I am running a Debian 7 Wheezy server and are having problems with connecting to other servers over SSH. This problem only occurs while running SSH through crontab, and not otherwise (logged in as the same user of course).
While running a ssh command as this user through crontab, I get the following problem:
Host key verification failed.
I have removed the ~/.ssh/known_hosts file and manually connected to the server in order for the host key to be correct.
When running SSH with the -v flag, I get the following:
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
If i list /dev/tty it has 666 permissions:
crw-rw-rw- 1 root root 5, 0 Jun 21 15:49 /dev/tty
I have also manually set the permissions to 666 after I listed /dev/tty in order to be entirely sure.
Why does SSH say it can't read /dev/tty? I've been exploring this for weeks and havn't found an answer. Does anyone have a clue?
Related
I'm getting an error when using ssh, which tries to use keys from ssh-agent, but fails with this message (when running ssh -v):
debug1: get_agent_identities: ssh_fetch_identitylist: communication with agent failed
Full log
I can see both of my keys added to the agent when running ssh-add -l:
$ ssh-add -l
3072 SHA256:0i3sqR60WRsAOpFVJyw951NUDW01jkAWFB1na921Asd xxxxxx#somehost (RSA)
4096 SHA256:CG6njka821AOd82j1xGFkyiOjwG/yo921KAIOWm3t/4 xxxxxx#anotherhost (RSA)
The same error appears with no keys or one key inside the agent.
I'm running the fish shell on Archlinux, and also tried this under bash, but it doesn't seem to make a difference. The same setup was working for me on Ubuntu. There seem to be no questions about this exact issue, and I'm stuck with no clues.
I found that this problem on my pc is caused by the windows default ssh client which stores my ssh key files. After upgrading to 8.9 with https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v8.9.0.0p1-Beta I solved this problem.
my ssh config was okay and it was working fine, however recently my Github ssh connection didn't work and also I wasn't able to connect to my private server using ssh connection. When I try to ssh, I get follwing error:
/home/hacku/.ssh/config: line 9: Bad configuration option: Identityfile
/home/hacku/.ssh/config: line 16: Bad configuration option: Identityfile
/home/hacku/.ssh/config: terminating, 2 bad configuration options
And here is my config file:
Host github.com
User git
Port 22
Hostname github.com
IdentityFile ~/.ssh/github_ssh
TCPKeepAlive yes
Host linode
HostName serv_ip_address
User hackU
Port 22
IdentityFile ~/.ssh/private_key
I copied exact same config file and my private key into another machine and it worked great (Termux, ssh version => OpenSSH_8.6p1, OpenSSL 1.1.1l 24 Aug 2021).
I checked my ssh package version it was OpenSSH_8.7p1, so I thought maybe the update broke it. So I downgraded it to OpenSSH_8.6p1, OpenSSL 1.1.1l 24 Aug 2021, it also didn't work, additionally I tried to restart sshd by using
sudo systemctl restart sshd
But none of the above worked.
I'm using manjaro gnome edition as my daily driver.
Thanks beforehand.
Everything theoretically seemed okay but the thing was that it was weirdly throwing this error. After doing some reading, I found this information here:
if you use an ssh-agent, ssh will automatically try to use the keys in the agent, even if you have not specified them with in ssh_config's IdentityFile (or -i) option. This is a common reason you might get the Too many authentication failures for user error. Using the IdentitiesOnly yes option will disable this behavior.
So I completely deleted IdentityFile option. Hence my final config file is like that and both connection works just fine.
Host github.com
User git
Port 22
Hostname github.com
TCPKeepAlive yes
Host linode
HostName server_ip_address
User hackU
Port 22
However, the reason for the problem for me still is unknown. I would be glad to hear, in case someone finds it out.
I successfully added remote (private) GitLab account under Windows 10 in GitAhead but under a Linux openSUSE Leap 15 I got "Connection failed: SSL handshake failed".
Note that I can clone, pull, fetch, commit, push in repositories from repositories in the GitLab I want to add, I also tried to reset SSH handshake with:
$ ssh-keygen -R gitlab.mydomain.net
# Host gitlab.mydomain.net found: line 31
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old
$ ssh git#gitlab.mydomain.net
The authenticity of host 'gitlab.mydomain.net (<IP>)' can't be established.
ECDSA key fingerprint is SHA256:**************.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.mydomain.net,<IP>' (ECDSA) to the list of known hosts.
Welcome to GitLab, #UserName!
Connection to gitlab.mydomain.net closed.
But it still does not work, anyone knows if there is something to configure to allow it under Linux ?
Thanks
For a starter, check the rights on directories on the server-side. The home-dir as well as the .ssh-dir should be treated with chmod 700. The same is true for the key files.
You should aim for a passwordless login on your server. As soon as this works, GitAhead should be fine. If you have a Git-Shell in your server-side /etc/passwd, replace it by /bin/sh for the sake of sending your pubkey: On the client, enter ssh-copy-id -i yourprivatekeyfile somerandomgituser#ipofyourgitserver. After that, if successful, you can reset the /etc/passwd line back to the Git-Shell.
I've setup Cygwin and want to ssh with domain user account on windows server 2012 R2. It works fine if I start the sshd service with "Local system account" but if I start the service with a cygserver local account or domain\cygserver then the service starts fine but when I try to ssh I see the message sshd: PID 1944: fatal: seteuid 1801: No such device or address.
ssh in verbose mode on the client shows the following:
debug1: Authentication succeeded (publickey).
Connection to 10.10.10.10 closed by remote host.
Connection to 10.10.10.10 closed.
debug1: Exit status -1
Some articles like https://blog.peterwurst.com/2016/09/15/ssh-server-on-windows-with-cygwin/ suggest to enable the following GPO with cygserver account in it. I tried them still the same error.
Act as part of the operating system
Create a token object
Log on as a service
Replace a process level token
I've verified .ssh and authorized_keys permission and the user home directory exists and also passwd file has the /bin/bash shell for the user.
Any suggestion on how to resolve this issue?
I had this issue, and the solution was to start the CYGWIN ntsec servicem, before starting the CYGWIN OpenSSH service.
Verify the subject user and SSHD account are not locked / disabled.
Confirm that password login works. PKI and password login take different paths to create a process token.
I also had this issue in the log
seteuid XXXXXXXX: No such device or address
and this made the trick
passwd -R
We have small array of GPDB Cluster. We have recently upgraded the GPDB and configured the GCC web portal. In that, we noticed Our machines is still showing password at the time of SSH .
We tried following Document commands on greenplum machine:
http://www.servermom.org/passwordless-ssh-login/1608/
Unable to get passwordless SSH at root user from windows to linux machine.
Though,We have ability to do passwordless SSH from Linux to linux machine in gpdb cluster.
Trying to secure shell for greenplum from windows to linux:
Password-less Login: Windows (via Putty) to Linux(greenplum)
Is there any standard way or steps to perform Login via SSH without prompt of password. and from which user should we need to perform all these activities.
Any Help on it would be much appreciated ?
Thanks for asking this question, I never thought of this..
Here is what I did and It worked for me.
Open Putty Key Generator
Generated Key and copy it into .ssh/authorized_keys (Make sure you are copying complete key)
chmod -R 700 .ssh/
Save public and private keys (See Image)
Now open putty and provide user#hostname
In Category goto Connection > SSH > Auth and load private key (.ppk file) you have saved from Putty Key Generator
- Save the session and open
A couple things to watch out for:
~gpadmin/.ssh directory and ~gpadmin/.ssh/authorized_keys should have 700 and 600 permissions, respectively:
$ ls -lda ~gpadmin/.ssh
drwx------ 15 gpadmin gpadmin 510 May 27 11:43 /home/gpadmin/.ssh
$ ls -l ~gpadmin/.ssh/authorized_keys
-rw------- 1 gpadmin gpadmin 4496 Dec 2 11:12 /home/gpadmin/.ssh/authorized_keys
When you connect with Putty, try enabling verbose output to be sure it is using the matching private key for the public key you've added to the Greenplum authorized_keys file.
You can also look in the /var/log/secure log file to see what the Greenplum server's SSHD process is doing for more clues.