I need to use a bash script to do the following:
generate public private key on NodeA
Copy the public key into a remote NodeB 's authorized_keys
Add NodeB to NodeA's known_hosts.
I need to do all this without a password prompt for ssh-ing into NodeB
In the second step I am even specifying the private key with "-i".
The following script I have now still asks for password
#!/bin/bash
sudo ssh-keygen -t rsa -N "" -f /root/.ssh/id_ccn_rsa
ssh -i /root/.ssh/id_ccn_rsa -o StrictHostKeyChecking=no $1
sudo sh -c "ssh-keyscan $1 >> /root/.ssh/known_hosts"
There is no magic.
To deploy the key you MUST be able to login without the key at least one time. Or have someone who can login and has root access deploy the public key for you.
You cannot login without a password and without a key unless your account was set up without a password AND sshd was configured with the non-default PermitEmptyPasswords yes option.
Related
In ~/.ssh I have github and bitbucket private key files. Both are encrypted, so when I ssh-add ~/.ssh/github I have to enter a password.
I have a bash script to automate git commands. If the github and/or bitbucket identities have NOT been added yet, then I want to ssh-add them.
I'm looking for a function like:
has_identity_been_added ~/.ssh/github
To simply check if the private, encrypted key file has been added.
I found:
ssh-add -l prints out a string of text for each identity... and I don't know what it is, but it's not the key file name
ssh-add -L prints the public key, which I'm not storing on my local machine, so I'm not sure how to verify against it, without asking for the private key file's password again.
Both of those print the name I gave to the key file like reed#laptop-x1834 (I think that was the automatic name, cause I didn't specify -C in the ssh-keygen, if memory serves).
I'm not sure where to go from here. I don't want to rely upon the ssh-keygen -C "whatever_name".
ssh-add -l print out fingerprint of the keys added.
You can get the fingerprint of a public key with :
ssh-keygen -l -f id_rsa.pub
I am using Azure DevOps for my pipeline. For testing purposes, I have created a variable $key to store the private key. I want to use that key to SSH to a remote server. When I try to write the $key to a file and then use it e.g.
ssh user#10.10.10.10 -i keyfile
I get asked for a passphrase. I believe that this is to do with the format of the private key file. It appears as a long string without line breaks.
What is the best way to format the string and write it to a .pem file?
If you want to make use of private keys, you should add your public key to .ssh/authorized_keys.
$ ssh-keygen -t rsa
$ cat ~/.ssh/id_rsa.pub | ssh you#server 'cat >> ~/.ssh/authorized_keys'
$ ssh -i ~/.ssh/id_rsa you#server
Please note that you should allow sshd to login via public key:
PubkeyAuthentication yes
If you can't change the settings on the server, you might want to make use of expect. It less secure, tho. Read this for more information.
I am copying files to another server and I have this command:
scp -r "${inclr}" utzfin#utzfin1:"${backuppath}/${time_stamp}"
scp -r "${podout}" utzfin#utzfin1:"${backuppath}/${time_stamp}"
I keep getting a password prompt. is there a way of passing the password only once and the rest of the Commands executes without asking for password?
In this case sharing the ssh key of the target on source server or vice versa will do the needful and it will not ask for the password.
With below command you can generate the ssh key for the user and then share the id_rsa.pub key on another server.
ssh-keygen -t rsa
Command to share the key :-
ssh-copy-id -i ~/.ssh/id_rsa.pub username#hostname
This is my code:
ssh-keygen -t rsa -C "$APP"
This works perfectly. However it then asks me to specify location and password. I was hoping I can automate this all in one go, however this command fails:
ssh-keygen -t rsa -C "$APP" -P "$SSHKEYPASS" -T ~/.ssh/id_rsa.pub
This command seems to fail though, when I specify the password I want for the key and location in the same line. I don't really understand the man page:
http://linux.die.net/man/1/ssh-keygen
Can anyone tell me where I have gone wrong?
-P is for the old passphrase, to create a key I assume you want -N for the new passphrase.
-T is for DH group test output it appears (not that I know what that is exactly).
You want -f to specify the key filename. And you specify the private key file not the public key file.
So try:
ssh-keygen -t rsa -C "$APP" -N "$SSHKEYPASS" -f ~/.ssh/id_rsa
I was referring to http://www.mtu.net/~engstrom/ssh-agent.php
My public key is listed under ~/.ssh/authorized_keys at remote1. During SSH login connect,
it's working fine(loaded my private key under connection-Auth), it asked for passphrase which I provided then login is successful.
But when switching between servers like from remote2, do SSH remote1, it would ask for a password. Trying to set up SSH agent forwarding according to that site but was to no avail...ssh-add never prompts me for private-key-passphrase or was it wrong what i was doing trying to follow the process described?
I basically did
$ eval ssh-agent
$ ssh-add (some do ssh-add ~/.ssh/id_rsa--> wonder wat id_rsa is referring to as I only have the auth_keys file under .ssh)
Saw some resources described to do chmod 600 ~/.ssh/authorized_keys, but not sure if that's applicable to my case.
ssh-agent wrap another command, you can for example wrap a shell
ssh-agent bash
Then, in that shell, you need to add your private key, and type your passphrase :
ssh-add /path/to/your/private/key # (by default : ~/.ssh/id_rsa)
Then, when you use ssh to connect, add the -A option :
ssh -A user#remote1
That's it, your key is forwarded, you can see it if you type (on remote1) :
ssh-add -L
You can now connect to your remote2, using that private key.
Be careful when you use ssh forwarding. Anyone with root access on remote1 could use your identity to connect on remote2 while you are connected.
I am pretty sure that ~/.ssh/authorized_keys must always be chmod 600. This is a sensitive file that must be protected.