I have a really annoying problem with my server, even I couldn't find any search term to google it.
Let me explain it.
on my server I can connect to ssh using with ip address it is ok.
ex : ssh -p2222 ubuntu#xx.xxx.xxx.xx It is working.
but I cannot login with domain name. SSH connects, it asks for password for user ubuntu but the password doesn't work.
ex : ssh -p2222 ubuntu#domainname.com It is not working.
Be sure you use same EC2 Key Pair when you start your instance.
Related
I have a few machines on my home network that I ssh into. Windows, Mac, and Linux.
instead of ssh name#123.0.0.1 every time I want to login to one of them it would be nice to set the IP as something user friendly. Possibly even the remote computers hostname?
Say my name is Matt and I want to login to my machine that has a hostname of thinkpad.
Could I ssh matt#thinkpad to login somehow?
If you want to access your remote host using the hostname instead of ip, you need update /etc/hosts
sudo nano /etc/hosts
Add the details of your server
123.0.0.1 thinkpad
I have created ssh keys and registered my public key on the target host under .ssh/.authorized_keys.
And it also generally works. I just observe a strange behavior: When I try to login the first time in the morning, I see "Server refused our key" and get forced to enter my passphrase. Any consecutive attempts then work fine and I see in the console output that it's registering with my key.
If I don't log in for a longer time, then a new login would show the same behavior as above and I get forced to enter my passphrase.
So I was wondering: Is there maybe a configurable value that prevents me registering with my key after certain time that I can just increase or deactivate?
You may find your answer here. Some servers are configured to verify the hosts before they can login for the first time.
https://unix.stackexchange.com/questions/42643/ssh-key-based-authentication-known-hosts-vs-authorized-keys
We can make SSH automatically write new host keys to the known_hosts file by setting StrictHostKeyChecking to “no” in the ~/.ssh/config file.
StrictHostKeyChecking=no
I am trying to ssh into my server at work (CentOS) from my laptop (Ubuntu). When I am at home, I do it by running the following script on the server (I start it while I am physically at work):
ssh -R (port #):localhost:22 (name#home ip)
I do this because it doesn't accept connections from external IPs. Then, I can ssh into the specified port on my laptop, and it works fine.
However, when I am actually at work, I cant ssh to the server. The other people in my office can. They do this very simple command (only works while they are at work, since they need an IP from inside the system):
ssh (username)#(work ip)
And they are automatically logged in. When I do that, I get no response; no public key denial, no wrong username, no response at all. Eventually it times out. But I know the server has ssh running, because everyone else can do it.
Additionally, if I do this on my laptop, while at work:
ping (work ip)
I do get response packets, with no loss, almost no lag. But ssh doesn't work.
I can ssh to other places from my laptop, both while I am at home and at work. So my laptop is properly configured to ssh to things, it just doesn't reach the work server for some reason. I talked to the guy who set it up and he insists there is no whitelist; the only security from internal IPs (and I am physically on site, so I have an internal IP, so there should be no need to do the ssh -r like I do at home) is the private/public RSA key system, and I know the keys must be already set up, because it works when I do the ssh -R from home. Plus, if the keys were not set up, I would get a public key denial, instead of no response at all, right?
If I do ssh -vv, this is the last line before it times out:
debug1: Connecting to ccny6 [work ip] port 22.
I see other people have posted similar questions, but the responses they seem to generally be "is the server running the ssh service" etc, which I know it is as other people can ssh to do (as can I if I'm using the ssh -r tunnel), so none of those responses did me much good, unfortunately.
Summary: I can ssh to a server from OFF site via a ssh tunnel, but can't ssh to it while I am right next to it using direct ssh, even though I can ping it, and others can ssh to it.
The most possible reason for the same is your ISP. I too had this issue few months back. They had closed ssh ports. Ask them and get it released.
Just a confirmation, try to do ssh to other IP's as well. It wont work either if your ISP has blocked it.
I have a linux box set up, and I have a user that I would like to use for a proxy only. That is, someone would SSH in with this user and do dynamic SOCKS5 port forwarding to their localhost, and then use that tunnel as a proxy for whatever they need on their system.
My question is, is there any simple way to make it so that this user can't do anything BUT use it as a proxy? i.e. make it so that once a user has connected with SSH, they can't run any commands at all on the remote computer?
Thanks!
You can do it with permissible commands in the authorized_keys file.
user would not log in via ssh but will have a restricted set of commands that would only be allowed to execute via ssh, for example "ssh somehost bin/programname"
more details here and here
I found where this has already been asked, and the solution to that worked perfectly.
https://serverfault.com/questions/56566/ssh-tunneling-only-access
Is there a way for a program at the server to get the public key that the user used for ssh login?
For example, github knows that it's user "Ben" by searching the public key from their database.
ssh -T git#github.com Hi Ben! You've successfully authenticated,
but GitHub does not provide shell access.
My question is how to get the public key then?
Only the SSH server (sshd) can retrieve that information. It is not exposed to processes launched from the server, such as the shell.
The fact that Github is doing this, as well as some circumstantial evidence on their blog, strongly suggests that Github is running a custom SSH server (i.e, not OpenSSH). You would need to write your own SSH server to replicate this functionality.