I have been trying to figure out where I am going wrong for a few days now.
I am trying to set up a pair of SSH keys, so my computer can remotely connect to my web server and run a script without a password.
I have generated the SSH keys on my Mac and placed the public key on the server in the '.ssh' folder, then added this to the 'authorized_keys' file.
When I run my command through terminal, I get the following, asking for both a passphrase and the password still.
Christophers-MacBook-Pro:~ christopherdavies$ bash /Users/christopherdavies/Desktop/rsync/chrisdavies/chrisdavies.sh
Enter passphrase for key '/Users/christopherdavies/.ssh/id_rsa':
chrisdavies#shell.host.co.uk's password:
Am I right to have placed the public key from my SSH keys pair on my Mac onto the server?
I am a bit lost here, so would really appreciate some advice. I am slowly learning, but feel I may be doing something blatantly obviously wrong...
It seems you are off to a good start. Some things to check:
make sure you stored the public key under .ssh/authorized_keys on the same user to which you intend to connect. In your case, it seems that your remote user is "chrisdavies", so it should be under ~chrisdavies/.ssh/autorized_keys.
make sure your script connects to the remote server as "chrisdavies". You might want to check that because you are under a different user on your MacBook "christopherdavies".
To troubleshoot, try to SSH to the remote server instead of running the script directly. If you run "ssh chrisdavies# and it works without the password, you do not have connectivity issues, and you'll need to look into your script.
I hope that helps!
Related
I have Oracle Linux 8.5 in Oracle Cloud, and have been using the host for several months.
But today I was trying to setup vscode remote ssh and looks like I messed up the ssh key that I use to login to the host. Now I cannot!
I tried to follow this documentation and this thread to fix some commands.
However, that did not help! And in fact now the host having difficulty stopping quickly; rebooting looks fine.
Any ideas on how to correct this issue?! (Was having a lot of fun until this struck :) )
In the OCI console, go to the instance, and click on the "console connection", this will show you 2 options, one is create local connection, which will allow you to upload a new ssh key file. Or you can create a console connection and then update the authorized_keys file with your new id_rsa.pub contents
Console connection did NOT work for me. That's why I went by attaching the volume to another instance. The documentation I followed suggests to mount /dev/sdb3. However that did not work for me. Instead, I mounted /dev/ocivolume/root, and modified the ssh key there, and now works!
I want to make a script that asks the user for username and password and uses these for a few things at once, including connecting to OpenVPN without needing to either
store the password on the disk
ask the user for the data many times over
for example you can run net use with user and password to mount shares, however openVPN seemingly only has an option to pass a file with username and password.
On Linux there seemingly are solutions like this, however I don't seem to find anything similar for windows yet.
Is there a solution?
My secretary created a new instance in Amazon using their EC2 server but lost the .pem file. Doing research online I was able to go to the instance system settings/get system log and retrieve some type of password there. The instance system log shows something like this:
2019/04/15 12:15:19Z: Username: Username
2019/04/15 12:15:19Z: Password: <Password>
It is a very long code of random characters.
Is there any way I can use this to log in via remote desktop or is there a way to decrypt it? I tried several decryption methods online and they said this was not a valid "hash"...whatever this means. I am not a technical person so I need hopefully a response in layman terms.
It appears that you are connecting to a Windows instance. When a new Amazon EC2 Windows instance is launched, a program on the AMI (disk image) automatically generates a random Administrator password. This is done so that you can access the instance, but nobody else can.
To keep the password secret, the program encrypts the password with the keypair nominated when the instance was launched. The encrypted password is passed back to AWS via the console. That is the string of 'random characters' you saw.
To decrypt the password, you can use the Get Windows Password feature, which requires you to supply the nominated keypair. It will then decrypt the password, which can be used to login to the instance as Administrator.
Since you no longer have the keypair, you cannot decrypt the password and therefore cannot login to the server. This is good! This proves that security works, because you would not want other people to be able to login to the server.
So, can do you regain access?
Refer to the steps on: I need to reset the administrator password on a Windows Server instance in Amazon EC2
Basically, there are two methods:
If Systems Manager is enabled for the instance, you can run a "rescue" script
Otherwise, there is a series of scripts that assist with the process of:
Detaching the disk
Attaching it to another instance
Resetting a configuration on the disk
Reattaching the disk to the original instance
The second process is a bit like plugging a USB disk into another computer to change a file (except that EC2 disks are managed differently).
I use console2 in combination with git bash in order to interact with my local git repositories and by extension several github and bitbucket repositories also.
I use an ssh key pair to authenticate myself to these services, howevermy ssh key pair has an associated password.
This morning I found that I was no longer required to enter this password n my laptop in order to complete the authentication process.
I did some testing and it seems that the same key present on my desktop machine still requires me to enter my password.
So my question is.... why am I no longer required to enter my password on my laptop in order to authenticate with these servers?
Sounds like you have ssh-agent (sshagent.exe) running.
It is a small utility which allows you to enter your key's passphrase once and it then holds it "unlocked" for further use without you needing to re-enter the passphrase each time. Killing it will cause the original behaviour.
ssh-agent comes along with ssh in a standard msysgit installation. I'm not sure if something's changed that now means it's used by default or not though. Another explanation as to why it's running might be if you've installed posh-git and ran a Powershell session. By default (I believe - it's been a while), it'll run at the start of the session and ask for your key's passphrase. I use it every single day with this configuration as my passphrase is quite long... :-)
Something to do with having git-credential-winstore installed on your laptop?
I made 2 Expect scripts to SSH to a list of servers and change passwords. One for AIX and one for RedHat Linux.
The AIX script is working fine, but the Linux script is giving me a problem. The reason is that on the Linux servers, when you are forced to change an expired password, after the password is changed the remote side kills the SSH session.
passwd: all authentication tokens updated successfully.
Connection to drm23rdv closed.
send: spawn id exp20 not open
while executing...
At this point the script stops completely and there are still lots of servers to log in to. (and the current password is just a temporary one, although I could modify the script to use my permanent password choice but I like to do that as root)
What I would like to do after the initial, forced password change is log back into the server and change the password again as root. I am pretty sure I can handle that, but first I need to figure out a way to have expect handle the closed SSH session with more dignity than just giving up.
use expect eof {do something}, or the connection might close at any time, use expect_before {eof {do something}}