Permission denied (public key) on ssh connection to a docker - linux

I am trying to setup an ssh connection to a docker using ssh keys, i have used ssh_keygen and copied the .pub file to ~/.ssh/authorized_keys in the container, however i get the following error on connection
me#172.17.0.2: Permission denied (publickey).
I have done this following the ssh manual page so I struggle to understand why my keys wont pass.
Container side my home is set as /root, which is why I put it in the /root/.ssh/authorize_keys folder.
I also modified the sshd_config file following options:
PermitRootLogin yes
PasswordAuthentication no
PermitEmptyPasswords no
I had tried setting PermitEmptyPasswords and PasswordAuthentication to yes but would still be refused login if i just gave an empty string as password.
What am i missing here?

Related

Unable to connect to GIT repository from one of the linux server

When I try to clone the repository in Linux machine I am facing the below issue
-bash-4.1$ git clone
ssh://xxxxx#alm.oraclecorp.com:2222/epm_pbcs_15318/pbcs.git
Initialized empty Git repository in /home/xxxx/testgit/pbcs/.git/
Permission denied (keyboard-interactive,publickey).
fatal: The remote end hung up unexpectedly
Note:- I have added public ssh key in the repository
I have generated a key in my Linux machine using
ssh-keygen -t rsa -C "email#gmail.com"
and later on, copied the public key to alm where the GIT is hosted.
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwVM4haHIEOk6P7+h4xEDyZBrGjSLx53jNFE1AqMNWnPKWwxpGX5w4l/B0WJpP7G9gLJaZPw9loSEDDr3mGx5bRi3D8k6EFgFMpctALJlKTHFW1x47A1Z+0h2GZUvL5WZj1ZXicvpbHRxX5B+FB8s+b2d3uvwVVl26lIK3f6K2iUiRePlUH/1TPBTk/kzxvDBZQCRQKxM4Zb13S7b9WJcxt85g3+jCIebDbAaswUmIeWicM+BREmcP75ZV6ZEF1cBB54TvMrygsTzJacQS6/IsobOaZpWM7iVXTnEGjFh8iKCA5VacMMEt+QR8kc/CGOm1ujcNFbK6hikp2CpSOo4wQ== email#gmail.co
Please help me if there is any way to fix it
I think your problem is that you are not using your private key to connect to that repository.
The easiest way to do it is by adding the following lines to either ~/.ssh/config or /etc/ssh/ssh_config, please be careful and add the lines at the beggining of the file, * configuration must be at the end of the /etc/ssh/ssh_config (if you use this file for configuration):
Host alm.oraclecorp.com
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
IdentityFile YOUR_PRIVATE_KEY_LOCATION
Port 2222
User YOUR_USER
REMEMBER TO EDIT YOUR_PRIVATE_KEY_LOCATION AND YOUR_USER with your data
Let me know if this worked.
BR

Upload crt to ec2 running Amazon Linux

I have an ec2 running Amazon Linux. I have a crt and need to upload it to /etc/pki/tls/certs.
SFTP says permission denied, and I can't change the permissions.
I have an SSH connection, but I don't know how to upload a file via the terminal.
I looks at recommendations involving scp and tried...
scp custom.crt ec2-user#ip-172-31-1-182:/etc/pki/tls/certs
I got...
The authenticity of host 'ip-172-31-1-182 (172.31.1.182)' can't be established.
ECDSA key fingerprint is xxxxxxxxx
ECDSA key fingerprint is xxxxxxxxx
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ip-172-31-1-182,172.31.1.182' (ECDSA) to the list of known hosts.
Permission denied (publickey).
lost connection
Is there something wrong in my scp command?
Is there an alternative?
by default ec2-user doesn't have permission to write any file in /etc/pki/tls/certs location. you can simply scp the cert to home of ec2-user or in /tmp directory. after that ssh to the server and use sudo to copy/move the file in /etc/pki/tls/certs location.
Below is command for the same:
scp custom.crt ec2-user#ip-172-31-1-182:/home/ec2-user
ssh ec2-user#ip-172-31-1-182
sudo mv custom.crt /etc/pki/tls/certs

Ansible amazon linux Permission denied (publickey)

I am new to ansible. Tried to configure it in amazon linux instance to learn basic things about ansible. After ansible installation i have created a ssh key pair using command ssh-keygen. Once it is generated I tried to run the command " ssh-copy-id localhost" but it ended with below error,
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Permission denied (publickey).
Could someone guide me to resolve this.
ssh-copy-id localhost
won't work if you don't have password authentication enabled in the ssh server on localhost.
If you need to set up pubkey authentication without allowing password authentication, just copy the public key locally (since it is localhost):
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
# make sure the SELinux labels are correct:
type restorecon && restorecon -F .ssh .ssh/authorized_keys

Define a set keyfile for Ubuntu to use when SSHing into a server

I have two Amazon EC2 Ubuntu instances. When I connect to one of them, I can do
ssh ubuntu#54.123.4.56
and the shell uses the correct keyfile from my ~/.ssh directory.
I just set up a new instance, and I'm trying to figure out how to replicate that behavior for this new one. It's a minor thing, just driving me nuts. When I log in with:
ssh -i ~/.ssh/mykey.pem ubuntu#54.987.6.54
it works fine, but with just
ssh ubuntu#54.987.6.54
I get:
Permission denied (publickey).
I have no idea how I managed to get it to work this way for the first server, but I'd like to be able to run ssh into the second server without the "-i abc.pem" argument. Permissions are 600:
-r-------- 1 mdexter mdexter 1692 Nov 11 20:40 abc.pem
What I have tried: I copied the public key from authorized_keys on the remote server and pasted it to authorized_keys on the local server, with mdexter#172.12.34.56 (private key) because I thought that might be what created the association in the shell between that key and that server for the shell.
The only difference I can recall between how I set up the two servers is that with the first, I created a .ppk key in PuTTy so that I could connect through FileZilla for SFTP. But I think SSH is still utilizing the .pem given by Amazon.
How can I tell the shell to just know to always use my .pem key for that server when SSHing into that particular IP? It's trivial, but I'm trying to strengthen my (rudimentary) understanding of public/private keys and I'm wondering if this plays into that.
You could solve this in 3 ways:
By placing the contents of your ~/.ssh/mykey.pem into ~/.ssh/id_rsa on the machine where you are ssh'ing into 2nd instance. Make sure you also change the permissions of ~/.ssh/id_rsa to 600.
Using ssh-agent (ssh-agent will manage the keys for you)
Start ssh-agent
eval `ssh-agent -s`
Add the key to ssh-agent using ssh-add
ssh-add mykey.pem
Using ssh-config file:
You could use ssh config file. From the machine where you are trying to ssh, keep the following contents in the ~/.ssh/config file (make sure to give this file 600 permissions):
Host host2
HostName 54.987.6.54
Port 22
User ubuntu
IdentityFile ~/.ssh/mykey.pem
Once you do that now you could access do the ssh like this:
ssh host2
After performing any of the above steps you should be able to ssh into your second instance with out specifying the key path.
Note: The second option requires you to add the key using ssh-add every time you logout and log back in so to make that a permanent injection see this SO question.

Permission denied when cloning git repository

So I just setup an Amazon EC2 instance. And installed git..
sudo yum install git
I then set up my ssh key with github. Now when I try to clone my repo into /var/www/html folder i get this error..
fatal: could not create work tree dir 'example.com'.: Permission denied
and when I run as root...
Cloning into 'example.com'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
But I made sure that my github public key matches my ~/.ssh/id_rsa.pub key. Is there something that I'm missing here?
Your first error is because your user does not have access to write to /var/www/html . You could give your user permissions to do so.
Your second error when running as root, is likely that you have your ssh keys in your user home directory, not in /root/.ssh/ , or that your .ssh directory or the ~/.ssh/id_rsa.pub key file have improber permissions. ~/.ssh/ should have the permission bits 0700 , and should have ~/.ssh/id_rsa.pub e.g. 0600
Note: this fix works for Mac users
Incase of macOS 10.12.2 or later, you will need to modify your ~/.ssh/config file to automatically load keys into the ssh-agent and store passphrases in your keychain.
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/<your_id_rsa>
Add your SSH private key to the ssh-agent and store your passphrase in the keychain. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsa in the command with the name of your private key file.
ssh-add -K ~/.ssh/<your_id_rsa>
For more information please review
https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
Have you tried this:
git: fatal: Could not read from remote repository
You can specify the username that SSH should send to the remote system as part of your remote's URL. Put the username, followed by an #, before the remote hostname.
git remote set-url website abc#***.com:path/to/repo
Is the id_rsa private key in ~/.ssh/id_rsa the pair to you public key (~/.ssh/id_rsa.pub) ?
If it's not (or you're not sure) I suggest you regenerate a new private/public key pair with ssh-keygen -t dsa.
My solution matches that of nos. Adding the public key of the root user fixes it. Another option would be changing the permission of the directory and executing the command as a regular user.

Resources