The typical procedure for a user to add an authorized key to ~/.ssh/authorized_keys is:
Copy the public key on the remote host with scp.
Connect with ssh and add the key to the file.
Such a procedure is for instance described in an answer to ”How to add a ssh key to remote server?”
Is this possible to add the key in only one step — with only one login to the remote server? An answer working on FreeBSD and Debian GNU/Linux (both with OpenSSH) would be great.
ssh-copy-id user#hostname.com -i filename_of_key_to_copy
Related
I am trying to configure a SSH Key-Based Authentication and after i created one, i want to copy the SSH Public Key to my server. When i give the following command on git bash : ssh-copy-id username#remote_host , i am asked for a password.
remote_host must be the floating_ip of the VM that i am trying to connect to ?
Which password should i type in ?
It would be really helpful if you could answer my questions.
On the first SSH operation (here an ssh-copy-id), you would need the password of the remote account, in order for the command to add your public kay to said remote user account ~/.ssh/authorized_keys.
Only then subsequent SSH commands would work without asking for password (only passphrase, if your private key is passphrase-protected, and if you have not added the private key to an ssh agent, for caching said passphrase).
I am trying to SSH into the server as part of the deployment job in CircleCI
ssh -oStrictHostKeyChecking=no $DEV_DROPLET_USER#$DEV_DROPLET_IP
I have my SSH private key for the user on this server loaded into CircleCI but everytime I run the job, I get this output
Warning: Permanently added '$host' (ECDSA) to the list of known hosts.
<$user>#<$host>'s password:
How can I stop it prompting me for the password?
I have added the SSH key for this user to the SSH Agent on the server (these instructions)
For a passwordless ssh connection, you must:
put the private ssh key into a file in the directory $HOME/.ssh/ on the client computer connecting to the server (example : $HOME/.ssh/MyServer)
copy the public ssh key into the file $HOME/.ssh/authorized_keys on the server
have writing permission on the file $HOME/.ssh/known_hosts on the client computer
The sshd service is normally already configured to accept key based authentication.
From the client computer, you can now do a passwordless connection ssh -i $HOME/.ssh/MyServer $DEV_DROPLET_USER#$DEV_DROPLET_IP
Of course, on the client computer your $DEV_DROPLET_USER must have appropriate permissions for accessing the ssh related files.
You don’t need to do anything with the ssh agent, on the client or on the server.
Late reply, but I hope it helps somebody else in the future.
Assuming you followed these instructions in the CircleCI docs, then the private key will automatically be copied to the machine being used by CircleCI when the add_ssh_keys step is run.
Make sure one the server you are trying to SSH into, the public key generated (in ~/.ssh/id_rsa.pub or something similar) is copied to the ~/.ssh/authorized_hosts file on the same server. This crucial step is what allows anybody with the private key (CircleCI) to be allowed into the server.
I can connect using these credentials through ftp but not through ssh.
Timothy#ement MINGW64 ~
$ ssh timothy#mywebsite.com
ssh: connect to host mywebsite.com port 22: Connection timed out
I'm sure this question has been asked a million times before. Does it have anything to do with ssh keys?
I'm using siteground and in the ssh/shell access area i've added this:
t r timothy#mywebsite.com KtV/T4QvP4K9n7Zki9n+ZWp6 0.0.0.0/0 - ALL Remove Key | Add IP | Private Key
any help would be appreciated. Thank you.
Does it have anything to do with ssh keys?
Yes: see the official SiteGround documentation How to use SSH.
you need to enable ssh access and register your public ssh key.
then you can use ssh (provided in your <path-to-git>/usr/bin) in order to access
ssh -p18765 <user>#yourdomain
SiteGround chooses to run its sshd on port 18765, not the default 22.
The siteground tutorials are junk, two out of the three chat support staff I spoke with just referred me to the tutorials when I was attempting to make a connection to my siteground server over ssh.
These are the steps that finally worked:
From the cPanel Advanced section select SSH/Shell Access
Generate a new key using their utility (make note of the password you used for later use).
*** They have a tutorial that should allow you to create a private key on linux then upload the public key to their site. That is "not recommended" and I was unable to get that to work.
Once you have their key listed in the current keys table click the Private Key link
Copy the Private Key to a file in your local .ssh directory (make sure the mask is 0600)
run the following command:
ssh-add
enter the passphrase you used when generating the key using their utility
If you get a response "Identity added: ..." you are all set
you should now be able to use the command:
ssh # -p18765
It doesn't look like they have X11 forwarding enabled though so if you use ssh -X you will get:
X11 forwarding request failed on channel 0
I have used servers on amazon AWS where they send me a public key .pem file and when I ssh in, all I have to do is:
ssh -i key.pem user#server
I now have a server of my own and am trying to figure out how I can do this with my server so I can automate commands to my server via ssh.
I imagine that I need to generate this key on my server and copy it to my client machine. How do I generate this key?
On the client machine you wish to login from, run ssh-keygen. For a quick and easy key, just hit enter on all of the questions. This will create a key pair in ~/.ssh. Specifically, ~/.ssh/id_rsa is your private key (keep this one safe), and ~/.ssh/id_rsa.pub is your public key (okay to distribute).
Copy your public key (~/.ssh/id_rsa.pub) onto the server that you wish to login to (e.g. scp ~/.ssh/id_rsa.pub me#myserver:. On the server, run cat id_rsa.pub >> .ssh/authorized_keys. To make sure that it has the correct permissions, you can run chmod 644 ~/.ssh/authorized_keys. Also, you can now delete the id_rsa.pub file that you copied over.
That's it! You should have password-less login from client to server. You must repeat the process with client and server swapped if you want password-less login from server to client.
Notes:
If the ~/.ssh directory does not exist on your server, the best way to create it is to ssh from the server to some other machine (e.g. the client). This will ensure that it has the correct permissions.
If you are paranoid about someone getting access to the client, you can password protect the key (one of the prompts when running ssh-keygen), but then you will have to enter that password every time you log in. The solution to this problem is to use ssh-agent.
I remember there is a command to send public key to the remote host that I want. I want to use that feature to send one of my public keys to the other host. How can I do that?
You are looking for ssh-copy-id. All this command does is create .ssh and .ssh/authorized_keys and set their permissions appropriately if they don't exist. Then it appends your public key to the end of .ssh/authorized_keys.
You might be looking for this command:
cat ~/.ssh/id_rsa.pub | ssh user#hostname 'cat >> .ssh/authorized_keys'
It appends your public key to the servers authorized keys.
Source
If your server is already set up to not accept password-based login, you might get a Permission denied (publickey) error.
This is another method to send the key, using netcat, so you don't have to authenticate. It will only work over a local network, but you can use port forwarding to do this over the internet.
On the server:
$ nc -l 55555 >> ~/.ssh/authorized_keys
On the client (replace HOSTNAME with the hostname or IP of the server):
$ nc HOSTNAME 55555 < ~/.ssh/id_rsa.pub
You can replace 55555 with an open port of your choice.
source: chat over lan from linux to linux?
Appendix for total newbies: I don't think anyone's mentioned this yet, but if you get ERROR: failed to open ID file '/home/username/.pub': No such file, you need to generate a key first. The Ubuntu help pages have a great guide on Generating RSA Keys.
In other answers there's no example for ssh-copy-id so here it is(first you need to generate the key)
ssh-copy-id user#url