Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Why is this not working? I am trying to automate this in bash script but I am still prompted for a yes....
echo "yes" | ssh -T git#github.com
The authenticity of host
'github.com (192.30.252.129)' can't be established. RSA key
fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are
you sure you want to continue connecting (yes/no)?
#Barmar deserves credit for the crucial pointer: disable option StrictHostKeyChecking to suppress the prompt altogether:
ssh -o StrictHostKeyChecking=no -T git#github.com
Note, however, that:
suppressing or auto-confirming the authenticity prompt is not recommended for security reasons
on a given machine, once you've connected to a remote host for the first time and have confirmed the prompt, you will not be prompted again, because that hosts's fingerprint will automatically be saved to configuration file ~/.ssh/known_hosts.
Thus, if feasible, the better option is to save the fingerprints of all potential target hosts to ~/.ssh/known_hosts or /etc/ssh/ssh_known_hosts up front, as #chepner recommends in a comment.
Note, though, that if a remote host['s hard drive] is replaced (e.g., after hardware failure) without transferring its old own-identity fingerprint file, the authentication warning prompt will reappear due to generation of a new fingerprint - unless that new fingerprint is again saved on accessing machines beforehand.
As #Ian Roberts points out, the reason that just piping a response via stdin doesn't work is presumably that ssh reads the response directly from the terminal.
As #konsolebox points out, if you do need to automate interaction with ssh, expect (see man expect) is the right tool for the job, but since this generally involves automating password entry, it comes with security caveats.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
Improve this question
Basically, my goal is to use a single key for everything. I have a GPG key that I imported onto my MacBook, and would like to use that key for SSH authentication. However, despite my several attempts, I cannot get my key to list. I have, for the most part, been following the guide here: https://gregrs-uk.github.io/2018-08-06/gpg-key-ssh-mac-debian/ trying minor variations to see if it would have an impact. But when I run ssh-add -l I get the customary "The agent has no identities."
I notice the guide is relatively old (written in 2018), so has anyone had success with using a GPG key for SSH on Mac? Is it simply a lost cause? Any help would be much appreciated!
Added enable-ssh-support to my gpg-agent.conf file
Added the GPG key keygrip to my sshcontrol file
Added:
export GPG_TTY=$(tty)
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
to my .zprofile (I suspect this is where the issue lies)
And still nothing after running ssh-add -l
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I am really new to Putty and Puttykey generator as I am trying to setup EC2 on AWS. I have managed to install PuTTy on my Mac, and PuTTy works fine, but every time I click on PuTTykey Generator I see a message (please see the snap attached) and no pop up window. how do I get it to work? I have Mac Mojave.
the reason why you use puttygen is to generate the ssh-key pair especially on windows systems. You don't generally need to use putty key generator on mac since Mac OS has a built-in command-line SSH client known as Terminal.
To use terminal, go to Finder and then click the menus Go -> utilities from the top menu. After that find the terminal which supports SSH connections to remote servers.
You can run ssh-keygen to generate an ssh key pair.
ssh-keygen
reference (how to use ssh-keygen to generate a keypair):
https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/create-with-openssh/
I am not sure about the reason why you are trying to use puttygen through.
If you simply like to login to your ec2 instance via ssh (using the keypair from ec2), you can use ssh command as below.
ssh -i `~/Downloads/my.pem` ec2-user#[ip-address]
by the way, The reason why you are seeing an output like the one you shared is, when you run puttygen is, it's a command line utility and it's expecting some mandatory command line arguments to be passed.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'm following this tutorial to set up my first DigitalOcean droplet, and I just generated a Key Pair for Public Key Authentication. After using ssh-copy-id (from Git Bash, since the command isn't available in Command Prompt) to add the key to my Droplet, I can SSH into my droplet just fine from Command Prompt.
However, when I try to SSH from Git Bash, it still prompts me for my password! I've checked, and the SSH keys exist on my Droplet and on my computer. What's the problem?
You can load the key by running ssh-add path-to-private-key
ssh-add /Users/ben/id_rsa
The predefined path is UserHome -> .ssh -> private-key & public-key
/c/Users/USERNAME/.ssh/id_rsa
/c/Users/USERNAME/.ssh/id_rsa.pub
There are restrictions to the name of the file as well as the location. Following are the known filenames that SSH agent will look for that I can think on top of my head:
identity
id_dsa
id_rsa
These names are generally determined by the Type you've used to generate them. Most commonly used is rsa which creates id_rsa and id_rsa.pub.
Also, most Windows user uses Putty as the SSH daemon. It works pretty well. The best thing about that is it has GUI to set the specific private key so it loads that every time without having to do any of the above stuff.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am learning about private and public key pairs, so pardon my ignorance (if any).
I've created a total of three private / public key pairs via terminal using the ssh-keygen command in terminal.
I found out the application I was generating them for needed to have a blank passphrase, so I used this to delete the keypairs out (before continuing with generating another one)
rm id_rsa.pub (I was in the .ssh directory already)
My question is. I have no idea what Known_Hosts is (when I ls the .ssh directory) and I'm afraid my multiple generations left something in the Known_Hosts, despite me deleting out the .pub file each time before proceeding.
Any insight would be appreciated!!!
This file pretty much keeps a "cache" of the previous hosts you've SSH'd into. I just went ahead and removed an entry for 10.0.1.20 from the known hosts file on my machine. When you SSH into this address (with no matching entry in known hosts). It will display something like:
The authenticity of host '10.0.1.20 (10.0.1.20)' can't be established.
RSA key fingerprint is c1:f4:31:dc:94:33:a3:9d:36:3f:ad:92:20:b9:65:9f.
Are you sure you want to continue connecting (yes/no)?
If you hit yes an entry will be stored in Known Hosts as specified by the message:
Warning: Permanently added '10.0.1.20' (RSA) to the list of known hosts.
If for some reason in the future the machine changes - perhaps an OS upgrade or some how its identity changes SSH will give you an error message in the future if you try to connect because the "key" in known hosts doesn't match the key of the machine you are connecting to. The way to fix this problem (which we run into at work occasionally) is to remove the entry from known hosts.
Subsequent logins to this host (after the entry exists in your known_hosts) will not prompt you for the yes/no question. You can delete this file if you like.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I just switched from PC to Mac. I had been connecting to a server via SSH using a key on the PC. I thought all I'd have to do to connect on the Mac would be copy the .ssh directory into my home directory and then run the ssh command in the terminal with the right credentials, but it doesn't seem to be working.
When I run this command;
ssh [user]#[hostname] -p 2222
I get this result;
Permission denied (publickey).
In my .ssh directory, there are three .pub files and three key files with no extension. There's also a known_hosts file and a key_backup directory with some keys in it.
Supposing you did copy the correct keys, you need to add your identities to ssh-agent. Try the following:
ssh-add /Users/<username>/.ssh/id_rsa
Where <username> is your username and id_rsa is a private key. It's important to use the absolute path. Upon success, you'll see something like:
Identity added: /Users/johndoe/.ssh/id_rsa (/Users/johndoe/.ssh/id_rsa)
Repeat for every key you want.
As long as you get the proper private key that matches the public key that is stored on the remote platform what you described is correct.
You can add in up to three -v on the ssh command to get more debug information. This can confirm it is using the proper keys. Other things to verify is that the owenership and permissions of the keys on both the Mac and the remote boxes are restricted to the user, and none other.