Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am learning about private and public key pairs, so pardon my ignorance (if any).
I've created a total of three private / public key pairs via terminal using the ssh-keygen command in terminal.
I found out the application I was generating them for needed to have a blank passphrase, so I used this to delete the keypairs out (before continuing with generating another one)
rm id_rsa.pub (I was in the .ssh directory already)
My question is. I have no idea what Known_Hosts is (when I ls the .ssh directory) and I'm afraid my multiple generations left something in the Known_Hosts, despite me deleting out the .pub file each time before proceeding.
Any insight would be appreciated!!!
This file pretty much keeps a "cache" of the previous hosts you've SSH'd into. I just went ahead and removed an entry for 10.0.1.20 from the known hosts file on my machine. When you SSH into this address (with no matching entry in known hosts). It will display something like:
The authenticity of host '10.0.1.20 (10.0.1.20)' can't be established.
RSA key fingerprint is c1:f4:31:dc:94:33:a3:9d:36:3f:ad:92:20:b9:65:9f.
Are you sure you want to continue connecting (yes/no)?
If you hit yes an entry will be stored in Known Hosts as specified by the message:
Warning: Permanently added '10.0.1.20' (RSA) to the list of known hosts.
If for some reason in the future the machine changes - perhaps an OS upgrade or some how its identity changes SSH will give you an error message in the future if you try to connect because the "key" in known hosts doesn't match the key of the machine you are connecting to. The way to fix this problem (which we run into at work occasionally) is to remove the entry from known hosts.
Subsequent logins to this host (after the entry exists in your known_hosts) will not prompt you for the yes/no question. You can delete this file if you like.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 4 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I have been using OvertheWire terminal coding wargame and i have accedentally
ssh'ed the server and it said in the describtion that i there is no ssh.
this message appeared
Permanently added 'natas0.natas.labs.overthewire.org' (ECDSA) to the list of known hosts.
what should i do so im not a host and what does it mean that im a host?
A "host" in this context means server, and it's talking about the server you were connecting to, not your machine.
On your machine, there is a file called known_hosts. This contains the ssh "fingerprints" of every server that you have connected to.
The first time you connect to a new server, ssh records the fingerprint. This is important, because it means ssh can detect someone spoofing the server in the future (by warning you that you are connecting to a different server from last time). Typically, users see this warning when the server is upgraded or moved to a new datacentre, rather than when something untoward is happening.
Your message is just saying that your ssh client has recorded the server fingerprint to allow you to check that you're connecting to the same server the next time you ssh to it. My guess is the server that you connected to accepted your ssh connection, but used it to print a message saying that ssh was not available.
If you want to remove the fingerprint from your system, you can can open that file and remove the line that describes the wargame server. However, I doubt there is any risk from keeping the fingerprint.
If you want to do this this:
On a mac or a unix/linux system, the file will be in ~/.ssh/known_hosts. Open it up, remove the line that describes the wargame server, and then save the file.
On a windows machine using putty, you will need to edit the registry to remove the hosts:
Open up ‘regedit.exe’ by doing a search.
Navigate to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
Delete the host key for the wargame server.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'm following this tutorial to set up my first DigitalOcean droplet, and I just generated a Key Pair for Public Key Authentication. After using ssh-copy-id (from Git Bash, since the command isn't available in Command Prompt) to add the key to my Droplet, I can SSH into my droplet just fine from Command Prompt.
However, when I try to SSH from Git Bash, it still prompts me for my password! I've checked, and the SSH keys exist on my Droplet and on my computer. What's the problem?
You can load the key by running ssh-add path-to-private-key
ssh-add /Users/ben/id_rsa
The predefined path is UserHome -> .ssh -> private-key & public-key
/c/Users/USERNAME/.ssh/id_rsa
/c/Users/USERNAME/.ssh/id_rsa.pub
There are restrictions to the name of the file as well as the location. Following are the known filenames that SSH agent will look for that I can think on top of my head:
identity
id_dsa
id_rsa
These names are generally determined by the Type you've used to generate them. Most commonly used is rsa which creates id_rsa and id_rsa.pub.
Also, most Windows user uses Putty as the SSH daemon. It works pretty well. The best thing about that is it has GUI to set the specific private key so it loads that every time without having to do any of the above stuff.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
So I am in the process of setting up my own server for the first time using Vultr and I'm following a guide from DigitalOcean. The server is on Ubuntu but I am using Windows 10. I've been doing everything through the console that's logged into my server but now I'm trying to generate SSH keys locally and I'm not quite sure how to do this. I'm pretty new to this and I don't know if this is easily done through Windows 10. The tutorial states..
Generate a Key Pair
If you do not already have an SSH key pair, which consists
of a public and private key, you need to generate one.
If you already have a key that you want to use,
skip to the Copy the Public Key step.
To generate a new key pair, enter the following command at the
terminal of your local machine (ie. your computer):
local$ ssh-keygen
Assuming your local user is called "localuser",
you will see output that looks like the following:
ssh-keygen output
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/localuser/.ssh/id_rsa):"
I can do all this on the terminal I use that's logged in to my server but I can't figure out how to do this locally on my computer. Any help would be appreciated. Thanks.
You could install Cygwin, and get the openssh command-line utilities via its installer. That might be more involvement than you want with Windows.
The easier way would be to install PuTTY, use the puttygen utility to create a PuTTY private key. You can export the public key in openssh format, and use it on your server. (puttygen does the same function as ssh-keygen, using a GUI - but PuTTY's key format is different...)
DigitalOcean has a page on that: How To Create SSH Keys with PuTTY to Connect to a VPS
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Why is this not working? I am trying to automate this in bash script but I am still prompted for a yes....
echo "yes" | ssh -T git#github.com
The authenticity of host
'github.com (192.30.252.129)' can't be established. RSA key
fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are
you sure you want to continue connecting (yes/no)?
#Barmar deserves credit for the crucial pointer: disable option StrictHostKeyChecking to suppress the prompt altogether:
ssh -o StrictHostKeyChecking=no -T git#github.com
Note, however, that:
suppressing or auto-confirming the authenticity prompt is not recommended for security reasons
on a given machine, once you've connected to a remote host for the first time and have confirmed the prompt, you will not be prompted again, because that hosts's fingerprint will automatically be saved to configuration file ~/.ssh/known_hosts.
Thus, if feasible, the better option is to save the fingerprints of all potential target hosts to ~/.ssh/known_hosts or /etc/ssh/ssh_known_hosts up front, as #chepner recommends in a comment.
Note, though, that if a remote host['s hard drive] is replaced (e.g., after hardware failure) without transferring its old own-identity fingerprint file, the authentication warning prompt will reappear due to generation of a new fingerprint - unless that new fingerprint is again saved on accessing machines beforehand.
As #Ian Roberts points out, the reason that just piping a response via stdin doesn't work is presumably that ssh reads the response directly from the terminal.
As #konsolebox points out, if you do need to automate interaction with ssh, expect (see man expect) is the right tool for the job, but since this generally involves automating password entry, it comes with security caveats.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I just switched from PC to Mac. I had been connecting to a server via SSH using a key on the PC. I thought all I'd have to do to connect on the Mac would be copy the .ssh directory into my home directory and then run the ssh command in the terminal with the right credentials, but it doesn't seem to be working.
When I run this command;
ssh [user]#[hostname] -p 2222
I get this result;
Permission denied (publickey).
In my .ssh directory, there are three .pub files and three key files with no extension. There's also a known_hosts file and a key_backup directory with some keys in it.
Supposing you did copy the correct keys, you need to add your identities to ssh-agent. Try the following:
ssh-add /Users/<username>/.ssh/id_rsa
Where <username> is your username and id_rsa is a private key. It's important to use the absolute path. Upon success, you'll see something like:
Identity added: /Users/johndoe/.ssh/id_rsa (/Users/johndoe/.ssh/id_rsa)
Repeat for every key you want.
As long as you get the proper private key that matches the public key that is stored on the remote platform what you described is correct.
You can add in up to three -v on the ssh command to get more debug information. This can confirm it is using the proper keys. Other things to verify is that the owenership and permissions of the keys on both the Mac and the remote boxes are restricted to the user, and none other.