Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
At work, I can ssh to a server with private keys set up on my work machine.
jake#work$ ssh server
jake#server$
I'm trying to ssh from home to work to server with the private keys. The process should look like this:
jake#home$ ssh work
jake#work$ ssh server
jake#server$
But instead its asking me for a password. If I call ssh server with -v, it shows that its looking for keys .ssh/id_dsa and .ssh/id_rsa but my key is named differently.
I can get into server by specifying the key myself:
jake#home$ ssh work
jake#work$ ssh server -i .ssh/idfoo
jake#server$
How do I get ssh to find the right keys for this two step login process?
You can specify the key using Host+IdentityFile in your ~/.ssh/config on work:
Host server
IdentityFile idFoo
Or just this alone in the config file, to apply a key identity to all sessions:
IdentityFile idFoo
But I can't explain why this is required only when trying to ssh from work->server from a work ssh session.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am trying to SSH to my raspberry pi which is connected under the same router as my computer. It is running the latest version of raspbian lite. I enabled the ssh service on the pi using the command: systemctl enable ssh. However when I try to SSH to my raspberrypi from my personal computer, I get this message:
fahd#Fahd-PC:~$ ssh pi#192.168.1.23
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:***************************************************
Please contact your system administrator.
Add correct host key in /home/fahd/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/fahd/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/home/fahd/.ssh/known_hosts" -R "192.168.1.23"
ECDSA host key for 192.168.1.23 has changed and you have requested strict checking.
Host key verification failed.
fahd#Fahd-PC:~$
And I'm not entirely sure whether this is something real I should be worried about or just me not knowing how to use SSH properly.
For some reason, your terminal has a different key in storage for your Pi. This can be due to several reasons (for example, the ssh package was updated and the SSH host key re-generated on the Pi. Or you changed the IPs on your network. Or you have DHCP and two different clients, and you got the addresses swapped. Or...).
So, it warns you.
Unless you have reasons to believe otherwise, I'd just follow the suggestion:
remove with:
ssh-keygen -f "/home/fahd/.ssh/known_hosts" -R "192.168.1.23"
This communicates inform you that RSA keys on the device has changed it happen when you:
reinstall OS on device
generate new / remove old RSA keys
someone is trying to do MITM attack (very rare in these days)
How to fix it:
Remove saved information about raspberry pi host
sudo vim ~/.ssh/known_hosts
or
sudo vim /etc/ssh/known_hosts
Use ssh-keygen
ssh-keygen -R host_ip
or
ssh-keygen -R host_ip -f path_to_known_hosts
Remove known_hosts
If you have only one host in "known_hosts" file you can just remove it.
sudo rm .ssh/known_hosts
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I created key pair by command
ssh-keygen -t rsa -N "" -f "C:\ssh2\id_rsa"
After I tried to connect to remoted server by command
ssh -2 -Nv -L 81:192.168.45.12:8989 proxy#host.ru -p 10022 -i "C:\ssh2\id_rsa"
And all finished that server required passphrase
Enter passphrase for key 'C:\ssh2\id_rsa':
But I created key pair without passphrase (-N ""). Why does it require passphrase?
The command issued specified "" - an empty string! - as the passphrase, not generation with no passphrase. (Simply hit "enter" when prompted for the passphrase and viola!)
To generate a key without any passphrase, do not specify the optional -N (passphrase) option when creating a new key or when requesting to change the passphrase (see -p) ..
.. and may the foil-hat gnomes be merciful to you.
I understand that connection happen, but if I click Enter button, console write me
debug1: No more authentification methods to try
Permission denied (publickey, hostbased)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I want to rsync to a cluster node to which I usually connect passing through another system:
Say I connect first to
ssh user#bridge
and from there to
ssh user#clusternode
Now I want to rsync from my workstation to clusternode. I do the following:
I open a ssh tunnel
ssh -L8000:clusternode:8000 user#bridge
I rsync from my workstation to clusternode
rsync -e "ssh -p8000" source user#localhost:destination
and it does not work, I get
ssh_exchange_identification: Connection closed by remote host
Why does it not work? What do I have to do?
I have found a lot of information here:
http://toddharris.net/blog/2005/10/23/rsyncing-through-an-ssh-tunnel/
I think to understand that my problem is the second authentication between the bridge and the destination, so I changed to method 2 that is also not very elegant, but it works. I would like to try method 3, but I don't know how to configure a rsync daemon
Try this one-liner:
rsync -av -e "ssh -A root#proxy ssh" ./src root#target:/dst
Here's what worked for me.
I run a command in the background to tunnel to the remote host:
ssh -N -L 2222:remote.example.com:22 bridge.example.com&
then I rsync to localhost like this:
rsync -auve "ssh -p 2222" . me#localhost:/some/path
You should connect to the port 22 of clusternode, so the tunnel should look like
ssh -L localhost:8000:clusternode:22 user#bridge
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I spent to much time trying to do something which in plain words looks simple
I am at home, without firewall and all open ports. I need to ssh to the router at work where I have access to ssh port 22. My personal machine is on that subnet having internal ip address. So, what I need to do is to ssh from one machine to the second and from the second to the third. On the third I need to execute another ssh which tunnels some ports to my home machine. All that in bash script from my home. I have tried many solutions on the internet but nothing works.
The whole ideal is to get to my PC at work and run ssh tunnel for port 22 which will allow me to sshfs my work PC.
I could do it manually, by sshing to the router, that form the router to the work pc and then execute the ssh tunnel. I need a one-click solution.
Thanks in advance!
Have you tried just stacking the ssh commands like ssh -t localhost ssh localhost be sure to add the -t option for each hop except the last one ssh -t localhost ssh -t localhost ssh localhost
Maybe try VNC? With the right setup/port forwarding, you wouldn't have to jump from 1 PC to the next.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
A client gave me a rsa and ppk file so I can log into their server. Im using OSX Lion and I have all my current server connections in my id_rsa file. How do I add their key so I can login with that?
If the RSA file they gave you is stored in, say, ~/client/foo_rsa.key, you could:
$ ssh -i ~/client/foo_rsa.key username#theirhost.example.com
Storing this sort of configuration in ~/.ssh/config is also a very good idea if you want a more permanent solution.
In ~/.ssh/config, add:
host clienthost
identityfile client/foo_rsa.key
hostname theirhost.example.com
user usernameonhost
You then connect simply with:
$ ssh clienthost
and the settings from the config file control your session.
The spacing above is unimportant and included only for readabilty. Read man ssh_config for details of other things you can put in this configuration file. There's A LOT of stuff you can do, including proxying your connection through other hosts, creating encrypted tunnels (for other protocols like HTTP or SOCKS) on arbitrary ports, etc.