putty connect successfully, while pscp run into "server refused our key" - linux

I create one SUSE linux EC2 instance in Amazon AWS.
And it is OK to 'putty' to access the instance (use the key-pair file, let's call it key.pem, I have converted it to key.ppk), and when log in the host, I am using 'root' user name, and it is OK.
login as: root
Authenticating with public key "imported-openssh-key"
Last login: Tue Apr 15 15:17:55 2014 from x.x.x.x
SUSE Linux Enterprise Server 11 SP3 x86_64 (64-bit)
As "root" use the:
- zypper command for package management
- yast command for configuration management
Management and Config: https://www.suse.com/suse-in-the-cloud-basics
Documentation: http://www.suse.com/documentation/sles11/
Have a lot of fun...
While when I try to use 'pscp' to copy files, it always failed, and outputs
Server refused our key
Using Keyboard-interactive authentication.
Password:
My 'pscp' command usage as following
C:\Users\t440s\Downloads\putty\pscp.exe -i key.pps test.txt root#myhost.compute.amazonaws.com:/tmp
Actually, I do not know my password.
And I checked following section of /etc/ssh/sshd_config, seems root do not need password
# Authentication:
#LoginGraceTime 2m
PermitRootLogin without-password
PasswordAuthentication no
I am using win8.
Please help me. Yours.

I would like you should use Git Bash tool http://git-scm.com/download/win its free and opensource, Please download and install , You have Unix environment is windows :)
now in the git bash type command ls to check where you are and now you can type this command in GIT bash
scp -i /c/Users/USERNAME/Download/key.pem filename.txt ec2-user#ec2-81.1821.1..eu-west-1.compute.amazonaws.com:/tmp
You can replace the user ec2-user to ubuntu or any other which is associate to that machine I dont think root work. Let me know is that works for you

Related

Rsync without password file without ssh

I would like to establish rsync between Windows 7 and linux server for file transfer. I am trying to make this as simple as possible. As topic, is there any way to use rsync without password file and ssh? I was searching for few days but only found solution with either password-file or ssh.
I am using:
Client Env
Windows 7
cwRsync 5.5.0
Server Env
Linux Redhat 6.3 Santiago
rsync 3.1.1
If you want to use rsync without using SSH at all, then you can do it using an rsync server.
It requires installing rsyncd on the Linux server, and setting up and configuring an always-running service, but there's a tutorial here (from 1999!) that says how to do it.
You can set it up to allow access without a username and password, but only do that within a trusted network! Note that, even with a password, there won't be any encryption, so use with caution.
on the source system:
vim /etc/rsyncd.conf
then add your path
[your_path_name]
path = /any_directory/your_path_name
comment = My fast rsync server
read only = yes
list = yes
start the rsync server
sudo systemctl start rsync
and on the destination server:
rsync -r rsync://X.X.X.X:/your_path_name ./my_directory/ --progress

X11 forwarding request failed on channel 0

When I do "ssh -X abcserver", I got message "X11 forwarding request failed on channel 0".
I checked online and it was suggested to solve it by switching "X11UseLocalhost no" to "X11UseLocalhost yes".
However, both my manager and I don't have this administrative privilege. I am wondering, except this solution, whether there is another option to solve the issue ? I also don't have sudo privilege to directly install X11 on the server.
My local platform is:
Linux version 3.16.0-4-amd64 (debian-kernel#lists.debian.org)
(gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02)
The remote platform is:
Linux version 3.13.0-88-generic (buildd#lgw01-16)
(gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) )
#135-Ubuntu SMP Wed Jun 8 21:10:42 UTC 2016
Adding the -v option to ssh when trying to log in will give a lot of debug information which might give a clue to exactly what the problem is, like for instance
debug1: Remote: No xauth program; cannot forward with spoofing.
which in my case installing xauth on the server fixed the issue.
I had to edit the sshd config file on the remote server to fix the issue. It worked on Ubuntu 16.04 Server:
$ sudo vim /etc/ssh/sshd_config
Set `X11UseLocalhost no`
Save the file.
$ sudo service sshd restart
$ exit
Now it works!
$ ssh -X user#remotehost
$ xclock
sudo apt install xauth
change the line #AddressFamily any to AddressFamily inet in /etc/ssh/sshd_config
sudo service ssh restart
This is enough on Ubuntu 18.04 LTS.
After login with ssh -X (or after activating the PuTTY / KiTTY option "Enable X11 forwarding") you should see that the environment variable DISPLAY is automatically defined to localhost:10.0 or similar. After first successful login (with a functional X11 forwarding) the file .Xauthority will be generated. Another positive sign of success.
If you are interested to see and to understand the details of X11 forwarding within your session you can try with lsof -i -P|grep ssh.
1.make sure that during ssh -X root#server you have root permission.
2.update the /etc/ssh/sshd_config and make sure this line is uncommented
X11Forwarding yes
3.systemctl restart sshd
4.exit from server
5.ssh -X root#server
6.virt-manager
In my case, as superuser, editing /etc/ssh/sshd_config on the remote host and changing the following line fixed it.
From
#X11Forwarding no
to
X11Forwarding yes
Then: pkill -HUP sshd on the remote host to make sshd reload its config, which also closes the sshd session.
After X11 forwarding suddenly stopped working after no other changes than moving the ssh server to another wifi, I followed the answer to this seemingly completely different question and it worked.
In other words, it seems the solution for me was to specify AddressFamily inet in /etc/ssh/sshd_config.

Greenplum Security: How do i setup Password-less Login: Windows (via Putty) to Linux(greenplum master machine-centos6.5) in gpdb cluster

We have small array of GPDB Cluster. We have recently upgraded the GPDB and configured the GCC web portal. In that, we noticed Our machines is still showing password at the time of SSH .
We tried following Document commands on greenplum machine:
http://www.servermom.org/passwordless-ssh-login/1608/
Unable to get passwordless SSH at root user from windows to linux machine.
Though,We have ability to do passwordless SSH from Linux to linux machine in gpdb cluster.
Trying to secure shell for greenplum from windows to linux:
Password-less Login: Windows (via Putty) to Linux(greenplum)
Is there any standard way or steps to perform Login via SSH without prompt of password. and from which user should we need to perform all these activities.
Any Help on it would be much appreciated ?
Thanks for asking this question, I never thought of this..
Here is what I did and It worked for me.
Open Putty Key Generator
Generated Key and copy it into .ssh/authorized_keys (Make sure you are copying complete key)
chmod -R 700 .ssh/
Save public and private keys (See Image)
Now open putty and provide user#hostname
In Category goto Connection > SSH > Auth and load private key (.ppk file) you have saved from Putty Key Generator
- Save the session and open
A couple things to watch out for:
~gpadmin/.ssh directory and ~gpadmin/.ssh/authorized_keys should have 700 and 600 permissions, respectively:
$ ls -lda ~gpadmin/.ssh
drwx------ 15 gpadmin gpadmin 510 May 27 11:43 /home/gpadmin/.ssh
$ ls -l ~gpadmin/.ssh/authorized_keys
-rw------- 1 gpadmin gpadmin 4496 Dec 2 11:12 /home/gpadmin/.ssh/authorized_keys
When you connect with Putty, try enabling verbose output to be sure it is using the matching private key for the public key you've added to the Greenplum authorized_keys file.
You can also look in the /var/log/secure log file to see what the Greenplum server's SSHD process is doing for more clues.

Cant connect to FTP with newly created account

I am trying to connect to a new user account I created via SSH with the command
useradd -s /bin/false -d /home/username james
I added/edited the password via SSH with the command
passwd james
When trying to connect to my server using this user and pass via FileZilla I get the following error messages.
Response: 331 User James OK. Password required
Command: PASS *****
Response: 530 Login authentication failed
Error: Critical error
Error: Could not connect to server
When I try to login with this user/pass through SFTP I get the following error messages
Status: Connected to domain.com
Error: Connection closed by server with exitcode 1
Error: Could not connect to server
Either way it seems it doesn't allow me to use this newuser anywhere.
My server details
Linux 2.6.18-308.11.1.el5 GNU/Linux
(Red Hat 4.1.2-52)
Centos
Regarding FTP, the FTP server commonly used on Linux systems requires users to have a shell that's listed in the file /etc/shells. For example, this online ftpd man page says that, among other things, "The user must have a standard shell returned by getusershell(3).". The page for getusershell() shows that it reads shells from /etc/shells.
You could probably make FTP work adding /bin/false to /etc/shells. Your Linux system might have a more suitable shell available, like /usr/sbin/nologin.
Regarding SFTP, the ssh server normally provides SFTP service by by invoking a program called sftp-server. If you examine the server's sshd_config file, you'll probably find a line like this:
Subsystem sftp /usr/lib/openssh/sftp-server
sshd runs the subsystem program as a shell command, using the user's shell. If you set the user's shell to /bin/false, then sshd ends up running the command:
/bin/false -c /usr/lib/openssh/sftp-server
/bin/false ignores its command-line arguments and exits with code 1, so the SFTP client's session drops immediately after it starts.
sshd has an internal SFTP server component that can be used instead of the external program. The usual way of limiting SSH access to SFTP for some users is to set up a Match group within sshd_config, forcing the internal-sftp command for certain classes of users. Here are a couple examples of that:
http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP#SFTP-only_Accounts
https://serverfault.com/questions/354615/allow-sftp-but-disallow-ssh
Dont use "-s /bin/false". Use "-s /sbin/nologin" instead and it should be fine.
Make sure your account password hasn't expired. Mine did, and Filezilla exited with error code 1.
After logging onto the server and updating the account password (prompted immediately after connecting), I am now able to connect with SFTP & Filezilla.
Probably is a password related issue, check account
chage -l <user>
account must not be expired.
FTP doesn't allow /usr/sbin/nologin user
Response: 220 Welcome to the Scent Library's File Service.
Command: USER ftpuser
Response: 331 Please specify the password.
Command: PASS ******
Response: 530 Login incorrect.
filezilla 530 error - but password is correct
vsftpd: 530 Login incorrect
530 Login or password incorrect!
How can I connect via FTP using FileZilla? I get a 530 error.
Response: 220 Welcome to Test FTP service.
Command: USER ftpuser
Response: 331 Please specify the password.
Command: PASS ******
Response: 530 Login incorrect.
Error: Critical error
Error: Could not connect to server
Change user's shell
usermod -s /usr/sbin/nologin username
Then edit "/etc/shells" file and add this line
/usr/sbin/nologin
In order to connect to the server using ftp, you also need to run a ftp server / service or daemon.
An example of such ftp server is "vsftpd"
After installing it, you will also need to configure it and allow anonymous ftp access or ftp access to existing users
You will find the configuration file in the path "/etc/vsftpd/vsftpd.conf"
The below link might be useful for you --
https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-centos-6--2

Using Psexec with Windows Server 2003

I'm trying to run a psexec command to a remote Windows Server 2003 machine. I run the following command:
psexec \machinename perfmon.msc -u machineadmin -p adminpassword -i -s
The -i and -s flags will allow me to run the GUI for perfmon.msc on the remote machine's desktop interactively.
I get the following error when I try to run the above command:
Couldn't Access machinename
Access denied
I'm using psexec version 1.94 and I'm certain that the machinename, user, and password are correct. Does anyone know if there are known issues with psexec on Windows Server 2003 and whether or not there is a fix?
[This question would be better fit for ServerFault.com, but nevertheless...]
A few suggestions:
Use two slashes before the machinename e.g. \\machinename (maybe that's what you meant the StackOverflow escaped the backslash)
*.MSC files are not usually directly executable remotely--you'll want to give the path to "c:\WINDOWS\system32\mmc.exe" and then the parameters
All parameters for psexec should go before the remote program and its parameters.
Is there really a reason to run the process as the System account ('-s') instead of just Administrator?
All together, it should look something like this:
psexec \\machinename -i -u machineadmin -p adminpassword "c:\WINDOWS\system32\mmc.exe" "perfmon.msc"
Are you connecting as an admin to the remote machine? The error says 'access denied'. You may not have the necessary privileges. Try connecting as an admin.

Resources