Im writing a shell script to use the scp command (ssh) to transfer a file across to a computer. This obviously is password protected is there a way on either end to either...disable the password or to auto complete the password for the customer?
This out of pure convience and I have no idea if it is possible (im fairly new to linux), any help or pointers would be appreciated.
Thanks in advance
You can generate a pair of RSA/DSA keys (public and private). In your terminal:
$ ssh-keygen
It will generate a pair of files:
Private key: .ssh/id_dsa
Public key: .ssh/id_dsa.pub
Then, if you have access to remote host, you can add your public key to .ssh/authorized_keys file. In your remote host, copy the public key and use the following command:
cat id_dsa.pub >> .ssh/authorized_keys
You should you public key identification if you have access to SSH keys on both machines.
have a look at ssh keys. github has a nice intro
Related
I want to verify that my SSH key in github matches the local file on my computer.
The github key seems to be SHA256, encoded in base64, but my local key, encoded with this command doesn't seem to match it.
$ cat ~/.ssh/github.pub | sha256sum | base64
Is there a better way to achieve what I'm trying to do?
An SSH public key in OpenSSH format contains two or three parts, separated by spaces:
The algorithm name.
A base64-encoded SSH public key in protocol format.
An optional comment.
The fingerprint of an SSH key is the base64-encoded SHA-256 hash of the raw public key (that is, without the base64 encoding). You can script this, but fortunately, there's an easy way to find it out using ssh-keygen:
$ ssh-keygen -l -f ~/.ssh/id_ed25519.pub
You can change the file name for the public key to the appropriate one on your system. On my system, the output looks like this:
256 SHA256:E59Xzh/fsZKkCEL46kTLbPFGXyIodA+ntsQL0JWmq9Y bmc#camp (ED25519)
The fingerprint is the second piece.
A simple way to test that they match is by authenticating by ssh in the command line.
After setting up your ssh-key, type:
ssh -T git#github.com
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection
This one will use only the key supplied in -i for auth:
ssh -i ~/.ssh/github -o IdentityAgent=none -T git#github.com
I generated the SSH key using the command: $ ssh-keygen, It prompted for a filename and phrase, which I provided and generated the corresponding file. Then from github.com I added the SSH key from settings>SSH and GPG keys where I pasted the key in the generated file. Then I hit the command $ ssh -T git#github.com in the terminal which gave me a :Permission denied (publickey). message. What does this message mean and why am I getting this? Previously I didn't have trouble with this.
where I pasted the key in the generated file.
Make sure it was:
the id_rsa.pub file, meaning the public key (not the private one)
the public key pasted as one continuous line (not multiple lines)
Check also you have added your private key to the ssh-agent. (in order to not enter the passphrase every time)
I can SSH into the EC2 instance:
ssh -i "my_key.pem" ec2-user#my-public-ip
However, scp doesn't work:
scp -r –i "my_key.pem" ./my_file ec2-user#my-public-ip:/home/ec2-user/my_file
Permission denied (publickey).
lost connection
I've also tried using public instance DNS, but nothing changes.
Any idea why is this happening and how to solve it?
The only way for this to happen is the private key mykey.pem is not found in the current directory. It is possible you tried ssh from a directory different than scp.
Try the following with full path to your key:
scp -r –i /path/to/my_key.pem ./my_file ec2-user#my-public-ip:/home/ec2-user/my_file
If it fails, post the output with -v option. It will tell you exactly where the problem is
scp -v -r –i /path/to/my_key.pem ./my_file ec2-user#my-public-ip:/home/ec2-user/my_file
I am bit late but this might be help full to someone.
Do not use the /home/ec2-user. Rather directly use the file name or folder name
E.g. the following command will put your my_file at the home folder (i.e. /home/ec2-user)
scp -r –i "my_key.pem" ./my_file ec2-user#my-public-ip:my_file
Or Say if you have a folder at /home/ect-user/my_data
Then use the following command to copy your file to the folder
scp -r –i "my_key.pem" ./my_file ec2-user#my-public-ip:my_data
Stupidly late addendum:
To avoid specifying the private key every time, just add to the .ssh/config file (create it if not already there) the following (without comments):
Host testserver // a memorable alias
Hostname 12.34.56.67 // your server ip
User ec2-user // user to connect
IdentityFile /path/to/key.pem // path to the private key
PasswordAuthentication no
Then a simple ssh testserver should work from anywhere (and consequently your scp too).
I use it to connect with Vim via scp using:
vim scp://testserver/relative/file/path
or
vim scp://testserver//absolute/file/path
and
vim scp://testserver/relative/dir/path/ (note the trailing slash)
to respectively edit files and browse folders directly from local (thus using my precious .vimrc <3 configuration).
Solution found here
Hope this helps! :)
I was facing this issue today and found solution for me (not elegant but one which worked). - this solution is good if you want to download something once and rollback all settings afterwards.
Solution:
When I specified -v option while using scp I noticed the certificate is being denied for some reason so I went to /etc/ssh/sshd_config and set PasswordAuthentication yes. Then I used systemctl restart sshd.
After this procedure I went to my local machine and used:
scp -v -r myname#VPC:/home/{user}/filename.txt path/on/local/machine
provided PWD and file transmission has been successful.
Hope this helps to someone :)
is there something wrong with this scp command ?
scp -C -i ./remoteServerKey.ppk -r /var/www/* root#192.168.0.15:/var/www
I use the same .ppk as in putty and enter the same passphrase, but it asks me 3 times and than says connection denied. I thought I used it before and it worked, but it isn´t atm.
If it is wrong, how should I do it ?
or you can also do ( for pem file )
scp -r -i file.pem user#192.10.10.10:/home/backup /home/user/Desktop/
Covert .ppk to id_rsa using tool PuttyGen, (http://mydailyfindingsit.blogspot.in/2015/08/create-keys-for-your-linux-machine.html) and
scp -C -i ./id_rsa -r /var/www/* root#192.168.0.15:/var/www
it should work !
Putty doesn't use openssh key files - there is a utility in putty suite to convert them.
edit: it is called puttygen
The command looks quite fine. Could you try to run -v (verbose mode) and then we can figure out what it is wrong on the authentication?
Also as mention in the other answer, maybe could be this issue - that you need to convert the keys (answered already here): How to convert SSH keypairs generated using PuttyGen(Windows) into key-pairs used by ssh-agent and KeyChain(Linux) OR http://winscp.net/eng/docs/ui_puttygen (depending what you need)
I have created lately in Windows ssh key - so I have .ppk file. Converted it also to openssh.
In windows I have been using tortoise with pageant to connect to svn+ssh server. Now I want to switch to linux. How can I connect to svn+ssh with this key .ppk or opessh file. I would like to use PagaVCS or RabbitVCS but it keeps asking me for login and password which obviously I don't have because I have only this openssh or .ppk file. Anyone could help??
Use puttygen to convert the key to openssh format. It is for example described here: http://leadingedgescripts.co.uk/server-administration/how-to-convert-your-putty-ppk-private-key-to-a-normal-ssh-key-you-can-use-on-an-apple-mac/
Unfortunately no experience with either Rabbit or the other one. In *nix environment I would create $HOME/.ssh/config and write something like that:
Host host
User user
IdentityFile /path/to/your/key
And then use svn+ssh://host/directory (ssh then takes configuration information from the .ssh/config file). Maybe something like can be done with one of the VCS's?
As last (or first in my case) resort I'd use cygwin or mingw and configure ssh access there - and then configure the tools to use ssh coming from these packages.
Puttygen exports private keys DES encoded, which causes some software (e.g. OpenSSH on Ubuntu) to silently ignore the key and prompt for password.
To use PuTTY .ppk key in linux OpenSSH, first export the key:
Start puttygen
File -> Loadprivate key
Conversions -> Export OpenSSH key (private.key in this example)
Now, on the linux machine, re-encrypt the key using passphrase change command:
ssh-keygen -pf private.key
Enter the same passphrase 3 times (old, new, new) to actually not change it.
Now you can check the key file that DEK-Info: changed from something like DES-EDE3-CBC,F1785C4B846C781F to AES-128-CBC,916627D6328608175FA4545928372EA3.
The client application should not promt you for password anymore.
I am sure the answer for this was online but I can't seem to find it anywhere any more so here it is from beginning to end including the conversion you say you've done:
Open puttygen on Windows.
Load your private key (name.ppk) using the passphrase if needed.
Go to 'Conversions' -> 'Export OpenSSH Key' and save it as (I'll assume you called it 'fileName').
Copy this key into your home directory on Linux.
Open a terminal and move it to the .ssh directory with the command 'mv fileName .ssh/' (~/.ssh is hidden in the gui but it's there).
Navigate to the .ssh dir with 'cd .ssh'
Cat the file into a new file called id_rsa with the command 'cat fileName > id_rsa'.
Change the permissions on id_rsa to 600 with the command 'chmod 600 id_rsa'.
Finally make sure the .ssh directory has its permissions set to 700 'cd ..' to drop to the home directory and 'chmod 700 .ssh' to set permissions.
This should do it.
There must be better info out there but this link has some stuff you might find interesting, particularly the bit about permission http://www.lamolabs.org/blog/6241/one-liner-working-with-ssh-keygen-ssh-key-pair-files/