I have Linux VM on Azure which at first set without SSH keys. which means authentication is made only with password via SSH. I would like to change it now. I tried the way I know, I can login with the keys - but still login with password.
What else did I miss? There is something else?
Thanks
Tried to configure SSH key, disable the 'passwordauthentication'
Change ssh config
Add key via azure portal
Try to following these steps -
Login to your existing azure VM using passwords authentication.
Create new ssh key pair.
ssh-keygen -t rsa -b 2048
Replace ~/.ssh/authorized_keys with ~/.ssh/id_rsa.pub key
mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Save ~/.ssh/id_rsa public key to your local system.
Edit /etc/ssh/sshd_config and make following changes
Change PasswordAuthentication to this:
PasswordAuthentication no
Change PubkeyAuthentication to this:
PubkeyAuthentication yes
Change PermitRootLogin to this:
PermitRootLogin no
Change ChallengeResponseAuthentication to this:
ChallengeResponseAuthentication no
Restart the vm using following command
sudo systemctl restart ssh
I tried to reproduce the same in my environment and got the results like below:
I have created Linux VM on Azure first set without SSH keys only with password via SSH then I tried to authentication to ssh key like below:
Create SSH key pair:
ssh-keygen -t rsa -b 2048
Then, use /home/<user>/.ssh/id_rsa.pub
Enter passphrase: Give your password
Once you enter password RSA will executed successfully like below:
Then try to move to id_rsa to authorized using below script:
`mv/home/<user>/.ssh/id_rsa.pub/home/<user>/.ssh/authorized_keys`
when I run this cmd cat id_rsa I got public key successfully like below
I agree with schine som And save public key open config file with vi and try restart like below:
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no
ChallengeResponseAuthentication no
Related
we have 2 different servers to achieve connectivity, currently we are using password based login, need to disable this password based login & need to use only key based login, where key needs to be generated using ssh-keygen or openssl ? so that i can login like below
ssh -i .ssh/mykey.pem user#host
above command shouldn't prompt for password
i have tried generating using ssh-keygen followed with ssh-copy-id but these are prompting for password every time & also we don't want to setup passwordless connection.
To generate new RSA pair you can use command
ssh-keygen -t rsa
Then in sshd server config you have to setup
PasswordAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
And to your latest question: Did you setup RSA key passphrase during pair generation? If yes user will be asked to enter this password instead of system user password.
When spinning up a linux virtual machine, I have chosen the authentication type as password. Now I want to change to ssh. How to achieve this?
Thanks
You can use Azure portal to reset password, like this:
If you want to change authentication type, you can follow this steps:
1. Create an SSH key pair
ssh-keygen -t rsa -b 2048
2. rename id_rsa.put to authorized_keys
mv /home/user/.ssh/id_rsa.pub /home/user/.ssh/authorized_keys
3.Copy id_rsa to your local, then you can use this key to SSH it.
On my Windows 10, I am running into the problem of not being able to connect to m Vagrant virtual machine via ssh user with public key authentication method at git bash using command such as
$ ssh -v lauser#127.0.0.1 -p 2222 -i ~/.ssh/id_rsa
I would be prompted for password, as if the public key I copied to in the ~/.ssh/Authorized_keys file inside the vm were not seen. Meanwhile,the password authentication method works, as well as 'vagrant ssh'.
I have made sure to
create key pairs locally, create a .ssh directory at the remote, and add pub key string to the remote's .ssh /authorized_keys file; both the .ssh and the .ssh /authorized_keys file are owned by the user(lauser), and set at 700 and 644
edit the /etc/ssh/sshd_config file on vm to use
RSAAuthentication yes
PubkeyAuthentication yes
and restarted the sshd server (with 'sudo service ssh restart').
verify that firewall has been disabled temporarily to eliminate any complication.
verify that there is only one vm running, all others are either in 'suspend' or 'halt' mode.
confirm the file type by 'file ~/.ssh/authorized_keys', and get confirmation '~/.ssh/authorized_keys: OpenSSH RSA public key'
verify that the keys match by comparing the output from 'sudo cat ~/.ssh/authorized_keys' in vm and the output from ' cat ~/.ssh/id_rsa.pub' at the local.
but still I get Permission denied (publickey) when trying to connect through public key authentication.
It sounds like you've done everything correctly so far. When I run in to this problem, it's usually due to directory permissions on the target user's home directory (~), ~/.ssh or ~/.ssh/authorized_keys.
See this answer on SuperUser.
I faced same challenges when the home directory on the remote did not have correct privileges. Changing permissions from 777 to 744 helped me
i need to make passwordless login for same linux server with same user.
[airwide#eir ~]$ hostname -i
10.3.7.73
[airwide#eir ~]$ ssh airwide#10.3.7.73
airwide#10.3.7.73's password:
how can make to passwordless for same server?
Password-free login via SSH is managed using SSH keys. You can generate a keypair using the command ssh-keygen. The ssh keypair is usually stored in ~/.ssh in a pair of files named id_rsa and id_rsa.pub. When you use SSH to connect to a server, the SSH command will look for a private key in ~/.ssh/id_rsa, and will attempt to authenticate using that key. In order to authorize the key, you will need to place the public key into your authorized_keys file:
`cat ~/./ssh/id_rsa.pub >> ~/.ssh/authorized_keys`
Once you've done that, you will be able to use SSH to connect without a password from the server where the id_rsa file is to the server that has the content of id_rsa.pub in its authorized_keys file. (You can do this for same-server, as in your question, or between multiple servers. Either way, it's the same process.)
Add server's private key in known host key under .ssh folder.
You are looking for ssh keys. You can create one by entering ssh-keygen. This wil create a public key and a private key. You place the public key on the remote server, and then you can use SSH without a password.
More details, and howto:
https://wiki.archlinux.org/index.php/SSH_keys
I was referring to http://www.mtu.net/~engstrom/ssh-agent.php
My public key is listed under ~/.ssh/authorized_keys at remote1. During SSH login connect,
it's working fine(loaded my private key under connection-Auth), it asked for passphrase which I provided then login is successful.
But when switching between servers like from remote2, do SSH remote1, it would ask for a password. Trying to set up SSH agent forwarding according to that site but was to no avail...ssh-add never prompts me for private-key-passphrase or was it wrong what i was doing trying to follow the process described?
I basically did
$ eval ssh-agent
$ ssh-add (some do ssh-add ~/.ssh/id_rsa--> wonder wat id_rsa is referring to as I only have the auth_keys file under .ssh)
Saw some resources described to do chmod 600 ~/.ssh/authorized_keys, but not sure if that's applicable to my case.
ssh-agent wrap another command, you can for example wrap a shell
ssh-agent bash
Then, in that shell, you need to add your private key, and type your passphrase :
ssh-add /path/to/your/private/key # (by default : ~/.ssh/id_rsa)
Then, when you use ssh to connect, add the -A option :
ssh -A user#remote1
That's it, your key is forwarded, you can see it if you type (on remote1) :
ssh-add -L
You can now connect to your remote2, using that private key.
Be careful when you use ssh forwarding. Anyone with root access on remote1 could use your identity to connect on remote2 while you are connected.
I am pretty sure that ~/.ssh/authorized_keys must always be chmod 600. This is a sensitive file that must be protected.