Good day, I'm trying to figure out how to get a user to ssh into openWRT with only a key.
I followed these instructions:
https://wiki.openwrt.org/oldwiki/dropbearpublickeyauthenticationhowto.
In short:
On a Linux box:
If you haven't already got a
.ssh/id_dsa.pub
ssh-keygen -t dsa
scp ~/.ssh/id_dsa.pub root#192.168.1.1:/tmp
On openWRT:
cd /etc/dropbear
cat /tmp/id_*.pub >> authorized_keys
chmod 0600 authorized_keys
When I try and ssh in, I get this error:
authpriv.warn dropbear[2085]: Pubkey auth attempt with unknown algo for 'MyUser' from 1.2.3.4:11111
I have tried generating a RSA key too, same result.
I can log in as the user using a password:
authpriv.notice dropbear[2089]: Password auth succeeded for 'MyUser' from 1.2.3.4:11111
Maybe it's the problem of the OpenWRT version.
Try ${HOME}/.ssh/authorized_keys instead.
Related
we have 2 different servers to achieve connectivity, currently we are using password based login, need to disable this password based login & need to use only key based login, where key needs to be generated using ssh-keygen or openssl ? so that i can login like below
ssh -i .ssh/mykey.pem user#host
above command shouldn't prompt for password
i have tried generating using ssh-keygen followed with ssh-copy-id but these are prompting for password every time & also we don't want to setup passwordless connection.
To generate new RSA pair you can use command
ssh-keygen -t rsa
Then in sshd server config you have to setup
PasswordAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
And to your latest question: Did you setup RSA key passphrase during pair generation? If yes user will be asked to enter this password instead of system user password.
How to know the SSH key's length?
I'm getting the following error for my git pull just recently,
$ git pull
> GitLab: Your SSH key must be at least 2048 bits.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
where everything had been working fine before.
Instead of guessing (or trial-n-error) which key is the culprit, is it possible to list all my SSH keys' length?
UPDATE:
Only git pull is giving me above error. I.e., my public key is still fine:
$ ssh -T git#salsa.debian.org
Welcome to GitLab, #myid-guest!
The ssh-keygen -lf might not be the answer, as I'm following https://docs.gitlab.com/ee/ssh/, who recommends to use ed25519 as default key, and who also instructs that, to generate a new ED25519 SSH key pair, do ssh-keygen -t ed25519 -C "email#example.com". However, my ssh-keygen -lf reports that
$ ssh-keygen -lf id_ed25519.pub
256 SHA256:PO2bk6B...
It is unlikely that the recommend ED25519 SSH key is only 256 bits long.

Can you try
ssh-keygen -lf keygen.pub
You might have accidentally deleted the public key that Gitlab uses to authenticate you.
I would recommend contacting them, otherwise look up into it.
Linux environment: Debian 9.1, with Gnome desktop
I have both ECDSA and ED25519 identities, but from command line, ssh-add command gives error:
Could not add identity
How to solve?
according to:
https://bugzilla.gnome.org/show_bug.cgi?id=641082#c22
the bug is relative to gnome-keyring support with ECDSA keys.
The fix which works for me is:
mkdir -p ~/.config/autostart
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/
echo "X-GNOME-Autostart-enabled=false" >> ~/.config/autostart/gnome-
keyring-ssh.desktop
After reboot, ssh-add works correctly from command line:
marco#cluster:~$ ssh-add
Enter passphrase for /home/marco/.ssh/id_rsa:
Identity added: /home/marco/.ssh/id_ecdsa (/home/marco/.ssh/id_ecdsa)
Identity added: /home/marco/.ssh/id_ed25519 (marco#cluster)
I am copying files to another server and I have this command:
scp -r "${inclr}" utzfin#utzfin1:"${backuppath}/${time_stamp}"
scp -r "${podout}" utzfin#utzfin1:"${backuppath}/${time_stamp}"
I keep getting a password prompt. is there a way of passing the password only once and the rest of the Commands executes without asking for password?
In this case sharing the ssh key of the target on source server or vice versa will do the needful and it will not ask for the password.
With below command you can generate the ssh key for the user and then share the id_rsa.pub key on another server.
ssh-keygen -t rsa
Command to share the key :-
ssh-copy-id -i ~/.ssh/id_rsa.pub username#hostname
I have the vagrant virtual machine running.
I can ssh into it using ssh vagrant#192.168.0.28 then it ask me the pass phrase for the private key , which I can enter and then it logs me in.
but if I use:
ansible all -m ping
then I get this:
192.168.0.28 | FAILED => FAILED: ssh moor#192.168.0.28:22 : Private key file is encrypted
To connect as a different user, use -u <username>.
How can I enter pass phrase in ansible?
I tried ansible -k but it says authentication failed.
Try using ssh as the transport. Generally, Ansible uses paramiko which is not as friendly for interactive sessions:
ansible all -c ssh -m ping
If that doesn't work, I didn't see anything on running Ansible with an ssh key pass phrase on the documentation or in the code, so you might have to remove it with something like this:
openssl rsa -in private_key_with_pass_phrase -out private_key_without_pass_phrase
i have tried
cd ~/.ssh/
openssl rsa -in id_rsa -out id_rsa_without_pass_phrase
and got error
unable to load Private Key
routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
solution was to run this command:
cd ~/.ssh/
ssh-keygen -p -f id_rsa -m PEM