I have read: BitBucket: Host key verification failed and Jenkins Host key verification failed and several other links provided. I seem to find myself in an odd situation.
I want to clone my django repo into a digital ocean droplet. I am following the steps of this document. https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04 .
Everything seems to have gone well, until the step where I need to create the django project. I already have a django project and thus don't want to create a new project on the server. I only need to clone it onto the server.
I ran : root#ubuntu-s-1vcpu-2gb-xxx:~#rsync --archive --chown=llewellyn:llewellyn ~/.ssh /home/llewellyn
My bitbucket has the id_rsa SSH key uploaded and it all worked in the past, no new SSH has been generated. And the repo is set to public.
When running:
(myprojectenv) llewellyn#ubuntu-s-1vcpu-2gb-xxx:~/myprojectdir$ git clone git#bitbucket.org:LlewellynHattinghLH/repo.git
Cloning into 'repo'...
Warning: Permanently added the RSA host key for IP address '18.205.xx.x' to the list of known hosts.
git#bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I have tried several articles, but most only tell me how to create a new SSH.
Any help would greatly be appreciated.
First, you can do:
export GIT_SSH_COMMAND='ssh -Tv'
Then the git clone will be more verbose, giving you more clues as to why it fails.
Second, regarding the permissions:
Your ~/.ssh must be 700, you keys 600: check that with ls -alrth ~/.ssh.
Note: what should be uploaded to your BitBucket is the id_rsa.pub public key, not the id_rsa private key.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last month.
Improve this question
How can I setup access for multiple private repositories in Cpanel?
I've tried many tutorials and documentation. Here is one of them:
https://docs.cpanel.net/knowledge-base/web-services/guide-to-git-set-up-access-to-private-repositories/
But I'm always got this error:
Permission denied (publickey). fatal: Could not read from remote
repository.
It seems like we can only use the default name (id_rsa). I've tried this code:
ssh-keygen -t rsa -b 4096 -C "username#example"
It works fine. But it will generate the default (which is id_rsa). This means that we can't deploy multiple private repos, right? Because we can only use "id_rsa".
So is it possible to create an ssh key without a default name? Also, how to create multiple private repos in Cpanel?
EDIT:
Here is what I've done:
Cpanel > Terminal > Enter this code to generate SSH Key:
ssh-keygen -t rsa -f ~/.ssh/top25vineyards -b 4096 -C "topviney#top25vineyards.com"
SSH Access > Manage SSH Keys > Copy the Public Keys
Open the GitHub repo > Settings > Deploy Keys > Paste the keys
Repeat points 1-3 for the second repo. Here is the command to generate the key:
ssh-keygen -t rsa -f ~/.ssh/top25restaurants -b 4096 -C "topviney#top25vineyards.com"
Create config file on ssh folder:
Test the SSH keys by doing this in the terminal:
ssh -i ~/.ssh/top25restaurants -T git#github.com
ssh -i ~/.ssh/top25restaurants -T git#github.com
Both return this message:
Hi <username/repo_name>! You've successfully authenticated, but GitHub does not provide shell access.
Git Version Control > Create > Enter the details:
But when I always got this error:
Am I missing something?
EDIT 2:
I've tried different Clone URL and it gives this error:
So is it possible to create an ssh key without a default name? Also, how to create multiple private repos in Cpanel?
That is what the documentation you are referring to mentions.
Set up access to multiple repositories
To create an SSH key for each of your repositories, follow the steps outlined above.
After you have added the keys to the remote repositories, create a local ~/.ssh/config file to alias each of the keys to their corresponding repository names.
For example, if you have two repos configured on GitHub, testing and testing2, and both your cPanel and GitHub usernames are cptest, create or modify the ~/.ssh/config file with these contents:
Host testing.github.com
Hostname github.com
IdentityFile /home/cptest/.ssh/testing
User git
Host testing2.github.com
Hostname github.com
IdentityFile /home/cptest/.ssh/testing2
User git
Compared to their documentation, I would use:
IdentityFile /home/cptest/... (instead of IdentityFile=...)
User git
a FQDN-like Host entry: xxx.yyy.com
That way, the URL becomes: git clone testing.github.com:me/myRepo
If the cPanel requires a valid protocol, use:
ssh://github.com-testing/me/myRepo
^^^^^^ ^^^
(valid protocol) (/, not :)
In your case:
ssh://top25vineyards.github.com/me/myRepo
ssh://top25vineyards.github.com/Penk13/top25vineyards
(to mimic an fully-qualified domain name)
I am working on VM instances from the Google Cloud Platform and I am using Docker for the first time, so please bear with me. I am trying to follow steps to build a container because it is supposed to be a certain way for a project. I am stuck here:
Create the directory named ~/keto (~/ refers to your home directory)
Create a file ~/keto/Dockerfile
Add the following content to ~/keto/Dockerfile and save
#Pull the keto/ssh image from Docker hub
FROM keto/ssh:latest
# Create a user and password with environment variables
ENV SSH_USERNAME spock
ENV SSH_PASSWORD Vulcan
#Copy a ssh public key from ~/keto/id_rsa.pub to spock .ssh/authorized_keys
COPY ./id_rsa.pub /home/spock/.ssh/authorized_keys
I was able to Pull the keto/ssh image from the Docker hub
with no issues, but my problem is that I am unable to create the directory and I am also stuck when it comes to creating the environment variable. Can anyone guide me to what is the correct approach to:
A-build a directory and B- after I am done with the directory to create environment variables I would really appreciate it a lot. thank you
#Pull the keto/ssh image from Docker hub
FROM keto/ssh:latest
# Create a user and password with environment variables
ENV SSH_USERNAME=spock
ENV SSH_PASSWORD=Vulcan
# Create keto directory:
RUN mkdir ~/keto
#Copy a ssh public key from ~/keto/id_rsa.pub to spock .ssh/authorized_keys
ADD ./id_rsa.pub /home/spock/.ssh/authorized_keys
You may find useful the Docker’s official documentation on how to create a Dockerfile or to check how ENV variable has to be set.
I recommend always having a look at Dockerfile's hub, for this case is keto's ssh because it usually contains some guidance about the image we are going to build.
I was having a issue while experimenting with my samsung android 6.0 Device. I have downloaded Termux( Linux terminal for android which has all linux terminal functionality ). And i have converted my phone into a ssh server using SSH Client app from playstore.
So the main problem is that when i try to generate a ssh key pair using command ssh-keygen it works but it stores the ssh key into data/data/com.termux/files/home/.shh but i want it in sdcard/key/ ( I have created a directory name key ). But when i try to generate a key pair in sdcard/key it show permission denied. When i try to copy or move from data/data/com.termux/files/home/.shh/ using cp data/data/com.termux/files/home/.ssh/key_pair sdcard/key it show me permission denied so i tried to create another folder in sdcard/ and gave it permissions for read-write-execute using chmod 777 dir_name it shows me operation not permitted.
So i done a bit research on this topic on google, i found that i have to root my device then i tried to root my device using KingoRoot, iRoot, adb but it showed that Your device is too strong to bee rooted in fact i gave those app all permission and there is no antivirus or in built security disabled on my device. Then i thought to directly place it in sdcard/key but then i got to know that i cannot move anything from data/data/com.termux/files/home/.shh.
And when i tried to move files via ssh server or upload files on my ssh server via ssh admin#192.168.1.5 -p 2222 using scp command it showed me file not found but the file is in the correct directory and correct path.
And please answer the following questions that i have regarding the issues above that 1> How to move files from localhost to ssh server 2> how to root device if it is too strong to be rooted(any method)
Thanks !
I'm trying to give access to a GCE VM by adding SSH Keys to the project metadata. My current SSH key is in the project metadata and I can connect just fine using:
ssh -i ~/.ssh/<private_key> <username>#<instance_ip>
Now, I generated another key:
ssh-keygen -t rsa -f ~/.ssh/<new_key> -C <new_username>
After adding the generated public key to the project metadata, I then run:
ssh -i ~/.ssh/<new_private_key> <new_username>#<instance_ip>
But I get Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Running with -vvv flag doesn't show me much besides the key being rejected.
Things I know/checked:
firewall isn't an issue because I can connect using my original key from same location
the instance is running SSH (running nc <instance_nat_ip> 22 shows "OpenSSH" etc.)
no passphrases were used with the generation of any SSH key
there are no instance-level restrictions on project-wide metadata
there are no instance-level ssh keys already added
there are no newlines/breaks causing the key to be malformed
permissions on ~./ssh aren't an issue since another key pair works fine from the same directory, additionally, both key pairs have the same permissions anyways
OSLogin isn't enabled either on the project or instance
Things I've tried:
removing and readding the SSH keys in project metadata
trying with new key pairs generate on another person's machine
restarting sshd service
Questions:
Does the username specified during the ssh-keygen step have to already exist on the remote instance prior to adding the key to the metadata? i.e. do I have to run sudo useradd <new_username> while SSH'd into the instance Creating a new test instance revealed this to not be the case, all users in the project metadata were created automatically
why does my existing SSH key work and not new ones even though they are added the same way?
there's a chance the enable-oslogin:TRUE was applied to the instance briefly a long time ago (I'm not sure since I'm not the one who created the instance) but it's no longer there in the instance or project metadata. Would having that been enabled, even briefly, cause some issues?
EDIT: I started up a new instance in the same project with the same network details and I was able to SSH to that instance using the new key. Original instance is still denying the key
Did some digging around and found out that the systemd service that propagates accounts information from the metadata server is a daemon called google-accounts-daemon.
When I ran sudo ps aux | grep daemon I didn't see it running as I did on the test instance I created.
So when I ran sudo systemctl restart google-accounts-daemon the SSH keys magically propagated and everything worked.
I have no idea what caused the daemon to stop running in the first place, so if anyone has ideas, that'd be appreciated in case this comes up in the future.
thank you for your time.
I have an EC2 instance, but for security reasons i need to change the pem files associated in .ssh/authorized_keys. I do understand that the public pem file goes into authorized_keys.
I do not want to mount the volume of the ec2 instance to a new one. I am considering as a last option since I do have access to the EC2 instance.
How can this be done?
I have tried:
This post Change key pair for ec2 instance the answer by Pat Mcb, but no luck.
Run this command after you download your AWS pem.
ssh-keygen -f YOURKEY.pem -y Then dump the output into
authorized_keys.
Or copy pem file to your AWS instance and execute following commands
chmod 600 YOURKEY.pem and then
ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys
But that didn't work for me. If i follow it exactly download aws key pair key, and follow the instructions by coping the key when ssh into the instance, when i do ssh-keygen -f YOURKEY.pem -y >> ~/.ssh/authorized_keys It asks for a passphrase (never had to input one)
What i am doing is the following.
I create a new key with
ssh-keygen newpem.pem
and the .pub file i copy it in .ssh/authorized_keys
Can someone explain what i am doing incorrectly?
Note the authorized_keys file has the correct permissions.
Seems like you want to deprecate the old key and use a new key instead. These steps may help you -
Create a new key pair using the aws console and download it onto your system.
Retrieve the public key from the private key(.pem) file using the command - "ssh-keygen -y"
SSH into the instance using the old key.
Once you have access to the instance add the public key you got in step 2 into the "~/.ssh/authorized_keys" files and then save the file.
Log out of the instance and then try accessing the instance with the new key.
Hope it helps. Thank You !
You Don't even need to do all of this just mind few things with AWS EC2 you get a private key for default users . like ec2-user /ubuntu etc.
You are doing the right step
ssh-keygen -t rsa -C "your_email#example.com"
if it ask for entering any paraphrase leave it blank.
Just press to accept the default location and file name. If the .ssh directory doesn't exist, the system creates one for you.
Enter, and re-enter, if passphrase prompted
you have that key now .
Copy that key
Login to your Ec2 server.
sudo su
vim ~/.ssh/authorized_keys
paste the key.
:wq!
You'll see a key there copy it and save it as a backup somewhere.
Now paste your newly generated key in that file
and save the file.
now final step to take care is the permission, so run the following command.
sudo chmod 700 .ssh && chmod 600 .ssh/authorized_keys
Now you're good to go you.
Following are the steps to change your keypair on AWS EC2.
Login to AWS Console. Go to the Network and Security >> Keypair.
Give the name of your keypair (mykeypair) and keytype (RSA) and Private
keyformat (.pem). and click on the create keypair. It will ask you to
download .pem file in your local machine. Save it at and remember the
location.
Login to your EC2 instance and go to the .ssh. location. Create a new file called
(mykeypair.pem) and paste the content from the file we downloaded in step no.2
Run the command: sudo chmod 600 mykeypair.pem
Run the command: ssh-keygen -f mykeypair.pem -y and it will generate some
content. Copy that content. Open the file called autherized_keys and
remove all the content from it.
Paste the copied content that we have generated in the previous step. Also enter your file name (mykeypair) in last after entering space.
Reboot your instance. Go to the puttygen and generate the .ppk file
using the pem file you have downloaded from the keypair. You will be able to login your ec2 with the newly generated .ppk from putty.
Okay I figured out my problem. First of all I had been hacked by a hacker apparently because I didn't know that permitpasswordlogin: yes DISABLES pubkey authentication.... I thought it was additional security. So i used a very loose password that could be easily guessed. Anyways, I believe this because I went to the root folder and found that there was actually a new key in the root named "el patrono 1337" which actually means "the master/boss" in spanish... LOL. Anyways... So i changed that back to my secure key (made a new one actually) and then I went to login as ec2-user and couldnt, but could as root. was driving me crazy for 30 minutes or so until I realized I had accidentally changed the owner of my ec2-user folder to root and therefore ssh was not searching the ec2-user .ssh/authorized_keys when I tried to log in. Wow very glad that's over lol. And just fyi guys I don't think the hacker installed anything malicious, but I did get tipped off that he tried to ssh into other people's servers (who claim they get attacked by ssh alot according to the aws abuse report) from my machine. I'm running a very simple website with zero sensitive data etc. He didn't even block me out of the machine by disabling password authentication.(i guess he didn't want me to know?). I will build a new instance from scratch next time I want to add anything(will be pretty soon) just to be on the safe side.