ssh have some params to config to bypass this situation?
You can use the -i option to specify the key you want the ssh to use.
ssh -i path/to/key/file user#example.com
or you can add the equivalent setting to your ssh config file
Host Example
User john
IdentityFile /path/to/file