Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I created key pair by command
ssh-keygen -t rsa -N "" -f "C:\ssh2\id_rsa"
After I tried to connect to remoted server by command
ssh -2 -Nv -L 81:192.168.45.12:8989 proxy#host.ru -p 10022 -i "C:\ssh2\id_rsa"
And all finished that server required passphrase
Enter passphrase for key 'C:\ssh2\id_rsa':
But I created key pair without passphrase (-N ""). Why does it require passphrase?
The command issued specified "" - an empty string! - as the passphrase, not generation with no passphrase. (Simply hit "enter" when prompted for the passphrase and viola!)
To generate a key without any passphrase, do not specify the optional -N (passphrase) option when creating a new key or when requesting to change the passphrase (see -p) ..
.. and may the foil-hat gnomes be merciful to you.
I understand that connection happen, but if I click Enter button, console write me
debug1: No more authentification methods to try
Permission denied (publickey, hostbased)
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am trying to SSH to my raspberry pi which is connected under the same router as my computer. It is running the latest version of raspbian lite. I enabled the ssh service on the pi using the command: systemctl enable ssh. However when I try to SSH to my raspberrypi from my personal computer, I get this message:
fahd#Fahd-PC:~$ ssh pi#192.168.1.23
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:***************************************************
Please contact your system administrator.
Add correct host key in /home/fahd/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/fahd/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/home/fahd/.ssh/known_hosts" -R "192.168.1.23"
ECDSA host key for 192.168.1.23 has changed and you have requested strict checking.
Host key verification failed.
fahd#Fahd-PC:~$
And I'm not entirely sure whether this is something real I should be worried about or just me not knowing how to use SSH properly.
For some reason, your terminal has a different key in storage for your Pi. This can be due to several reasons (for example, the ssh package was updated and the SSH host key re-generated on the Pi. Or you changed the IPs on your network. Or you have DHCP and two different clients, and you got the addresses swapped. Or...).
So, it warns you.
Unless you have reasons to believe otherwise, I'd just follow the suggestion:
remove with:
ssh-keygen -f "/home/fahd/.ssh/known_hosts" -R "192.168.1.23"
This communicates inform you that RSA keys on the device has changed it happen when you:
reinstall OS on device
generate new / remove old RSA keys
someone is trying to do MITM attack (very rare in these days)
How to fix it:
Remove saved information about raspberry pi host
sudo vim ~/.ssh/known_hosts
or
sudo vim /etc/ssh/known_hosts
Use ssh-keygen
ssh-keygen -R host_ip
or
ssh-keygen -R host_ip -f path_to_known_hosts
Remove known_hosts
If you have only one host in "known_hosts" file you can just remove it.
sudo rm .ssh/known_hosts
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I want to generate a set of keys for a home server that I would like to SSH into, so I do ssh-keygen -t rsa, but then I get a message: id_rsa already exists. Overwrite (y/n)?
Well, I don't want to overwrite because the keys I have now I use to SSH into my university's servers, and it would be a pain to have to do all that junk again every time I wanted to switch. Is there an easy way to append the keys?
I tried following a tutorial (which I cannot find) that suggesting something about using the cat command, but I am pretty lost. It seems like the solution is something very simple that I'm just not seeing.
You can achieve this by using a config file in your home directory under the .ssh directory:
Generate your key as usual:
ssh-keygen -t rsa
Don't overwrite the default (usually id_rsa). Instead, create a new name. This will create a separate file with your key.
In ~/.ssh create a config file with the following content:
Host * (asterisk for all hosts or add specific host)
AddKeysToAgent yes
UseKeychain yes
IdentityFile <key> (e.g. ~/.ssh/yourKey)
The key is now added to the keychain and can be used!
--
You can use multiple IdentityFiles in your config (Mac example):
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa_private_server
IdentityFile ~/.ssh/id_rsa_github
IdentityFile ~/.ssh/id_rsa_work_server
You can use the same public key on both servers. If you don’t want to do that, just specify a different location than ~/.ssh/id_rsa when ssh-keygen prompts you before that, and use it with an agent:
% ssh-agent sh # Replace with your favourite shell.
$ ssh-add ~/.ssh/id_rsa_2
$ ssh somewhere
$ exit
%
ssh-agent can also be used without starting a new shell as eval $(ssh-agent).
I had the same problem as you and I solved it.
In the terminal is:
"Enter file in which to save the key (/home/you/.ssh/id_rsa): "
Instead of hitting Enter or writing /home/you/.ssh/id_rsa, you write /home/you/.ssh/id_rsa1.
If I remember correctly, I fixed this problem by uninstalling Cygwin and using the command line instead.
You could do as minitech suggested and use the same SSH public key on both servers. To do so, open the file ~/.ssh/id_rsa.pub in your text editor, copy the contents of the file exactly without adding any new spaces or newlines, and add this to the server you want to connect to. If your user name on the server is "user" at IP address 123.45.56.78, use the command "ssh-copy-id user#123.45.56.78", or you can use:
cat ~/.ssh/id_rsa.pub | ssh user#123.45.56.78 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
A client gave me a rsa and ppk file so I can log into their server. Im using OSX Lion and I have all my current server connections in my id_rsa file. How do I add their key so I can login with that?
If the RSA file they gave you is stored in, say, ~/client/foo_rsa.key, you could:
$ ssh -i ~/client/foo_rsa.key username#theirhost.example.com
Storing this sort of configuration in ~/.ssh/config is also a very good idea if you want a more permanent solution.
In ~/.ssh/config, add:
host clienthost
identityfile client/foo_rsa.key
hostname theirhost.example.com
user usernameonhost
You then connect simply with:
$ ssh clienthost
and the settings from the config file control your session.
The spacing above is unimportant and included only for readabilty. Read man ssh_config for details of other things you can put in this configuration file. There's A LOT of stuff you can do, including proxying your connection through other hosts, creating encrypted tunnels (for other protocols like HTTP or SOCKS) on arbitrary ports, etc.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
At work, I can ssh to a server with private keys set up on my work machine.
jake#work$ ssh server
jake#server$
I'm trying to ssh from home to work to server with the private keys. The process should look like this:
jake#home$ ssh work
jake#work$ ssh server
jake#server$
But instead its asking me for a password. If I call ssh server with -v, it shows that its looking for keys .ssh/id_dsa and .ssh/id_rsa but my key is named differently.
I can get into server by specifying the key myself:
jake#home$ ssh work
jake#work$ ssh server -i .ssh/idfoo
jake#server$
How do I get ssh to find the right keys for this two step login process?
You can specify the key using Host+IdentityFile in your ~/.ssh/config on work:
Host server
IdentityFile idFoo
Or just this alone in the config file, to apply a key identity to all sessions:
IdentityFile idFoo
But I can't explain why this is required only when trying to ssh from work->server from a work ssh session.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I'm unable to ssh and rysnc to a remote system. It keeps giving this error message:
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a3:8f:7c:07:c9:12:d8:aa:cd:c2:ba:b3:27:68:bc:c2.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:8
RSA host key for xxx.xxx.xxx.xxx has changed and you have requested strict checking.
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(601) [sender=3.0.8]
I've removed authorized_keys file from /home/user/.ssh.
use the following command which removes the old keys from .ssh/known_hosts file
ssh-keygen -R <host>
The message says "/root/.ssh/known_hosts" not authorized_keys.
Remove that file (or at least the corresponding key) from it and you can go again! But be aware that: There must be a reason why the key changed. Was the system reinstalled? Make sure you check that or the whole idea of ssh is void.
BTW.: Is there a reason you ssh as root?
The message does explain itself:
The remote host identified itself with a key
Your previous copy of the key for that host is different
So there is a chance that the remote host is not who they say they are
If you trust the remote host, you can delete line 8 from your /root/.ssh/known_hosts and ssh will ask you if it can add the new key next time you try to connect
If you don't trust the remote host, you have to contact the host administrators to find out if and why they changed ssh keys. If they haven't it means your traffic is being intercepted
On the other hand, if you really really trust the remote host (eg it is on an intranet), you can run ssh with
-oBatchMode=yes -oStrictHostKeyChecking=no
You can use sed to remove the offending key at line 8 from your known_hosts file:
sed -i -e 8d /root/.ssh/known_hosts
Just do this:
mv .ssh/known_hosts .ssh/known_hosts_old