Develop Reference

Trying to scp to an EC2 instance, states sftp only?

scp -Cpv -i /home/jamie/Downloads/jamie1.pem /srv/http/wordpress/wp- content/themes/dt-the7 ec2-user#52.210.108.143:/var/www/html/wp-content/themes/
[...]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending command: scp -v -p -t /var/www/html/wp-content/themes/
This service allows sftp connections only.
Can anyone tell me how to also allow ssh/scp connections?
Thanks

You need to modify sshd_config on the server and restart the sshd daemon. The configuration will probably contain something like
ForceCommand internal-sftp
if you will comment that out, you should be able to get ssh and scp access.

Need to Run batch script in UNIX server and display the output through vbscript

I am currently developing the new VBScript to execute the Shell (through Putty software) in UNIX server,
Set shell = WScript.CreateObject("WScript.Shell")
shell.Exec D:\Putty.exe hostname -l username -pw password 1.sh
I am getting connection refused error.
when I run the below command without my script (1.sh)
shell.Exec D:\Putty.exe hostname -l username -pw password
Connection is getting established without any issues.
Also, I just wanted to extract the output, once extracted, the session should get closed automatically.

This doesn't work in putty.exe. Putty has however a dedicated program to do these kind of things, it's called plink.exe - there you can pass commands and read the output just as you would expect, and your example should work just like you specified it.
PuTTY Link: command-line connection utility
Release 0.63
Usage: plink [options] [user#]host [command]
("host" can also be a PuTTY saved session name)
Options:
-V print version information and exit
-pgpfp print PGP key fingerprints and exit
-v show verbose messages
-load sessname Load settings from saved session
-ssh -telnet -rlogin -raw -serial
force use of a particular protocol
-P port connect to specified port
-l user connect with specified username
-batch disable all interactive prompts
The following options only apply to SSH connections:
-pw passw login with specified password
-D [listen-IP:]listen-port
Dynamic SOCKS-based port forwarding
-L [listen-IP:]listen-port:host:port
Forward local port to remote address
-R [listen-IP:]listen-port:host:port
Forward remote port to local address
-X -x enable / disable X11 forwarding
-A -a enable / disable agent forwarding
-t -T enable / disable pty allocation
-1 -2 force use of particular protocol version
-4 -6 force use of IPv4 or IPv6
-C enable compression
-i key private key file for authentication
-noagent disable use of Pageant
-agent enable use of Pageant
-m file read remote command(s) from file
-s remote command is an SSH subsystem (SSH-2 only)
-N don't start a shell/command (SSH-2 only)
-nc host:port
open tunnel in place of session (SSH-2 only)
-sercfg configuration-string (e.g. 19200,8,n,1,X)
Specify the serial configuration (serial only)

SSH AUTHENTIFACTION ISSUE

I am a newbie to embedded networking. I want to set arm board as a ssh server .From other boards(client boards connected in the network), I need to connect to this server board.
I have downloaded the openssh and cross compiled it for arm successfully.
I have used default sshd_config file and run sshd command in arm-board.
Command
"ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" "
is used to genrate key.
My doubt is where can I set the username and password, so that I can login from a remote client using ssh command. I didn't find any document regarding this...?

Using ssh you are logging in as a normal system user. So you should add user using useradd command. You can change password using passwd command.

Permission denied to use sftp -b batch file

I can log in to my remote using ssh/sftp (without the -b option)
sftp root#192.168.7.2
But when I try
sftp -b commands.tmp root#192.168.7.2
I get
Permission denied (publickey,password).
Couldn't read packet: Connection reset by peer
Commands.tmp looks like this
ls
exit
Anything I am missing here ?

I used shhpass to write the password no interactive and I needed to add -oBatchMode=no
sshpass -p PASSWORD sftp -v -oBatchMode=no -b FILE USER#SERVER

If you are authentication with a password or an encrypted private key, you cannot use the -b with plain sftp. The sftp man says:
Since it lacks user interaction it should be used in conjunction with non-interactive authentication
You can for example use a passphrase-less private key together with the -b.
If you want to use password authentication, you need to use workarounds like sshpass. See:
How to run the sftp command with a password from Bash script?

This worked for me
sshpass -p 'PASSWORDSTRING' sftp -v -oBatchMode=no -b deploy/production username#ipaddress
production file
put -rp /from-directory /to-directory

How do I remove the passphrase for the SSH key without having to create a new key?

I set a passphrase when creating a new SSH key on my laptop. But, as I realise now, this is quite painful when you are trying to commit (Git and SVN) to a remote location over SSH many times in an hour.
One way I can think of is, delete my SSH keys and create new. Is there a way to remove the passphrase, while still keeping the same keys?

Short answer:
$ ssh-keygen -p
This will then prompt you to enter the keyfile location, the old passphrase, and the new passphrase (which can be left blank to have no passphrase).
If you would like to do it all on one line without prompts do:
$ ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
Important: Beware that when executing commands they will typically be logged in your ~/.bash_history file (or similar) in plain text including all arguments provided (i.e. the passphrases in this case). It is, therefore, is recommended that you use the first option unless you have a specific reason to do otherwise.
Notice though that you can still use -f keyfile without having to specify -P nor -N, and that the keyfile defaults to ~/.ssh/id_rsa, so in many cases, it's not even needed.
You might want to consider using ssh-agent, which can cache the passphrase for a time. The latest versions of gpg-agent also support the protocol that is used by ssh-agent.

$ ssh-keygen -p worked for me
Opened git bash. Pasted : $ ssh-keygen -p
Hit enter for default location.
Enter old passphrase
Enter new passphrase - BLANK
Confirm new passphrase - BLANK
BOOM the pain of entering passphrase for git push was gone.
Thanks!

You might want to add the following to your .bash_profile (or equivalent), which starts ssh-agent on login.
if [ -f ~/.agent.env ] ; then
. ~/.agent.env > /dev/null
if ! kill -0 $SSH_AGENT_PID > /dev/null 2>&1; then
echo "Stale agent file found. Spawning new agent… "
eval `ssh-agent | tee ~/.agent.env`
ssh-add
fi
else
echo "Starting ssh-agent"
eval `ssh-agent | tee ~/.agent.env`
ssh-add
fi
On some Linux distros (Ubuntu, Debian) you can use:
ssh-copy-id -i ~/.ssh/id_dsa.pub username#host
This will copy the generated id to a remote machine and add it to the remote keychain.
You can read more here and here.

To change or remove the passphrase, I often find it simplest to pass in only the p and f flags, then let the system prompt me to supply the passphrases:
ssh-keygen -p -f <name-of-private-key>
For instance:
ssh-keygen -p -f id_rsa
Enter an empty password if you want to remove the passphrase.
A sample run to remove or change a password looks something like this:
ssh-keygen -p -f id_rsa
Enter old passphrase:
Key has comment 'bcuser#pl1909'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
When adding a passphrase to a key that has no passphrase, the run looks something like this:
ssh-keygen -p -f id_rsa
Key has comment 'charlie#elf-path'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.

On the Mac you can store the passphrase for your private ssh key in your Keychain, which makes the use of it transparent. If you're logged in, it is available, when you are logged out your root user cannot use it. Removing the passphrase is a bad idea because anyone with the file can use it.
ssh-keygen -K
Add this to ~/.ssh/config
UseKeychain yes

On windows, you can use PuttyGen to load the private key file, remove the passphrase and then overwrite the existing private key file.

In windows for me it kept saying
"id_ed25135: No such file or directory" upon entering above commands. So I went to the folder, copied the path within folder explorer and added "\id_ed25135" at the end.
This is what I ended up typing and worked:
ssh-keygen -p -f C:\Users\john\.ssh\id_ed25135
This worked. Because for some reason, in Cmder the default path was something like this C:\Users\capit/.ssh/id_ed25135 (some were backslashes: "\" and some were forward slashes: "/")

If you have set a passphrase before and is using mac, use the keychain instead, you'll need to enter your passpharase for the last time and that's it
ssh-add --apple-use-keychain ~/.ssh/id_rsa
Enter passphrase for /Users/{{user_name}}/.ssh/id_rsa:
Identity added: /Users/{{user_name}}/.ssh/id_rsa(/Users/{{user_name}}/.ssh/id_rsa)

If you are using Mac
Go to .ssh folder
update config file by adding "UseKeychain yes"