We installed OpenSSH using github on a Windows Server 2016. Everything works great except passwordless login. Here's the scenario:
Domain-joined CentOS server trying to SSH into Domain-joined Windows Server 2016 with OpenSSH using domain credentials.
On Centos server:
log in with domain user "user"
ssh-keygen -t rsa
key saved in /home/user/.ssh/id_rsa
On Windows Server
Copy id_rsa.pub entry from Centos server into "authorized_keys" file for user on Windows box (C:\Users\User\.ssh\authorized_keys). Save the file.
On Centos Server:
while logged in as domain user "user"
ssh user#WindowsServer
accept into known_hosts
get prompted for password
In theory, we shouldn't get prompted for a password, but we do. Any ideas?
Related
I create 2 servers, windows and Linux. Linux is for ansible runner machine, windows as host machine.
Through the Linux ansible machine, login to host windows machine and install tools. In Linux ansible machine installed all tools, windows host machine is domain joined, but not for Linux. we don't have domain join for Linux. Now I'm trying to authenticate with Kerberos. I'm getting some errors.
Kerberos ref link I used: (user authentication process)
https://docs.ansible.com/ansible-tower/3.3.1/html/administration/kerberos_auth.html
see above screenshot, I added Kerberos config file, and run kinit command.
How to config Kerberos in ansible, Kerberos need VM domain join or not?
No active directory accounts to authenticate, only VM username and VM password. what is the process to config VM username and VM Password in Kerberos config file, and login to host machine.
Please help me on this.
For me your KDC is wrong.
You need to go on your windows host. Open a command line and enter the following command :
nslookup -type=srv _kerberos._tcp.WSUS.COM
Expected result :
priority = 0
weight = 100
port = 88
svr hostname = REALKDC
Change your KDC in krb5.conf by REALKDC.
And now your kinit command will work normally.
Don't forget to use a username which exist in your AD :
kinit myuser
I want to copy a folder from remote ubuntu to ec2-instance tried the below at remote ubuntu machine
scp -i </path/of/ec2_pemkey> -r <folder that I wanna copy> user#<ip of ec2>:/path/where/I wanna/copy
I copied my pem to remote and changed permissions chmod 400
error: connection timed out
The Connection Time out means that your local can't be able to reach the remote.
to debug :
Check if your remote machine authorize traffic from port 22 ( Security Group)
Check if You have the good public IP of your machine
If its was an error with your pem key or user (ubuntu) you will receive an access denied error.
From you comment, that means its was the IP of the machine missing or not good.
I missed adding ip address of my remote ubuntu machine to security groups of my ec2 instance. Once done, I was able to scp from remote ubuntu to ec2 instance.
Make sure security group type is SSH which enables port 22
We received the following error when connecting to the server:
WHEN CONNECTING AS "root" USER:
with Digitalocean droplet
Error Output
Server Disconnected
We had trouble connecting to your server. Typically, this means there is a problem with the SSH keys on the server. Or, your server may be prompting for a password when Forge attempts to SSH in as the root user.
Recently reset the root password? If you have recently reset your root password via the DigitalOcean control card, this will break Forge's access to your server. You must SSH into your server and set a new password for the root user.
We received the following error when connecting to the server:
WHEN CONNECTING AS "root" USER:
Please make sure that the following SSH key is placed in both the /home/forge/.ssh/authorized_keys file and the /root/.ssh/authorized_keys file on your server.
I am trying to ssh a bastion using pycharm PyCharm 2018.1 on a Windows 7 machine using putty.
I found some documentation to ssh a server and this work without any issues:
https://www.jetbrains.com/help/pycharm/tutorial-using-the-product-built-in-ssh-terminal-and-remote-ssh-external-tools.html
For the bastion server, it seems that pycharm doesn't allow such conection (in the config I only see login and server name as parameters). I tried to put in the putty configuration to the bastion server a tunnel to a localhost. On my window machine I see the port of my localhost.
The issue is that I don't manage to connect pycharm to the localhost. It expect a login and a pwd while I just have the localhost name.
I see in a post from last year that "if you are using a bastion host (also referred to as a jump host), you’ll be very happy to know that PyCharm 2017.3 supports SSH config files. Even on Windows."
https://blog.jetbrains.com/pycharm/2017/10/pycharm-2017-3-eap-5/
Any idea how to have it working either with the localhoast of using OpenSSH and SSH config file ?
The issue was the localhost.Using plink directly is working with no problem using same commands than regular ssh: plink.exe -L 9009:server:22 user#bastion. With Putty it doesn't work (first the IP was 0.0.0.0:port instead of 127.0.0.1:port even with the right port pycharm failed to connect with it work when I use plink directly).
This thread was helping: https://serverfault.com/questions/387772/ssh-reverse-port-forwarding-with-putty-how-to-specify-bind-address
I'd like to connect remotely to the Ubuntu bash on my Windows 10.
I've got an answer on port 22 but when it asks for username and password, it says access denied...
I've already created a user "root" and i've done a "sudo passwd root"
Windows firewall is deactivated (service stopped).
Thanks !
Stop ssh server and ssh broker services on Windows to avoid SSH port conflict
Makes below changes in /etc/ssh/sshd_config:
UsePrivilegeSeparation no
PasswordAuthentication yes
Then restart ssh server by sudo service ssh restart. If you see could not load host key error then create host key as below and restart ssh service:
sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -b 4096 -t rsa
First, You need to Stop/Disable Windows 10 SSH Server Broker Services or Change OpenSSH Port.
After that, modify the /etc/ssh/sshd_config:
UsePrivilegeSeparation no
PubkeyAuthentication no
PasswordAuthentication yes
I started having issues after installing VirtualBox with my Bash on Ubuntu on Windows SSH connection. I stopped the VM, uninstalled, and still couldn't authenticate. The user 'Nobody' is correct, the best solution would either to disable the SSH Broker for Windows 10, or just change the port for SSH on the Linux subsystem, which I did, and works perfectly.
You must also in most cases add a inbound firewall rule to allow traffic on port 22.. the default setup only allows for inbound traffic using the windows implementation of ssh, therefore not allowing any traffic for the openssh-server. Just follow the instructions above and then add a rule for port 22 inbound in Windows Firewall and you should be set.
Since windows implementation doesn't provide chroot you need to modify the /etc/ssh/sshd_config
UsePrivilegeSeparation no
Also you will need to create a user using useradd command or so.