I'm writing a cron job that uses rsync and ssh to sync things up, but the problem is, rsync requires password when connecting to the remote server. i need to save the rsync ssh password, so it can keep syncing without asking for the password. Is there any way to do that? or is it just impossible?
Use Generate the authentication key
http://www.debian-administration.org/article/SSH_with_authentication_key_instead_of_password
You can follow these steps to get your task done. Use commands mentioned below.
Step 1) You can use ssh-keygen -t rsa to generate RSA public key.
Step 2) ssh-copy-id -i /root/.ssh/id_rsa.pub user#destination_IP_address
( This copies the public key to remote machine , now your local machine knows your remote machine.)
( Note: make sure you are using appropriate "user" across machines. )
Related
I've got a private Github repo I want to access from two different Linux machines using the same set of ssh keys
For the first machine, I followed Github's instructions for generating SSH keys, and added the resulting public key to Github. This client works fine.
i uplaoded both my private and public key in GitHub gists to easily wget it on second client
In the second machine , I downloaded the the private and public key to the necessary directory and gave relevant permissions.
wget -O /root/.ssh/id_rsa.pub URL(RAW)
wget -O /root/.ssh/id_rsa URL(RAW)
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa.pub
I thought this might be all I had to do, but when I try to connect i get the following error
root#InstanceIDInHexa:~# ssh -T git#github.com
The authenticity of host 'github.com (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is SHA256:RandomStringOfAlphaNumericCharacters.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
Load key "/root/.ssh/id_rsa": invalid format
git#github.com: Permission denied (publickey).
root#InstanceIDInHexa:~#
I also checked the content and permissions of all the files and it looks good
cat /root/.ssh/id_rsa
cat /root/.ssh/id_rsa.pub
stat -c "%a" /root/.ssh
stat -c "%a" /root/.ssh/id_rsa
stat -c "%a" /root/.ssh/id_rsa.pub
is there something i am missing here ?
First of all, the best practice is to have one key per user per machine. That's the most secure approach, because it means you can remove access from one machine independent from the other, such as if one machine is lost or stolen.
However, having said that, if you really want to do this and want to ignore best practices, you can copy the id_rsa and id_rsa.pub files to a different machine, and that should work. However, in this case, you generated the key on a newer machine which uses a different private key format or a more modern encryption algorithm for encrypting it then the older machine. The default encryption for older RSA keys, the PKCS #1 format, tends to leave a lot to be desired and isn't very secure.
The easiest, simplest way to solve this problem is to generate a new Ed25519 key pair because those always use the OpenSSH format, and you can do that with ssh-keygen -t ed25519. If you want to then copy it, the files are ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub. This is also the most preferred key format these days, but if you're using something ancient like CentOS 6, then it may not be supported.
If you don't want to do that, then you can convert the existing private key using ssh-keygen -i and ssh-keygen -e to convert your private key to the appropriate format. This should be done on the newer machine, the one that generated the key. The manual page documents the options and formats supported. You can use file on that machine to find out the format that the private key is in.
When spinning up a linux virtual machine, I have chosen the authentication type as password. Now I want to change to ssh. How to achieve this?
Thanks
You can use Azure portal to reset password, like this:
If you want to change authentication type, you can follow this steps:
1. Create an SSH key pair
ssh-keygen -t rsa -b 2048
2. rename id_rsa.put to authorized_keys
mv /home/user/.ssh/id_rsa.pub /home/user/.ssh/authorized_keys
3.Copy id_rsa to your local, then you can use this key to SSH it.
I want to transfer some files from my local to remote, like github does it. I want to happend it very smooth like in shell script. I tried creating one shell script which automates the process of ssh authentication without password but for first time it exposes my remote server password. I dont want to do it that way. Like in git we can't see their server password. Is there any possible way that we can do ?
I used this article script to automate ssh login. http://www.techpaste.com/2013/04/shell-script-automate-ssh-key-transfer-hosts-linux/
As i mentioned, you can use the scp command, like this:
scp /local_dir/some*.xml remote_user#remote_machine:/var/www/html
This requires that you need connect to the remote machine without password, only with ssh key-authentication.
Here is a link: http://linuxproblem.org/art_9.html to help you.
The important steps: (automatic login from host A / user a to Host B / user b.)
a#A:~> ssh-keygen -t rsa
a#A:~> ssh b#B mkdir -p .ssh
a#A:~> cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
i need to make passwordless login for same linux server with same user.
[airwide#eir ~]$ hostname -i
10.3.7.73
[airwide#eir ~]$ ssh airwide#10.3.7.73
airwide#10.3.7.73's password:
how can make to passwordless for same server?
Password-free login via SSH is managed using SSH keys. You can generate a keypair using the command ssh-keygen. The ssh keypair is usually stored in ~/.ssh in a pair of files named id_rsa and id_rsa.pub. When you use SSH to connect to a server, the SSH command will look for a private key in ~/.ssh/id_rsa, and will attempt to authenticate using that key. In order to authorize the key, you will need to place the public key into your authorized_keys file:
`cat ~/./ssh/id_rsa.pub >> ~/.ssh/authorized_keys`
Once you've done that, you will be able to use SSH to connect without a password from the server where the id_rsa file is to the server that has the content of id_rsa.pub in its authorized_keys file. (You can do this for same-server, as in your question, or between multiple servers. Either way, it's the same process.)
Add server's private key in known host key under .ssh folder.
You are looking for ssh keys. You can create one by entering ssh-keygen. This wil create a public key and a private key. You place the public key on the remote server, and then you can use SSH without a password.
More details, and howto:
https://wiki.archlinux.org/index.php/SSH_keys
How do you setup server to server SFTP to use public-key authentication instead of user account and password?
In the client you need to generate its public key and add it to server's authorized key list.
The following are the commands you can use.
On client machine
ssh-keygen -t dsa -f id_dsa
mv id_dsa* ~/.ssh/
scp ~/.ssh/id_dsa.pub USER_NAME#SERVER:~/.ssh/HOST_NAME.key
On the server
cat ~/.ssh/HOST_NAME.key >> ~/.ssh/authorized_keys2
Remember to
chmod 700 .ssh
and also
chmod 600 authorized_keys
This is a solution for windows users
I had a similar issue on windows so I used Putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
If you need to generate a public key then use:
http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe
Then, when you want to automate a batch to download from the FTP server the Pageant in order to load the private key into session
http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe
Then use the PSFTP to connect and perform actions
http://the.earth.li/~sgtatham/putty/latest/x86/psftp.exe
So here is sample code for the batch:
!--Loading the key to session--!
#C:\pageant.exe "C:\privatekey.ppk"
!--Calling the PSFTP.exe with the uaser and sftp address + command list file--!
#C:\psftp user#your.server.address -b C:\sftp_cmd.txt
Command list file (sftp_cmd.txt) will like like this:
mget "*.*" !--downloading every thing
!--more commands can follow here
close
Now, all you need to to schedule it in scheduled tasks
*I wish it was simple as unix's cron job....