Im trying to setup the passwordless SSh Login like the one stated here
I was able to generate the SSH Key Successfully
ssh-keygen
But when I'm doing this
cat ~/.ssh/id_dsa.pub | ssh user#xxx.xxx.xxx.xxx 'cat >>
~/.ssh/authorized_keys'
it gave me this error
Pseudo-terminal will not be allocated because stdin is not a terminal
ssh : xxx.xxx.xxx.xxxcat >> ~/.ssh/id_rsa.pub | ssh
user#xxx.xxx.xxx.xxx 'cat >>> ~/.ssh/authorized_keys'
I tried to setup passwordless SSH without getting this kind of error but its not working because it is still asking for password. And according to the author of this article, SSH-copy-id has 3 issues which most probably the reason why It still asking for password.
Any ideas?
Note: machines are running on CentOS
Try:
cat ~/.ssh/id_dsa.pub | ssh -t -t user#xxx.xxx.xxx.xxx 'cat >> ~/.ssh/authorized_keys'
-t -t option to force pseudo-tty allocation even if stdin isn't a terminal.
Related
To establish an SSH connection between my PC (Linux) and server (Linux) I have to enter the password of the user.
ssh USER#<IP-Address>
Now I want to replace the password with FIDO2. For this I have executed the following commands on my PC and followed the instructions.
ssh-keygen -t ed25519-sk -O resident -O application=ssh:YourTextHere -f ~/.ssh/id_mykey_sk`
and
ssh-copy-id -i ~/.ssh/id_mykey_sk.pub USER#<IP-Address>
Now I have the problem when I try to establish the SSH connection it still asks for the password instead of the FIDO2 stick. What could be the reason for this?
I found out, that when I run the commands
eval `ssh-agent -s`
and
ssh-add -K
it works as expected.
Establish a connection to my server via
ssh USER#<IP-Address>
will now work with the FIDO2 key.
When first enter a sudo ssh localhost we always get a note like:
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:u0q6ow7gfu4IvqfGOytZB6MKjO479AUr9hulSqO/dy4.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
And I want to skip this step.
I have try follow(with sshpass):
ssh-keygen -t rsa -P '' -f ~/.ssh/deploy_rsa<<<y
cat ~/.ssh/deploy_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
sudo ssh-keyscan localhost>>~/.ssh/known_hosts
Well it seems just works in ssh localhost, but not in sudo ssh localhost.
So is there any reliable way to access my goal?
ssh -o StrictHostKeyChecking=no localhost
Or for something more permanent, create or modify your ~/.ssh/config with this:
Host localhost
StrictHostKeyChecking no
Also you should know that this process opens you up to MITM attacks (not on localhost obviously) and shouldn't be done on any important server.
I am currently developing some work in clients and servers application and my college allows us to use their machines (linux) to host and test the apps.
My problem is that every single time I want to ssh into the machine the server prompts me to insert the password. I managed to use the information here to use a key in order to login but it still asks me for my password into the machine.
Using Putty I can save my password and login straight, is there anyway to do this using this command:
ssh -t (myUser#theSSHLink) -p 22
via Git Bash?
try:
USERHOST="myUser#theSSHLink"
cd ${HOME}
if [ ! -f ".ssh/id_rsa" ]; then
ssh-keygen -t rsa
fi
ssh $USERHOST mkdir -p .ssh
cat .ssh/id_rsa.pub | ssh $USERHOST 'cat >> .ssh/authorized_keys'
Running the above will ask for your password (from the user#host) twice. Afterwards, it shouldn't ask for a password when you try to ssh.
In our environments, we have several servers in production. Every time I want to search for something, it may be in 1 of 4 different servers.
I am creating a script to automate this search, so that I directly know which server is involved.
I am connecting through a jumphost.
So far the following command works fine :
$ ssh -oProxyCommand="ssh -W %h:%p user#jumphost" user#server "ls"
Now, because I have to run this several times, I am searching for a way to only have to use the password once.
Both the jumphost and the server require the same password, and public keys are not an option (not allowed, I literally cannot do it).
I have been reading about sshpass for this and am trying this :
$ sshpass -p password ssh -oProxyCommand="ssh -W %h:%p user#jumphost" user#server "ls"
(I know -p is not safe and will use -e of -f as soon as I am successful with this step).
When I do this, I can login in both systems but the command returns before I see the result of ls.
I have tried to have the -t option to ssh without any success.
I have also tried the -J option from ssh, with the same results (command returns without returning any results).
$ sshpass -p password ssh -J user#jumphost user#server "ls"
Any suggestions?
EDIT:
Solution was to use sshpass twice :
$ sshpass -p password ssh -oProxyCommand="sshpass -p ssh -W %h:%p user#jumphost" user#server "ls"
Try running ssh in verbose mode:
ssh -vvv -oProxyCommand="ssh -W %h:%p user#jumphost" user#server "ls"
I'm sure it will show something of interest. A hook with which you can figure this out.
I've setup 2 Google Compute Engine instances and I can easily SSH in both of them by using the key created by gcloud compute ssh command. But when I try the following...
myself#try-master ~] ssh-keygen -q -t rsa -N "" -f ~/.ssh/id_rsa
myself#try-master ~] cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
myself#try-master ~] chmod 0600 ~/.ssh/authorized_keys
myself#try-master ~] ssh-copy-id -i ~/.ssh/id_rsa.pub myself#try-slave-1
... it does not work, and ssh-copy-id shows the message below:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
If I copy the google_compute_engine private and public key on try-master, and can use it to log on both instances, but I find unsatisfactory to move a private key over the network. I guess this is somewhat related to this topic:
How can this be solved?
[1] https://cloud.google.com/compute/docs/instances#sshbetweeninstances
Using CentOS7 images, and a CentOs7 as local host:
gcloud compute instances create try-master --image centos-7
gcloud compute instances create try-slave-1 --image centos-7
This can be solved by using authentication forwarding during initial SSH keys setup:
Set up authentication forwarding for once on local machine (note the "-A" flag). First you need to run:
eval `ssh-agent -s`
And then
ssh-add ~/.ssh/google_compute_engine
gcloud compute ssh --ssh-flag="-A" try-master
Perform the steps above (from keygen to ssh-copy-id)
myself#try-master ~] ssh-keygen -q -t rsa -N "" -f ~/.ssh/id_rsa
myself#try-master ~] cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
myself#try-master ~] chmod 0600 ~/.ssh/authorized_keys
myself#try-master ~] ssh-copy-id -i ~/.ssh/id_rsa.pub myself#try-slave-1
myself#try-master ~] exit
Login again into try-master without SSH authentication forwarding:
gcloud compute ssh try-master
myself#try-master ~] ssh myself#try-slave-1
myself#try-slave-1 ~]
Initial approach didn't work because GCE instances only allow public key authentication by default. So, ssh-copy-id is unable to authenticate against try-slave to copy the new public key, because there is no public key configured in try-master available in try-slave yet.
Using authentication forwarding, the private key from your local machine is forwarded from your local machine to try-master, and from there to try-slave. GCE account manager in try-slave will fetch the public key from your project metadata and thus ssh-copy-id will be able to copy work.