I created a Debian VM in the Google Cloud, clicked on SSH from the GCP interface. A console shell opened, no problem, I'm logged in. Now I want to use sudo: it asks me for my current password. What is my password? Also, what is the root password?
The user account created by Google Compute Engine doesn't set a password. As an implication it is impossible to use sudo and most screen-locking apps can't unlock.
To set password follow steps from the documentation:
Connect to the instance using SSH, as you did when you first set up the instance.
Here is the documentation how to connect using SSH.
Create a password for the user:
sudo passwd $(whoami)
Please note that this password will be also used on the screen lock.
Related
I'm hosting my file server on GCP debian 10 virtual machine and I want to create passwordless user so people could publicly download files from his home directory.
So I created new user, removed his password with passwd -d username, changed /etc/ssh/sshd_config file so it would allow this exact user to login with empty password and set chroot jail, restarted ssh service.
Unfortunately, when I'm connection via ssh into this user it still prompts me with a password.
This setup was working on the old server, configs are definitly correct and user definitely does not have password. I guess google implemented some additionl protection that dosen't allow me to do what I want.
Maybe someone had already bumbed into the same problem before?
I reached the support and they said google doesn't support passwordless ssh connections.
I have test linux server created in Azure, is it possible to change the administrator access method from SSH to user/pwd or verse vice? I just started learning Azure and surely it would be better if this could be done through portal.
Can anyone help me with some instruction (ideally with screenshots)?
Thank you very much in advance.
Yes, you can do that. In the VM, you can reset the password with a username and password instead of the SSH public key. But it also needs to SSH to the VM, just use the username and password.
A screenshot for you to take a look:
So I've a VM that has SSH login. In this machine I only want one user ( lets say admin) to be able to login in via SSH.
Ive changed the sshd_config and added the AllowUsers admin directive. The problem is that I can still login to the machine with the user user, for example.
The host is a Ubuntu server and I'm accessing it via vSphere Client.
Is there anything I'm missing here?
I am due to go on application support shortly and one of the steps in order to do that is to verify that I can login to all of our application nodes.
In order to login to an application node, you first need to login to a jumpbox, then from here you need to login to the application node.
All login is done via ssh.
ssh user#jumpbox
ssh user#applicationnode
uname -a - > Verified login
This is going to be a neanderthal task that will occur on roughly 1000 nodes.
Consequently I am trying to automate the process.
I have tried using Fabric library in Python, setting up a gateway to point at the jumpbox, but I still get prompted for password, which would take away from the automation.
Is this automated in the industry by any devops tools?
this has two answers: one for the future, and one for now.
Doing automated remote login correctly
In the future you should generate a public/private key pair, and list the public key in your remote user's .ssh/authorized keys. That will make access password-less, if your local SSH uses the right private key to authenticate:
rsa-keygen -t rsa -f deploykey
cp deploykey .ssh/id_rsa
#and insert the content of deploykey.pub into the remote user's .ssh/authorized keys
Doing mass access using password
Now, I don't know which OS you're using, but just assuming you're using a linux or *BSD
http://sourceforge.net/projects/sshpass/ will allow you to non-interactively supply your password.
In ssh, it is possible to set up passwordless logins to a remote user, using only public key authentication. Out of curiosity, what is actually going on code-wise, when passwordless login has been set up?
Is the ssh-server daemon storing user passwords, and then applying them automatically, when they have authenticated a public key, or can the ssh-server, using some system-call magic, circumvent the password authentication procedure of a user account entirely?
The ssh server daemon is typically running as root (or another privileged user), and can thus simply spawn a login session running as whichever user is required. No password involved.
Other things that work in a similar manner are the -u flag for sudo, and the su command when already running as root.
The sshd (SSH daemon) process runs privileged on your server (e.g. root), so after it successfully completes authentication, it spawns a login shell as the user logging in.
You are starting from the point of assuming a password is a requirement for authentication. But it is really only one way there. On modern Linux the PAM subsystem controls authentication and authorization. You could make a PAM module that allowed you to login if you answered three questions correctly. Or know the right number. Or to be even more outlandish your "password" could be a music sequence entered over a MIDI device :-)
Something needs to tie your entered name with a Unix UID and then match that to an authentication mechanism. SSH is doing this by:
taking the name you provide and getting the "password entry" for it via PAM
using the "password entry" to locate the $HOME of the user
validate the SSH key in $HOME/.ssh/authorized_keys against the key sent in the authentication
If all of the above works, start a shell as the UID of the user
As you can see this process is not going around password authentication. Password authentication is simply one of the ways in the door. We are accustomed to this method via 'login' or ssh exposing a password prompt. But there are many ways. The core requirement is the program performing the authentication has root privileges.
Everyone already mentioned that sshd runs as a privileged daemon.
So how does passwordless public key authentication works?
When a user connects to sshd, by default unless configured otherwise, sshd will require the remote connection to present a key. In the absence of the key, sshd will attempt to ask for other methods of proof of identity of the remote user, one of which is interactive password.
Before one can start using passwordless public key authentication, one must register his public key. This usually involves copying public key to user's .ssh/authorized_keys file. There is a cli ssh-copy-id that can do exactly this.
How does private/public key authentication works then? When a user connects to ssh daemon, the ssh client will read the user's private key, usually stored in .ssh under different filenames such as id_rsa or identity or id_dsa. The ssh client will generate the public key from the private key and present the public key to sshd. The sshd daemon will compare the received public key against the user's authorized_keys. If a match is found, the connection is allowed. Then sshd will spawn a process and a shell and will drop the provileges to the user's privilege.