My PC is Windows 10 Pro, 22H2
In my closed work environment, I SSH from Windows command line into many devices that all have the same IP (one at a time, not concurrently on my network at the same time). I'm running an automated test script and I constantly have trouble scripting something when this warning gets thrown up during the login to a new device that I'm testing.
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:{hash}
Please contact your system administrator.
Add correct host key in C:\\Users\\myusername/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\myusername/.ssh/known_hosts:3
ECDSA host key for 192.168.1.5 has changed and you have requested strict checking.
Host key verification failed.
I'm using password-based login to these devices.
I made C:\Users\myusername\config with contents:
Host *
StrictHostKeyChecking no
But this didn't stop the warning from happening and blocking the attempt. So far the only solution I have is to constantly delete the C:\Users\myusername\known_hosts file. Is there any way to get Windows to ignore strict checking?
I've created GIT repo at my account of shared hosting via cPanel. Then I've installed Git to my local PC with Windows, right-clicked local repo folder and selected the command "Git Bash Here". Next I've run in CMD the command like
git clone ssh://user123#example.com/home/user123/public_html/repo
First I've received
The authenticity of host 'example.com (...)' can't be established.
ED25519 key fingerprint is SHA256:...
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
I've typed "yes" and received the error
Warning: Permanently added 'example.com' (ED25519) to the list of known hosts.
user123#example.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Next I've copy-pasted the file id_rsa from the folder .ssh at my hosting to my local folder C:/Users/MyUserName/.ssh
Now if I run the command of cloning I receive
Enter passphrase for key '/c/Users/MyUserName/.ssh/id_rsa':
Why? What is the passphrase and where can I get it?
The pass-phrase is the password(s) you used when you created the ssh keys. You must use those password(s) to unlock access to the ssh keys.
Note that the warnings (about whether the host is known or not) are just that: warnings. The first time you connect to some other system, your ssh software checks the identity message that comes from that host. But there's nothing to check against, so you get the warnings. After that, the identity is saved, so the second, third, etc., times that you connect to the host, your ssh makes sure it identifies itself the same way. (This is a fancied-up variant of having the host tell you its password, which you then check to make sure you're still talking to the same guy.)
Of course, the host doesn't know whether the guy claiming to be you is really you, so the host demands that you provide your password. Your "password" in this case is your ssh key ... and your ssh key is protected with another password (or rather, "pass phrase": you can use multiple words). So you give your machine your "get me the password" pass-phrase, after which your machine gets the password to give to their host.
I have trouble getting the official Windows ADT 21.1.0 distribution to connect to a git repository. No matter what I tried(details below) it complains about host key not present in the registry and shows me no option to accept the host key. The remote server is running Gitlab and is under my control. There's no problem with connectivity or firewalls.
What I tried so far:
connecting without giving a password, with user git
connecting while giving a password, with another user
adding manually the host key in the known_hosts file that is found in the ssh home directory(Preferences->General->Network Connections->SSH2->SSH2 home).
The message is always:
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx...
Connection abandoned.
RSE works without any problems, only egit gives me problems.
You could workaround the problem by not using the ssh protocol with the git server, but instead the git or http protocol.
One reason for the above message can be using a folder called "ssh" instead of ".ssh" (note the dot). Some colleague of mine experienced that, and this can easily happen when using Windows explorer, as it will silently remove the dot, when creating a folder called ".ssh". You have to use the command line instead.
I was wondering how to set up filezilla or how to upload files to my ec2 server. everytime i try to set up filezilla it says:
Error: Disconnected: No supported authentication methods available (server sent: publickey)
Error: Could not connect to server
and i have to go to downloads folder and login with ssh -i key.pem user#ipaddress every time i want to have access since my mac wont automatically ssh from anywhere since i cant import it into my keychain.
According to the FileZilla Docs, it should be possible:
FileZilla supports the standard SSH agents. If your SSH agent is running, the SSH_AUTH_SOCK environment variable should be set.
Here is a documentation on how to set up ssh agent.
However I personally use Cyberduck as an SFTP client. When creating a new connection there, you can simply check "Use public key authorization" and give the path to your key file. Should be easier to set up.
you can use sshfs to fuse the ec2 instance directory to your local folder.
So, you have to do following steps :
install sshfs on your mac.
put you mac id_rsa.pub key inside authorized keys in .ssh/ folder of ec2 instance . this will allow you to mount ec2 directory to local folder. Also, this will allow you to ssh to ec2 instance without using key.pem.
mount the ec2 instance using following command :
sshfs ubuntu#ec2-xx-xx-xx-xxx.compute-1.amazonaws.com: /<your new folder location>
4. don't forget to give your folders write permissions , so that you can edit them remotely.
Hope it helps.
PuTTY fatal error:
No supported authentication methods available
When I tried to login into the production server, I am getting above error. Could anyone help me to fix this?
Edit file
sudo vi /etc/ssh/sshd_config
Set PasswordAuthentication yes
Then restart server
sudo service ssh restart
sudo service sshd restart
It worked for me after I did the following steps :
1- Download Puttygen (https://www.puttygen.com/download-putty)
2- Open PUttyGen and then Load the private key from :
C:\Users[username]\Chapter6.vagrant\machines\default\virtualbox
3- save the new private key with a new name.
4- Open Putty, go to Connection > SSH > Auth > and add the new private key
5- Connect now using 127.0.0.1 and 2222
I think your private key file format is not compatible with putty for putty uses its' native format instead.
Detail:http://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter10.html#errors-no-auth
If you are using cloud service and trying to connect server using ssh then Don't login the user name as ec2-user, the default user name is ubuntu forubuntu server.
This error can also be seen if you haven’t selected the .ppk file for the session in Putty: Connection > SSH > Auth
You’re done if you’ve employed PuttyGen to generate the keys. Else import the private key to your .ppk file as others have instructed.
Note on Linux as opposed to Windows, puttygen is accessed only via the command line. Here’s some resources for that:
https://the.earth.li/~sgtatham/putty/0.76/htmldoc/Chapter8.html#pubkey
http://manpages.ubuntu.com/manpages/bionic/man1/puttygen.1.html
https://www.ssh.com/academy/ssh/putty/linux/puttygen
In my case, I updated the Putty application to the latest and issue was solved.
Do you still have access to the server (maybe an open shell?) Check /var/log/messages for more details. This could have something to do with your PAM configuration.
Did you change folder permissions? i met this question in this week, so i find the error that is cause to me change the folder(name is ec2-user) permission.
1.Edit the /etc/ssh/sshd_config file.
2.Change PasswordAuthentication and ChallengeResponseAuthentication to yes.
3a. Restart ssh /etc/init.d/ssh restart.
OR
3b. better you use service sshd restart
If you've saved your public key on an external drive and it's not connected, putty will throw this error when connecting to your remote server.
Solved via Puttygen
I was on a windows system and it doesnt support direct shell access like linux or macOS.
Download Puttygen.
Load the .pem key to puttygen
Save as Private key
Use this key to login to ec2 instance
P.S : Also if the SSH ask for login/username - enter ubuntu or admin
Download Puttygen
Load the .pem key to puttygen
convert .pem file to .ppk
Save as Private key
Install/Open Putty >> puTTY Configuration >> Auth >> Browse >> path to .ppk file
Use this key to login to ec2 instance (check that IP of remote server is allowed in security group config of EC2 instance)
Username
The usual user names are ec2-user, ubuntu, centos, root, or admin
If that server is in the cloud like AWS, the rookie mistake I did was not realizing that a new Public IPv4 DNS gets used when the instance was off for some time. So, check the new DNS
Today I faced the same problem. So in putty you have to use "user name" of your EC2 instance
to get your "user name" of your EC2 instance
Select EC2 instance
select Connect
Now go to putty use ec2_name#public address
To see your public address
select EC2
under details you will be able to see your public address.
Now try loading your "ppk" file you will be able to log in.
For Digital Ocean, we should enable password authentication first.
The complete instruction is here: https://docs.digitalocean.com/support/i-lost-the-ssh-key-for-my-droplet/#enable-password-authentication
Log in to the Droplet via the Recovery Console
Even though you have a root password for the Droplet, if you try to log in via SSH using that password immediately, you’ll receive a Permission denied (publickey) error. This is because password authentication is still disabled on the Droplet. To fix this, you need to log in via the Recovery Console and update its SSH configuration.
There are detailed instructions on how to connect to Droplets with the
Recovery Console for a more explicit walkthrough, but here’s a brief
summary:
On the Droplet’s detail page, in the same Access tab, click the Launch
Console button.
At the login prompt, enter root as the username.
At the subsequent password prompt, enter the root password you were
sent via email. Most distributions prompt you to enter the password
twice, but some (like Fedora 27) do not.
Enter a new root password to replace the one that was emailed to you,
then enter that same new password again.
You will now be logged in as root in the Recovery Console, which gives
you access to the Droplet’s SSH configuration.
Enable Password Authentication To enable password authentication on
your Droplet, you need to modify a line in its SSH config file, which
is /etc/ssh/sshd_config.
Open /etc/ssh/sshd_config using your preferred text editor, like nano
or vim. Find the line that reads PasswordAuthentication no line and
change it to PasswordAuthentication yes, then save and exit the file.
Because the SSH daemon only reads its configuration files when it’s
first starting, you need to restart it for these changes to take
effect. The command to do this depends on your operating system:
Operating System SSH Restart Command
Ubuntu 14.x service ssh restart
Ubuntu 15.4 and up systemctl restart ssh
Debian systemctl restart ssh
CentOS 6 service sshd restart
CentOS 7 systemctl restart sshd
Fedora systemctl restart sshd\