I've got the following question, I've installed a server with CentOS 7. Now I want to use this server for git.
The problem is I can't make an SSH connection to the sever to do this. I already made keys and I putted the id_rsa key in C:\Users\MYNAME.ssh
I also created an git user on the server and putted the public key in /home/git/.ssh/authorized_keys
When I want to clone the repository to my server I use the following command:
$ git clone ssh://git#IP/domains/optiekruymen.be/public_html/.git
The output is
Cloning into 'public_html'...
Enter passphrase for key '/c/Users/MYNAME/.ssh/id_rsa':
git#IP's password:
I don't understand why I still need to give the git password, beceause I want tot use the ssh connection and not the password of the git user.
I generated the key on Centos using ssh-keygen, than i copied using
cat id_rsa.pub >> /home/git/.ssh/authorized_keys
to copy the file to the git user user next i downloaded the key to my pc and copied id_rsa to /c/Users/MYNAME/.ssh/id_rsa
Extra output
.ssh file settings
drwx------ 2 git git 4096 Feb 13 20:59 .ssh
authorized_keys file settings
-rw-r--r-- 1 git git 408 Feb 13 20:53 authorized_keys
other debug info
debug1: Trying private key: /c/Users/USERNAME/.ssh/id_rsa
debug3: sign_and_send_pubkey: RSA
SHA256:xUB8U9Mn3EkwzhLXjsBlZU1tJMViEfM/Yit5Kjkv/TA
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with mic,password
This message means that your private key is password-protected (encrypted with a password), before a connection to the remote host can be made, this key needs to be decrypted (by you inputing the password).
The easiest way to solve thi is to remove the passphrase from the private key.
From this message:
git#IP's password:
You can see that you are being for the password for the git user.
As you mentioned above once you added the user to the /etc/ssh/sshd_config its no longer asking you for password.
/etc/ssh/sshd_config file
The /etc/ssh/sshd_config file is the system-wide configuration file for OpenSSH which allows you to set options that modify the operation of the daemon.
This file contains keyword-value pairs, one per line, with keywords being case insensitive.
I solved this by adding the user git to the /etc/ssh/sshd_config file
and checking the following configurations
Home directory on the server should not be writable by others: chmod go-w /home/user
SSH folder on the server needs 700 permissions: chmod 700 /home/user/.ssh
Authorized_keys file needs 644 permissions: chmod 644 /home/user/.ssh/authorized_keys
Make sure that user owns the files/folders and not root: chown user:user authorized_keys and chown user:user /home/user/.ssh
Put the generated public key (from ssh-keygen) in the user's authorized_keys file on the server
Make sure that user's home directory is set to what you expect it to be and that it contains the correct .ssh folder that you've been modifying. If not, use usermod -d /home/user user to fix the issue
Finally, restart ssh: service ssh restart
Then make sure client has the public key and private key files in the local user's .ssh folder and login: ssh user#host.com
Related
How can I create an ssh key from Windows and install it on a Linux host using OpenSSH to log in without a password for each connection?
CREATE AND INSTALL SSH KEY
First of all, we need to create a new key in the Windows pc (where we start the connection) using:
ssh-keygen -t rsa
Don't change the default path or remember where you saved the key, it will be used for the next command.
Press enter another two times to avoid using a passphrase (if you don't want it).
After that, if you haven't change the default path, the key will be created into {USERPROFILE}\.ssh\id_rsa.pub.
Now, you can usually use the command ssh-copy-id for installing the key on the remote host, but unfortunately this command is not available on Windows, so we have to install it using this command:
type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {REMOTE_HOST} "cat >> .ssh/authorized_keys"
or if your key is not in the default path:
type {RSA_KEY_PATH} | ssh {REMOTE_HOST} "cat >> .ssh/authorized_keys"
and replace the {RSA_KEY_PATH} with your RSA path.
Replace {REMOTE_HOST} with the remote host IP/Name (like pi#192.168.0.1), launch the command, insert the password if required, and the work is done!
IMPORTANT!
SETTING UP .ssh FOLDER
If the ~/.ssh folder is not existing in your remote host, you need to configure them, this is usually done by the command ssh-copy-id, but we can not access to this power from Windows!
You need to connect to the remote host in ssh and create the .ssh directory and the authorized_keys file for the first time:
ssh {REMOTE_HOST}
Create the .ssh directory:
mkdir ~/.ssh
Set the right permissions:
chmod 700 ~/.ssh
Create the authorized_keys file:
touch ~/.ssh/authorized_keys
Set the right permissions:
chmod 600 ~/.ssh/authorized_keys
NOTE
The authorized_keys is not a folder, if you try to create it using mkdir, the SSH connection passwordless will not work, and if you debug the ssh on the host, you will notice an error/log similar to:
~/.ssh/authorized_keys is not a key file.
ADD YOUR SSH KEY ON YOUR AGENT
Run those two lines on your Windows pc to add the created key on your cmd/powershell:
ssh-agent $SHELL
ssh-add
I'm trying to set up an ssh connection from ServerA to ServerB without password, and the ssh connection keeps asking me for the passphrase of my private key.
Here is my configuration:
ServerA
The /home/user/.ssh folder has a CHMOD: rwx------, and is owned by user:user
The files /home/user/.ssh/id_rsa.pub and /home/user/.ssh/id_rsa have a CHMOD: -rw------- and are owend by user:user
ServerB
I created a user serverA on the ServerB.
The folder /home/serverA/.ssh has a CHMOD: drwx------ and is owned by serverA:serverA
The file /home/serverA/.ssh/authorized_keys contains the public key of the user on the ServerA, and has a CHMOD: -rw-r-----
In the file /etc/ssh/sshd_config I added the following lines:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
However, when I am on ServerA and I try to type:
ssh ServerA#ServerB, it asks me for the passphrase of my private key. When I give it, I get connected.
Do you know how I could do to avoid typing the passphrase of ServerA every time?
When you run ssh-keygen, you must have given the certificate a pass phrase. To not have to enter a pass phrase just press enter on that question to set an empty one when.
You can use ssh-agent, which will "remember" your passphrase for specified time. In short:
eval `ssh-agent` # start ssh-agent
ssh-add /path/to/your.key # remeber the key
ssh ServerA#ServerB # will not ask for a passphrase
for more information, check more questions about ssh-agent or its manual page.
On my Windows 10, I am running into the problem of not being able to connect to m Vagrant virtual machine via ssh user with public key authentication method at git bash using command such as
$ ssh -v lauser#127.0.0.1 -p 2222 -i ~/.ssh/id_rsa
I would be prompted for password, as if the public key I copied to in the ~/.ssh/Authorized_keys file inside the vm were not seen. Meanwhile,the password authentication method works, as well as 'vagrant ssh'.
I have made sure to
create key pairs locally, create a .ssh directory at the remote, and add pub key string to the remote's .ssh /authorized_keys file; both the .ssh and the .ssh /authorized_keys file are owned by the user(lauser), and set at 700 and 644
edit the /etc/ssh/sshd_config file on vm to use
RSAAuthentication yes
PubkeyAuthentication yes
and restarted the sshd server (with 'sudo service ssh restart').
verify that firewall has been disabled temporarily to eliminate any complication.
verify that there is only one vm running, all others are either in 'suspend' or 'halt' mode.
confirm the file type by 'file ~/.ssh/authorized_keys', and get confirmation '~/.ssh/authorized_keys: OpenSSH RSA public key'
verify that the keys match by comparing the output from 'sudo cat ~/.ssh/authorized_keys' in vm and the output from ' cat ~/.ssh/id_rsa.pub' at the local.
but still I get Permission denied (publickey) when trying to connect through public key authentication.
It sounds like you've done everything correctly so far. When I run in to this problem, it's usually due to directory permissions on the target user's home directory (~), ~/.ssh or ~/.ssh/authorized_keys.
See this answer on SuperUser.
I faced same challenges when the home directory on the remote did not have correct privileges. Changing permissions from 777 to 744 helped me
I am new to Ubuntu-Linux,i have to create a ssh user in remote system and generate its key. and access this system by key_file through the command.
ssh -i key_file user#host
Can any body tell me how can i do ?
On the system you are trying to connect to, the public key (usually id_rsa.pub or something similar) needs to be added to the authorized_keys file.
If the user is brand new and the authorized_keys file doesn't exist yet, this command will create it for you.
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Next just make sure sshd is running on the host and you should be able to connect with the command you posted.
on remote-server-
ssh-keygen
ssh-copy-id user#host
cd .ssh
make a copy of the file id_rsa and give any body who want to access this server/system.
on the other system
ssh -i id_rsa user#host
If you want to connect to another host as user "user", what you need is the public key of the user that is going to open that connection, i.e. the user you are logged in on your desktop computer or some server you are coming from, not for the user, you are logging in to on the remote host.
You can check, if the keys for your current user are already created in $HOME/.ssh; there you should find something like "id_rsa" and "id_rsa.pub" (for rsa keys). If they don't exist, you create them by calling
ssh-keygen -t rsa
The public key that is generated that way, id_rsa.pub in this example, has to be put in a file ${HOME of user on remote host}/.ssh/authorized_keys on the target host.
If this file does not exist on the remote host or if even .ssh does not exist, you have to create those files with the following permissions:
.ssh 700
.ssh/authorized_keys 600
See http://www.openssh.com/faq.html#3.14 for details.
A detailed description of the process can be found here:
https://help.github.com/articles/generating-ssh-keys/
I have an id_rsa and id_rsa.pub on my computer also tied into my BitBucket account.
As I understand I can use this public key anywhere I please (as long as my private matches).
The Problem: I cannot figure out how to get any server to accept the public key, do you see what I've done wrong?
$ cat id_rsa.pub >> authorized_keys
$ service ssh restart (I suppose this isn't needed)
$ git pull origin master
$ Permission denied(publickey)
What am I doing wrong? I've been stuck for days.
If you copied your root's authorized_keys you may have to do more than you are used to:
chmod 700 .ssh
sudo chmod 640 .ssh/authorized_keys
sudo chown $USER .ssh
sudo chown $USER .ssh/authorized_keys
Where $USER is your linux username.
Make sure the permissions on ~/.ssh are 700 i.e. only accessible by the owner, and the permissions on the public and private key files are not writable except by the owner.
Make sure the key files are in ~/.ssh !
Make sure the key is being used (try ssh'ing to the right user # the bitbucket server using ssh -v)
You need to copy the content of id_rsa.pub to the bitbucket avcount its in the settings page
For more info https://confluence.atlassian.com/display/BITBUCKET/How+to+install+a+public+key+on+your+Bitbucket+account