I am trying to install the Rhino Security Labs CloudGoat on my AWS Ubuntu 18.04 LTS Free-tier EC2 instance. I followed the directions for setting up an admin user and configuring the AWS CLI and also set up terraform v0.12 per the directions in the linked sites and the directions on GitHub. I also configured my instance's security group to allow All traffic.
However, when I run the git clone command I get "Permission denied" error. See below for full output:
sudo git clone git#github.com:RhinoSecurityLabs/cloudgoat.git ./CloudGoat
Cloning into './CloudGoat'...
The authenticity of host 'github.com (<ipv4>)' can't be established.
RSA key fingerprint is SHA256:<RSA key fingerprint>.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,<ipv4>' (RSA) to the list of known hosts.
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Do I need to associate an SSH key on GitHub to my account and if so how do I do that? I'm not sure what else to try at this point. Thanks.
This is because you don't have SSH Keys on EC2 that can authenticate your requests to Github. I encountered the same error when I was installing Cloudgoat on my personal machine (not EC2), and it worked when I setup my SSH keys (generate and add it to my git profile).
You will probably need to do the same with EC2 - Generate a key pair on EC2 and add the public key to your git profile.
Related
Currently I am facing a problem with git clone a repo using SSH. I had set up my SSH Key and inserted it into GitLab. However still it does not work out.
Permission denied as like below:
And another problem is the fingerprint generated above is different from the one that is generated in Gitlab as shown below:
Hope if anyone could help. Had been troubleshooting this for a few days.
I tried to delete the .ssh folder and regenerate new key and did everything the same again but turn out to be the same, Permission denied and fingerprint is never matching.
I am using OpenSSH and OS: Windows 11 for this problem. I had also tried ssh -Tvvv <username#server> , ssh <username#server>, ssh -Tv <username#server> to verify whether if I am connected but the same permission denied.
As commented, the server fingerprint (for the ~/.ssh/known_hosts) differs from the public key fingerprint.
For the latter, test it with ssh -Tv git#gitlab.com, and check your private key is used.
If your private key does not have a default name (like id_rsa), you would need a ~/.ssh/config to reference your key.
Host gl
Hostname gitlab.com
User git
IdentityFile ~/.ssh/myKey
And ssh -Tv gl for testing.
I've created GIT repo at my account of shared hosting via cPanel. Then I've installed Git to my local PC with Windows, right-clicked local repo folder and selected the command "Git Bash Here". Next I've run in CMD the command like
git clone ssh://user123#example.com/home/user123/public_html/repo
First I've received
The authenticity of host 'example.com (...)' can't be established.
ED25519 key fingerprint is SHA256:...
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
I've typed "yes" and received the error
Warning: Permanently added 'example.com' (ED25519) to the list of known hosts.
user123#example.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Next I've copy-pasted the file id_rsa from the folder .ssh at my hosting to my local folder C:/Users/MyUserName/.ssh
Now if I run the command of cloning I receive
Enter passphrase for key '/c/Users/MyUserName/.ssh/id_rsa':
Why? What is the passphrase and where can I get it?
The pass-phrase is the password(s) you used when you created the ssh keys. You must use those password(s) to unlock access to the ssh keys.
Note that the warnings (about whether the host is known or not) are just that: warnings. The first time you connect to some other system, your ssh software checks the identity message that comes from that host. But there's nothing to check against, so you get the warnings. After that, the identity is saved, so the second, third, etc., times that you connect to the host, your ssh makes sure it identifies itself the same way. (This is a fancied-up variant of having the host tell you its password, which you then check to make sure you're still talking to the same guy.)
Of course, the host doesn't know whether the guy claiming to be you is really you, so the host demands that you provide your password. Your "password" in this case is your ssh key ... and your ssh key is protected with another password (or rather, "pass phrase": you can use multiple words). So you give your machine your "get me the password" pass-phrase, after which your machine gets the password to give to their host.
I'm trying to connect to my server where I have Magento installed.
I loaded the key on my windows cmd with ssh-add, and then connected with:
ssh -pPORT user#server
and I get:
Permission denied (publickey).
How can I fix this? I can't run chmod 600 on windows and already checked the permissions on the key file and are 'full control'
A permission denied, as commented, means SSH does connect, but does not find the right public key to validate the private one used locally.
Try ssh -Tv -pPORT user#server to see what key is used locally.
Then make sure your public key is copied to the remote server, in ~user/.ssh/id_rsa.pub (replace "user" by the actual user account name you need in your case)
This error usually means your key hasn't been added to the authorized keys list on the host machine. You can either manually add the public key to the server, or use the following command from the machine you're using to connect to the server.
ssh-copy-id -pPORT user#server
This will require you to enter the users password first time, but will then copy your public key onto the host/server to allow key based authentication next time you login.
I have a created a bare repository in C drive and I'm trying to clone the same in D drive by issuing the below command (in windows machine)
git clone Username#Ip_address_of_my_machine:C:/path_to_the_git_repo
but I'm unable clone it as it comes up with the error
"Cloning into 'git_repos'...
ssh: connect to host 192.168.0.5 port 22: Connection refused
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists."
I have installed CopSSH and set up id_rsa.pub keys and authorized key.
as mentioned in on github.
Is this problem is because of the dynamic IP address of my PC which is getting from the service provider? or what else is missing here?
I have tried the same in my office PC with same settings and installation, it works well with above git clone command, The difference is office PC has static IP but #home it is dynamic IP
Skip the ssh part as this is on the same machine. So from where you want the project to be in the D drive:
git clone C:/path_to_the_git_repo
I was wondering how to set up filezilla or how to upload files to my ec2 server. everytime i try to set up filezilla it says:
Error: Disconnected: No supported authentication methods available (server sent: publickey)
Error: Could not connect to server
and i have to go to downloads folder and login with ssh -i key.pem user#ipaddress every time i want to have access since my mac wont automatically ssh from anywhere since i cant import it into my keychain.
According to the FileZilla Docs, it should be possible:
FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set.
Here is a documentation on how to set up ssh agent.
However I personally use Cyberduck as an SFTP client. When creating a new connection there, you can simply check "Use public key authorization" and give the path to your key file. Should be easier to set up.
you can use sshfs to fuse the ec2 instance directory to your local folder.
So, you have to do following steps :
install sshfs on your mac.
put you mac id_rsa.pub key inside authorized keys in .ssh/ folder of ec2 instance . this will allow you to mount ec2 directory to local folder. Also, this will allow you to ssh to ec2 instance without using key.pem.
mount the ec2 instance using following command :
sshfs ubuntu#ec2-xx-xx-xx-xxx.compute-1.amazonaws.com: /<your new folder location>
4. don't forget to give your folders write permissions , so that you can edit them remotely.
Hope it helps.