I have access to a student server and was interested in being able to visualize the public key of the ssh server. What unix command can help me see the ssh key, since this is different than my own generating of keys like on AWS etc.?
This is that simple as :
# cat /root/.ssh/id*.pub
or for a specific user :
# cat ~user/.ssh/id*.pub
Related
I am trying unsuccessfully to create the Oracle Graph instance on my Cloud Oracle ADB! I use the instructions from Ryota Yamanaka 'Setup Oracle Graph on Cloud (DBCS)' and it fails on `SSH Public Key:
This variable is required.
Where should I get this SSH key or how should I create it?
It would be nice to clarify this as it seems to me that this is my only chance to get technically involved with Oracle Graph.
Thanks, Fried
You need to generate an SSH key pair (= private key and public key) on your client first.
This is the instruction how to create an SSH key pair
Then, you can open the public key and copy the content.
I have 15 instances running with same security group, however I can SSH into some of them but not the others. I received "Permission denied (publickey)" message for those instances. I also confirm that all instances are using the same public key and I try to ssh into all of them with the same private key.
What do I miss?
Thank you for helping out!
If you are getting "Permission denied (publickey)", it is not a security group issue. It is most likely one of the following:
You didn't specify the public key to use when launching some of the instances.
There was a problem with the metadata service on some of the instances which meant that cloud-init was unable to retrieve the public key.
You are using the wrong credentials; e.g. the admin account name is different on the different instances. (The default is OS dependent.)
You have multiple keys in your ~/.ssh directory and they are being tried in the wrong order. If you have fail2ban set up on the server side, each time that the client supplies a key counts as a login attempt. You can hit the limit before you tried the key that is going to work.
If you look at the respective instance's console log from their first boot, you can see which public keys were actually used. This can be used to diagnose 1 and 2.
For 3, check the OS documentation.
For 4, try using the ssh command's -i option to specify the path to the private key file.
There are other possibilities; e.g. if you launched instances from a non-pristine image / snaphot.
Reference:
Troubleshooting SSH access to a NeCTAR instance
I'm trying to use the R AzureDSVM package to create a Linux DSVM through R. I am reading the guide https://raw.githubusercontent.com/Azure/AzureDSVM/master/vignettes/10Deploy.Rmd (Azure DSVM guide)
First the guide requests you create an Azure Active Directory application which will provide a "tenant ID", "client ID" and "user key", the guidelines described in http://htmlpreview.github.io/?https://github.com/Microsoft/AzureSMR/blob/master/inst/doc/Authentication.html (Azure SMR Auth guide)
As I understand it, this creates an app registered in Azure Active Directory, creates an "authentication key" for the app, which is the user key, and associates the app with a Resource Group. I've done this sucessfully.
The Azure DSVM guide then creates a VM with public key authentication in a similar way to what follows:
library(AzureSMR)
library(AzureDSVM)
TID <- "123abc" # Tenant ID
CID <- "456def" # Client ID
KEY <- "789ghi" # User key
context <- createAzureContext(tenantID=TID, clientID=CID, authKey=KEY)
resourceGroup<-"myResouceGroup"
location<-"myAzureLocation"
vmUsername<-"myVmUsername"
size<-"Standard_D1_v2"
mrsVmPassword<-"myVmPassword"
hostname<-"myVmHostname"
ldsvm <- deployDSVM(context,
resource.group = resourceGroup,
location = location,
hostname = hostname,
username = vmUsername,
size = size,
os = "Ubuntu",
pubkey = PUBKEY)
The guide vaguely describes creating a public key (PUBKEY) from the users private key, which is sent to the VM to allow it to provide SSH authentication:
To get started we need to load our Azure credentials as well as the
user’s ssh public key. Public keys on Linux are typically created on
the users desktop/laptop machine and will be found within
~/.ssh/id_rsa.pub. It will be convenient to create a credentials file
to contain this information. The contents of the credentials file will
be something like the foloowing and we assume the user creates such a
file in the current working directory, naming the file _credentials.R.
Replace with the user’s username.
TID <- "72f9....db47" # Tenant ID
CID <- "9c52....074a" # Client ID
KEY <- "9Efb....4nwV....ASa8=" # User key
PUBKEY <- readLines("~/.ssh/id_rsa.pub") # For Linux DSVM
My question:
Is this public key PUBKEY generated from the authentication/user key created by setting up the Azure Active Directory application in the Azure SMR Auth guide (the KEY variable in the above script)? If so, how? I've tried using the R sodium library pubkey(charToRaw(KEY)) to do this but I get "Invalid key, must be exactly 32 bytes".
If PUBKEY isn't generated from KEY, from what is it generated? And how does the package know how to authenticate with the private key to this public key?
The AAD key is used for authenticating to AAD. The public/private keypair is separate and is used for authenticating to the VM. If you do not have a public key (in the file ~/.ssh/id_rsa.pub), you can create one using ssh-keygen on Linux.
SSH connections use the private key (in ~/.ssh/id_rsa) by default.
A couple of things in addition to Paul Shealy's (correct) answer:
ssh-keygen is also installed on recent versions of Windows 10 Pro, along with ssh, scp and curl. Otherwise, you probably have the Putty ssh client installed, in which case you can use puttygen to save a public/private key pair.
AzureDSVM is rather old and depends on AzureSMR, which is no longer actively maintained. If you want to deploy a DSVM, I'd recommend using the AzureVM package, which is on CRAN and GitHub. This in turn builds on the AzureRMR package which provides a general framework for managing Azure resources.
library(AzureVM)
az <- AzureRMR::az_rm$new(tenant="youraadtenant", app="yourapp_id", password="password")
sub <- az$get_subscription("subscription_id")
rg <- sub$get_resource_group("rgname")
vm <- rg$create_vm(os="Ubuntu",
username="yourname",
passkey=readLines("~/.ssh/id_rsa.pub"),
userauth_type="key")
Have a look at the AzureRMR and AzureVM vignettes for more information.
Disclaimer: I'm the author of AzureRMR and AzureVM.
When I am using paramiko 2.4.0, I continue to receive errors like this:
SSHException: not a valid OPENSSH private key file
While I can use the key to ssh to the machine, and the remote is reachable.
The key is generated by:
ssh-keygen -t rsa
Then I copy the public key to the remote machine:(the path can be private key, too, it is the same)
ssh-copy-id -i /path/to/public/key root#remote_host
Why?
It turns out that the mechanism of detecting key errors in paramiko is... too simple, sometimes naive. As indicated by #340 and #387, there are some known issues.
At last it turned out that it is not the problem of the key; the message is confusing. It is problem of username/permission/duplication.
paramiko will try to login with the user you use in the key, because it assumes that user also exists on the remote machine. But I think this logic is wrong, because basically when you use cryptography login, you don't need a username; you have the private key and the server has the public key, and that's all what it requires.
Imagine this scenario: you generate a key with Windows, and you are john here, your public key will have john#myhost in the authorized_keys file. When you connect() without username, you actually are login with john in another Linux machine, which may not have this user. If you are on a Linux, it is better, because if you generate the key with root, in another machine it has root, too, and root may have the correct permission on the public key file.
So, at last, I was able to solve the problem by:
in the remote machine, examine authorized_keys file to eliminate any duplicated lines of same user#host.
after generating the public key, change it so that user in it is a valid user on remote machine. Yes it seems strange, but it is how paramiko works. Then copy it to remote.
when calling connect(), pass in the username arg to be the same username you put in the public key.
make sure the user you used in public key has right permission on the authorized_keys file, and its parent .ssh folder. At least r permission.
I'm trying to add a new user to my Ubuntu system and give them SSH access, using public/private key to log in. But I can't seem to get it to work.
Used putty gen to generate a public / private key pair. Then copied the public key into their homedir/.ssh/authorized_keys. But when I load the private key into Pageant in my windows session and try to use putty to get in, I am getting "Disconnected: No supported authentication methods available".
The funny thing is, If i put the same public key in the existing user's ./.ssh/authorized_keys file, I can log on using that user. This was set up by someone before me who I can't contact now though, so I don't know what the difference is.
If I check the etc/ssh/sshd_config file, the AuthorizedKeysFile line is commented out.
#AuthorizedKeysFile %h/.ssh/authorized_keys
BUt even if I put it back in and restart ssh service it still doesn't work (though I didn't think would solve it because why would the current user work)
Is there anything I can do?
Read the sshd daemon's error messages in your system log (auth.log or security.log or some such).
My guess would be that the directory and/or file permissions on .ssh or .ssh/authorized_keys are too permissive (insecure) in the new user's home. This should fix it if this is the problem:
chmod 700 .ssh
chmod 644 .ssh/authorized_keys