I have Windows and using cygwin.
I have an Amazon Ubuntu instance I can log in just fine from my system using
ssh -i keyfile \ username#AmazonHost.
However when I ssh to a CentOS server I have at my office and try to SSH to the Amazon instance from there using the same commands I always get a public key error. I have copied my keyfile over and set permissions to chmod 400 just like I did on my Cygwin client. Also on the CentOS I verified I can access the amazon instance over port 22(telnet AmazonHost 22).
Is there some other configuration on the CentOS or Office firewall that needs to be done to allow me to connect to Amazon?
If you get a public key error on one machine and not the other, then the two secret keys are different, even though you think they are the same. (Unless one machine's ssh client is totally broken.)
The file might have been corrupted in transit, but since one of the machines is Windows (though with Cygwin) and the other is Linux, my guess is that something went wrong with line endings when the key was copied from one to the other. The keys are usually encoded as text (that's how Amazon's console does it), and are fairly immune to line ending changes, but this seems to be a possible cause.
How did you transfer the file from one machine to the other? If you can adjust it, try the transfer once in binary mode and once in text mode, to see if either works. Also, just look at the files on each machine in a text editor. Do they look the same?
Related
So I'm using ssh-agent on my host and we use vagrant, virtualbox and other normal tools to setup our environment. At one point, we need to provision new machines (we build appliances) and push our key into that appliance. So far, we had been unprotecting our keys and just copying our id_rsa(.pub)? on the virtual machine. It suited us!
Recently, I started using ssh-agent on my main machine to host my keys with a password (much better obviously) but from time to time, I seem to have problems running ssh-copy-id to copy my id towards the appliance.
Most of the time, I have to just copy my protected key files to the vm and then it works but I'm sure i was able at one point to leave the virtual machine clean from any ssh keys and still use ssh-copy-id to copy my ssh-agent provided identity through the vm. It doesn't seem to be working half of the time.
Am I crazy? What could be the root cause of this? How to I solve this problem to ensure that my SSH protected id is forwarded only from my local agent into the vm and into any other appliance properly?
I have a VM running Windows Server 2016 Technical Preview, and have installed the Containers feature, and then run the Install-ContainerHost.ps1 script from Microsoft's container tools repo
https://github.com/Microsoft/Virtualization-Documentation/tree/master/windows-server-container-tools/Install-ContainerHost
I can now run the Docker Deamon on Windows. Next I want to copy the certificates to a client machine so that I can issue commands to the host remotely. But I don't know where the certificates are stored on the host.
In the script the path variable is set to %ProgramData%\docker\certs.d
The certificates on windows are located in the .docker folder in the current user directory.
docker --help command will show the exact path details
AFAIK there are no certificates generated when you do what you are doing. If you drop certificates in the path you found then it will use them, and be secured. But otherwise there is none on the machine. Which explains why it isn't exposed by default.
On my setup I connected without TLS but that was on a VM that I could only access on my dev machine. Obviously anything able to be accessed over a network shouldn't do that.
Other people doing this are here: https://social.msdn.microsoft.com/Forums/en-US/84ca60c0-c54d-4513-bc02-14bd57676621/connect-docker-client-to-windows-server-2016-container-engine?forum=windowscontainers and here https://social.msdn.microsoft.com/Forums/en-US/9caf90c9-81e8-4998-abe5-837fbfde03a8/can-i-connect-docker-from-remote-docker-client?forum=windowscontainers
When I dug into the work in progress post it has this:
Docker clients unsecured by default
In this pre-release, docker communication is public if you know where to look.
https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress#DockermanagementDockerclientsunsecuredbydefault
So eventually this should get better.
I'm working on a project that requires me to run my code on a remote Unix server, that is not available to connect to directly (you first have to log in to the "gate" node and then to this server).
What's really bad is that they disabled key authentication, so each time I need to ssh into it, I have to type in my password twice. It's really annoying and I wonder what's the best way to transfer my local modifications of source files to this server, compile and run them without having to provide those passwords so many times.
I have no sudo access to any of those servers (neither to this "gate", nor to this target server). Any ideas on how to make the whole process more efficient?
EDIT: Martin Prikryl provided a great answer below, but it's suitable for Windows and I'm on a Mac :) I guess it might be a good thing to have it documented here also for *NIX systems.
You are looking for SSH tunneling.
WinSCP SFTP client supports one-hop SSH tunneling natively.
See the Tunnel page on WinSCP Advanced Site Settings dialog.
I assume that after you transfer the file, you need to open SSH terminal to compile the file.
You may be able to make use of WinSCP Console window for that step.
Alternatively, if you need/want to use a real SSH terminal client, make use of an existing SSH tunnel, created by WinSCP, and connect with PuTTY (or any other SSH client) over it.
In the Local tunnel port of WinSCP Tunnel page, select a fixed port number (instead of the default Autoselect). In PuTTY enter "localhost" to Host Name and the selected port in Port.
(I'm the author of WinSCP)
I have a website in one place which needs to transmit information and ssh to a second server. For security the second place doesn't like ssh in, they want vpn. I have seen postings on here for vpn from android, but is there anything for php under linux?
A command line utility would do it. I want to:
scp a file over, ssh a script, get the output back.
I am using aws java sdk to launch EC2 instances (running Ubuntu 12.04) and run a distributed tool on them, the tool uses openMPI for message passing between the nodes and openMPI uses SSH to connect nodes with each other.
The problem is that the EC2 instances don't authenticate each other for SSH connections by default, this tutorial shows how to set up SSH by generating keys and adding them to nodes, However, when I tried to add the generated key to the slaves using the command
$ scp /home/mpiuser/.ssh/id_dsa.pub mpiuser#slave1:.ssh/authorized_keys
I still got permission denied. Also, after generating new keys, I was not able to log in using the ".pem" key that I got from amazon.
I am not experienced with SSH keys, but I would like to have some way of configuring each EC2 instance (when its firstly created) to authenticate the others, for example by coping a key into each of them. Is this possible and how It could be done?
P.S.: I can connect to each instance once it is launched and can execute any commands on them over SSH.
I found the solution, I added the amazon private key (.pem) in the image (AMI) that I use to create the EC2 instances and I changed the /etc/ssh/ssh_config file by adding a new identity file
IdentityFile /path/to/the/key/file
This made SSH recognize the .pem private key when it tries to connect to any other EC2 instance created with the same key.
I also changed StrictHostKeyChecking to no, which stopped the message "authenticity of host xxx can't be established" which requires users interaction to proceed with connecting to that host.