We have small array of GPDB Cluster. We have recently upgraded the GPDB and configured the GCC web portal. In that, we noticed Our machines is still showing password at the time of SSH .
We tried following Document commands on greenplum machine:
http://www.servermom.org/passwordless-ssh-login/1608/
Unable to get passwordless SSH at root user from windows to linux machine.
Though,We have ability to do passwordless SSH from Linux to linux machine in gpdb cluster.
Trying to secure shell for greenplum from windows to linux:
Password-less Login: Windows (via Putty) to Linux(greenplum)
Is there any standard way or steps to perform Login via SSH without prompt of password. and from which user should we need to perform all these activities.
Any Help on it would be much appreciated ?
Thanks for asking this question, I never thought of this..
Here is what I did and It worked for me.
Open Putty Key Generator
Generated Key and copy it into .ssh/authorized_keys (Make sure you are copying complete key)
chmod -R 700 .ssh/
Save public and private keys (See Image)
Now open putty and provide user#hostname
In Category goto Connection > SSH > Auth and load private key (.ppk file) you have saved from Putty Key Generator
- Save the session and open
A couple things to watch out for:
~gpadmin/.ssh directory and ~gpadmin/.ssh/authorized_keys should have 700 and 600 permissions, respectively:
$ ls -lda ~gpadmin/.ssh
drwx------ 15 gpadmin gpadmin 510 May 27 11:43 /home/gpadmin/.ssh
$ ls -l ~gpadmin/.ssh/authorized_keys
-rw------- 1 gpadmin gpadmin 4496 Dec 2 11:12 /home/gpadmin/.ssh/authorized_keys
When you connect with Putty, try enabling verbose output to be sure it is using the matching private key for the public key you've added to the Greenplum authorized_keys file.
You can also look in the /var/log/secure log file to see what the Greenplum server's SSHD process is doing for more clues.
Related
I'm unable to ssh into my EC2 instance, seems to be an issue with the permission level of the ssh .pem file I'm passing to ssh, googling around this seems to be a problem many others have faced but their solutions didn't work for me.
Here is what I tried, someone please help...
Atempt 1:
asemani$ ssh -i ~/.ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0777 for '.ssh/secure.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key ".ssh/secure.pem": bad permissions
Permission denied (publickey).
Attempt 2:
asemani$ chmod 600 ~/.ssh/secure.pem
asemani$ ls -l ~/.ssh/
total 56
-rw-r--r-- 1 asemani CORP\Domain Users 782 Apr 29 11:14 config
-rw-------# 1 asemani CORP\Domain Users 1696 Apr 29 21:32 secure.pem
asemani$
asemani$ ssh -i .ssh/secure.pem root#54.210.0.1
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system. Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.
All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
Permission denied (publickey).
I don't get the warning anymore but Permission is still denied. I then also tried doing a chmod 400 on the .pem file but that also didn't work. I won't paste that here since that may be overkill.
What is happening here? How can I ssh into my ec2? This should be a simple thing??
Change permission to chmod 400 ~/.ssh/secure.pem
Are you able to login as the default user using your pem key? For Ubuntu instances, default user should be ubuntu; for most other instances it should be ec2-user. If you're able to login as the default user, chances are that root isn't allowed for ssh login. To change that, login as the default user and do the following:
# Edit sshd_config and modify 'PermitRootLogin XX' to 'PermitRootLogin yes'
sudo vi /etc/ssh/sshd_config
# Reload sshd configuration
sudo service sshd reload
NOTE: This only serves as a how-to. It's generally not recommended to allow root login over ssh for security reason.
You need to launch the instance through your AWS EC2 management console. Once it is launched, copy the public DNS IPv4 and paste it after the linux distribution name being used (e.g. ubuntu#IPv4). Also, make sure you are working in the directory that houses your private access key.
For clarification, once your EC2 instance is launched and you're in the directory that holds your private access key, type in the following in the command-line:
ssh -i private_access_key.pem linux#IPv4
to windows users can change the premise of files through wsl doing this:
Edit or create (using sudo) /etc/wsl.conf
[automount]
options = "metadata"
Restart wsl: (powershell)
PS Get-Service LxssManager | Restart-Service
and finally, do:
chmod 400 key.pem
I am running a Debian 7 Wheezy server and are having problems with connecting to other servers over SSH. This problem only occurs while running SSH through crontab, and not otherwise (logged in as the same user of course).
While running a ssh command as this user through crontab, I get the following problem:
Host key verification failed.
I have removed the ~/.ssh/known_hosts file and manually connected to the server in order for the host key to be correct.
When running SSH with the -v flag, I get the following:
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
If i list /dev/tty it has 666 permissions:
crw-rw-rw- 1 root root 5, 0 Jun 21 15:49 /dev/tty
I have also manually set the permissions to 666 after I listed /dev/tty in order to be entirely sure.
Why does SSH say it can't read /dev/tty? I've been exploring this for weeks and havn't found an answer. Does anyone have a clue?
I have two Amazon EC2 Ubuntu instances. When I connect to one of them, I can do
ssh ubuntu#54.123.4.56
and the shell uses the correct keyfile from my ~/.ssh directory.
I just set up a new instance, and I'm trying to figure out how to replicate that behavior for this new one. It's a minor thing, just driving me nuts. When I log in with:
ssh -i ~/.ssh/mykey.pem ubuntu#54.987.6.54
it works fine, but with just
ssh ubuntu#54.987.6.54
I get:
Permission denied (publickey).
I have no idea how I managed to get it to work this way for the first server, but I'd like to be able to run ssh into the second server without the "-i abc.pem" argument. Permissions are 600:
-r-------- 1 mdexter mdexter 1692 Nov 11 20:40 abc.pem
What I have tried: I copied the public key from authorized_keys on the remote server and pasted it to authorized_keys on the local server, with mdexter#172.12.34.56 (private key) because I thought that might be what created the association in the shell between that key and that server for the shell.
The only difference I can recall between how I set up the two servers is that with the first, I created a .ppk key in PuTTy so that I could connect through FileZilla for SFTP. But I think SSH is still utilizing the .pem given by Amazon.
How can I tell the shell to just know to always use my .pem key for that server when SSHing into that particular IP? It's trivial, but I'm trying to strengthen my (rudimentary) understanding of public/private keys and I'm wondering if this plays into that.
You could solve this in 3 ways:
By placing the contents of your ~/.ssh/mykey.pem into ~/.ssh/id_rsa on the machine where you are ssh'ing into 2nd instance. Make sure you also change the permissions of ~/.ssh/id_rsa to 600.
Using ssh-agent (ssh-agent will manage the keys for you)
Start ssh-agent
eval `ssh-agent -s`
Add the key to ssh-agent using ssh-add
ssh-add mykey.pem
Using ssh-config file:
You could use ssh config file. From the machine where you are trying to ssh, keep the following contents in the ~/.ssh/config file (make sure to give this file 600 permissions):
Host host2
HostName 54.987.6.54
Port 22
User ubuntu
IdentityFile ~/.ssh/mykey.pem
Once you do that now you could access do the ssh like this:
ssh host2
After performing any of the above steps you should be able to ssh into your second instance with out specifying the key path.
Note: The second option requires you to add the key using ssh-add every time you logout and log back in so to make that a permanent injection see this SO question.
I create one SUSE linux EC2 instance in Amazon AWS.
And it is OK to 'putty' to access the instance (use the key-pair file, let's call it key.pem, I have converted it to key.ppk), and when log in the host, I am using 'root' user name, and it is OK.
login as: root
Authenticating with public key "imported-openssh-key"
Last login: Tue Apr 15 15:17:55 2014 from x.x.x.x
SUSE Linux Enterprise Server 11 SP3 x86_64 (64-bit)
As "root" use the:
- zypper command for package management
- yast command for configuration management
Management and Config: https://www.suse.com/suse-in-the-cloud-basics
Documentation: http://www.suse.com/documentation/sles11/
Have a lot of fun...
While when I try to use 'pscp' to copy files, it always failed, and outputs
Server refused our key
Using Keyboard-interactive authentication.
Password:
My 'pscp' command usage as following
C:\Users\t440s\Downloads\putty\pscp.exe -i key.pps test.txt root#myhost.compute.amazonaws.com:/tmp
Actually, I do not know my password.
And I checked following section of /etc/ssh/sshd_config, seems root do not need password
# Authentication:
#LoginGraceTime 2m
PermitRootLogin without-password
PasswordAuthentication no
I am using win8.
Please help me. Yours.
I would like you should use Git Bash tool http://git-scm.com/download/win its free and opensource, Please download and install , You have Unix environment is windows :)
now in the git bash type command ls to check where you are and now you can type this command in GIT bash
scp -i /c/Users/USERNAME/Download/key.pem filename.txt ec2-user#ec2-81.1821.1..eu-west-1.compute.amazonaws.com:/tmp
You can replace the user ec2-user to ubuntu or any other which is associate to that machine I dont think root work. Let me know is that works for you
I created a new keypair and downloaded it to my mac, then set up a new Amazon Linux AMI server with that keypair and my security group. Now I need to put the keypair .pem file that I downloaded in a .ssh file in my users folder? I am unable to create a folder called ".ssh" however because of the name.
Where do I put the keypair on my mac? and what chmods or other commands are then needed to connect to the server from my linux bash? I know "ssh my public DNS" but what other permissions or anything else should I be aware of? Its a newbie question. Thanks.
You'll want to put the keypair in {your home directory}/.ssh . If that folder doesn't exist, create it. Once you put the keypair in there you have to change the permissions on the file so only your user can read it.
Launch the terminal and type
chmod 600 $HOME/.ssh/<your keypair file>
That limits access to the file, and then to limit access to the folder type
chmod 700 $HOME/.ssh
You have to limit the access because the OpenSSH protocol won't let you use a key that other's can view.
Then to log into your instance, from the terminal you would enter
ssh -i <your home directory>/.ssh/<your keypair file> ec2-user#<ec2 hostname>
you can also create a file ~/.ssh/config
chmod it 644
then inside you can add something like this
host mybox-root
Hostname [the IP or dns name]
User root
IdentityFile ~/.ssh/[your keypair here]
then you can just do
$ ssh mybox-root
and you'll login easier.
You can use Java MindTerm to connect to your EC2 server in Macbook pro. It works for me. here are the more details and step by step instruction.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
http://www.openssh.com/ is the suggested one on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-connect-to-instance-linux.html#using-ssh-client (option 3)
Someone was asking on Mac's an easy way to create the ~/.ssh folder would be by running command ssh-keygen, then use following setup ...
A.
macbook-air$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/sam/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/sam/.ssh/id_rsa.
Your public key has been saved in /Users/sam/.ssh/id_rsa.pub.
B. Then create:
touch ~/.ssh/authorized_keys
C. Fix the permissions:
chmod 600 ~/.ssh/authorized_keys
D. Copy AWS Key to that file:
cp AWS_key.text ~sam/.ssh/authorized_keys
#You would have saved this SSH key earlier when creating the EC2 instance
E. Then test the ssh to AWS Linux server - you will see this error:
ssh -i ./authorized_keys root#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
Please login as the user "ec2-user" rather than the user "root".
F. Re-try that and it should work with allowed AWS user "ec2-user":
ssh -i ./authorized_keys ec2-user#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2014.09-release-notes/
9 package(s) needed for security, out of 12 available
Run "sudo yum update" to apply all updates.
Hope this helps, all the best.