Every time I try to push anything to GitHub it asks me the address git#github.com:... and after that it wants the passphrase. Is there a way to automate this?
I am using Linux Ubuntu.
You can use ssh-agent to remember your passphrase (Gnome automatically runs this for you, normally...).
$ ssh-agent bash
$ ssh-add
Enter passphrase for /home/elyobo/.ssh/id_rsa:
Identity added: /home/elyobo/.ssh/id_rsa (/home/elyobo/.ssh/id_rsa)
From now on, from within the terminal that you run this, your pass phrase will be remembered.
Ideally you'd get it working automatically, so all shells running within gnome would work; check out Gnome Keyring.
It is because you are using HTTPS (something like https://github.com/felipelalli/private.git) instead SSH (something like git#github.com:felipelalli/private.git).
If need to clone the SSH and then authorize your machine following theses steps: https://help.github.com/articles/generating-ssh-keys
Another way to use the ssh-agent and ssh-add commands to add your private identity to the authentication agent.
$ eval "$(ssh-agent -s)"
Agent pid 1174
$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/james/.ssh/id_rsa:
Identity added: /home/james/.ssh/id_rsa (/home/james/.ssh/id_rsa)
Related
I am writing the script to ssh the server.
I have the server which require the verification code and password login, and I want the script can login the server and run some script on server every day (crontab).
I only have the access on the server and I cannot the right to setup the crontab on the server.
So i want to setup the crontab and script on my own server to do.
(If i cannot run the script on server, at least I want to login my server via one line command.)
Currnet Flow
user ~% ssh xxxx#example.com
The authenticity of host 'example.com' can't be established.
RSA key fingerprint is SHA256?[yyyyyyyyyyyyyyyyyyy].
Are you sure you want to continue connecting (yes/no/[fingerprint])? (yes)
Verification code: (input)
Password: (input)
xxxx$ ./a.sh
I write the command below
print "(verification code)\n(pwd)\n" | ssh -t -t xxxx#example.com
I think that this command will pass "the code , enter, the password" to the ssh and perform the one line command login.
However the output is
Verification code: | (cursor)
Any one can help me how to fix this (let the script auto press enter) ??
Use 'sshpass', for example:
sshpass -p <password> ssh <username>#<remote-address> ./a.sh
First, I don't have an answer if "verification code and password login" is the only authentication option setup in the server.
Since you have not mention key based authentication in your question, I would suggest investigating whether it is an option.
Use this to generate private/public keys for the machine sending the command:
ssh-keygen -t rsa
That would normally create the keys in ~/.ssh (id_rsa and id_rsa.pub).
Then, use this to authorise login on the server:
ssh-copy-id xxxx#example.com
That would add your public key (~/.ssh/id_rsa.pub) to ~/.ssh/authorized_keys in the server.
How can you make SSH read the password from stdin, which it doesn't do by default?
based on this post you can do:
Create a command which open a ssh session using SSH_ASKPASS (seek SSH_ASKPASS on man ssh)
$ cat > ssh_session <<EOF
export SSH_ASKPASS="/path/to/script_returning_pass"
setsid ssh "your_user"#"your_host"
EOF
NOTE: To avoid ssh to try to ask on tty we use setsid
Create a script which returns your password (note echo "echo)
$ echo "echo your_ssh_password" > /path/to/script_returning_pass
Make them executable
$ chmod +x ssh_session
$ chmod +x /path/to/script_returning_pass
try it
$ ./ssh_session
Keep in mind that ssh stands for secure shell, and if you store your user, host and password in plain text files you are misleading the tool an creating a possible security gap
You can use sshpass which is for example in the offical debian repositories. Example:
$ apt-get install sshpass
$ sshpass -p 'password' ssh username#server
You can't with most SSH clients. You can work around it with by using SSH API's, like Paramiko for Python. Be careful not to overrule all security policies.
Distilling this answer leaves a simple and generic script:
#!/bin/bash
[[ $1 =~ password: ]] && cat || SSH_ASKPASS="$0" DISPLAY=nothing:0 exec setsid "$#"
Save it as pass, do a chmod +x pass and then use it like this:
$ echo mypass | pass ssh user#host ...
If its first argument contains password: then it passes its input to its output (cat) otherwise it launches whatver was presented after setting itself as the SSH_ASKPASS program.
When ssh encounters both SSH_ASKPASS AND DISPLAY set, it will launch the program referred to by SSH_ASKPASS, passing it the prompt user#host's password:
An old post reviving...
I found this one while looking for a solution to the exact same problem, I found something and I hope someone will one day find it useful:
Install ssh-askpass program (apt-get, yum ...)
Set the SSH_ASKPASS variable (export SSH_ASKPASS=/usr/bin/ssh-askpass)
From a terminal open a new ssh connection without an undefined TERMINAL variable (setsid ssh user#host)
This looks simple enough to be secure but did not check yet (just using in a local secure context).
Here we are.
FreeBSD mailing list recommends the expect library.
If you need a programmatic ssh login, you really ought to be using public key logins, however -- obviously there are a lot fewer security holes this way as compared to using an external library to pass a password through stdin.
a better sshpass alternative is :
https://github.com/clarkwang/passh
I got problems with sshpass, if ssh server is not added to my known_hosts sshpass will not show me any message, passh do not have this problem.
I'm not sure the reason you need this functionality but it seems you can get this behavior with ssh-keygen.
It allows you to login to a server without using a password by having a private RSA key on your computer and a public RSA key on the server.
http://www.linuxproblem.org/art_9.html
Perhaps the answer to this question is that it is not possible but hopefully someone knows how to get around this issue. In the past, before the admins configured Kerberos in our school machines I was able to create ssh keys for several purposes. The way this was done was via the ~/.ssh/config file in my machine and the ~/.ssh/authorized_keys in the server. An example of my ssh config file goes as follows
Host sayHI
IdentityFile path/to/sayHiPrivateKey
HostName servername
User myusername
Host sayHey
IdentityFile path/to/sayHeyPrivateKey
HostName servername
User myusername
Then in the authorized_keys file I would have
command="echo hi" ssh-rsa sayHiPublicKeyLONGSTRING....
command="echo hey" ssh-rsa sayHeyPublicKeyLONGSTRING....
ssh-rsa otherkeysformypasswordlessentry
With this setup I could do something like
$ ssh sayHI
hi
$ ssh sayHey
hey
Unfortunately, this has now stopped since we are now using Kerberos to authenticate every day. What this means is that now I have do
$ kinit username#SERVERNAME
Once I put in my password I can use ssh as follows:
$ ssh -K username#hostname
and now I have access. If I do
$ ssh sayHi
this will not work since it asks for my password. If I do
$ ssh -K sayHi
this logs me in but it completely ignores the fact that this was supposed to use an identity so that I can run the command echo hi. Instead it just uses the kerberos credentials and logs me in. So now that I have explain the functionality that I once had, does anyone know if it is possible to recover this using kerberos and ssh? The multiple identities files was useful specially if you wanted to let a friend run a command on your behalf without giving them your password (http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch08_02.htm). I really hope this is still possible somehow. Thanks in advance.
It depends if the server still accepts pubkey authentication or not (it looks like it does not, otherwise the kerberos authentication wouldn't make any sense).
Depending on the vendor of the OS, there might be possible to set up .k5login, but it will probably not solve the issue. Better way to differentiate between the commands would be using some alias on your client:
alias sayHi="ssh -K host echo Hi"
alias sayHello="ssh -K host echo Hello"
in your ~/.bashrc.
I want to transfer some files from my local to remote, like github does it. I want to happend it very smooth like in shell script. I tried creating one shell script which automates the process of ssh authentication without password but for first time it exposes my remote server password. I dont want to do it that way. Like in git we can't see their server password. Is there any possible way that we can do ?
I used this article script to automate ssh login. http://www.techpaste.com/2013/04/shell-script-automate-ssh-key-transfer-hosts-linux/
As i mentioned, you can use the scp command, like this:
scp /local_dir/some*.xml remote_user#remote_machine:/var/www/html
This requires that you need connect to the remote machine without password, only with ssh key-authentication.
Here is a link: http://linuxproblem.org/art_9.html to help you.
The important steps: (automatic login from host A / user a to Host B / user b.)
a#A:~> ssh-keygen -t rsa
a#A:~> ssh b#B mkdir -p .ssh
a#A:~> cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
I was referring to http://www.mtu.net/~engstrom/ssh-agent.php
My public key is listed under ~/.ssh/authorized_keys at remote1. During SSH login connect,
it's working fine(loaded my private key under connection-Auth), it asked for passphrase which I provided then login is successful.
But when switching between servers like from remote2, do SSH remote1, it would ask for a password. Trying to set up SSH agent forwarding according to that site but was to no avail...ssh-add never prompts me for private-key-passphrase or was it wrong what i was doing trying to follow the process described?
I basically did
$ eval ssh-agent
$ ssh-add (some do ssh-add ~/.ssh/id_rsa--> wonder wat id_rsa is referring to as I only have the auth_keys file under .ssh)
Saw some resources described to do chmod 600 ~/.ssh/authorized_keys, but not sure if that's applicable to my case.
ssh-agent wrap another command, you can for example wrap a shell
ssh-agent bash
Then, in that shell, you need to add your private key, and type your passphrase :
ssh-add /path/to/your/private/key # (by default : ~/.ssh/id_rsa)
Then, when you use ssh to connect, add the -A option :
ssh -A user#remote1
That's it, your key is forwarded, you can see it if you type (on remote1) :
ssh-add -L
You can now connect to your remote2, using that private key.
Be careful when you use ssh forwarding. Anyone with root access on remote1 could use your identity to connect on remote2 while you are connected.
I am pretty sure that ~/.ssh/authorized_keys must always be chmod 600. This is a sensitive file that must be protected.