I have to set up ssh connection to VM on Google Cloud Platform that won't requiere any keys, just username and password. Is that possible?
To enable SSH password authentication on Compute Engine instances, you must edit the sshd_config file, to do that first go to your instance by clicking on the “SSH” button next to the instance name on Cloud Console.
Then a terminal appears and you should be able to edit the config file using: sudo nano /etc/ssh/sshd_config
Then, change the line: PasswordAuthentication no to PasswordAuthentication yes
Also, if you need to have directly root ssh access with username/password authentication, also change the line: PermitRootLogin no to PermitRootLogin yes
After making that changes, restart the SSH service by running the following command:
1.- If your OS is Ubuntu/Debian: sudo service ssh restart
2.- If your OS is CentOS/RedHat: sudo service sshd restart
Now you should be able to login with username/password authentication.
Related
I am unable to connect to the VM of a compute engine instance.
My account is out of the organization, considering "a.man#company.com" as user, "wordpress-1-vm" as instance and "project-1" as project for example.
My SSH key is already existing, this is the same key for other servers.
At organization level, we added the roles/compute.osLoginExternalUser to my account and enable-oslogin was set to TRUE.
Now connecting with gcloud is ok.
gcloud compute ssh --zone "us-central1-c" "wordpress-1-vm" --tunnel-through-iap --project "project-1"
From the docs, I ran the command:
gcloud compute os-login ssh-keys add --key-file="D:\Path\to\key.pub" --project=project-1 --ttl=730d
According to gcloud command, my user should be "ext_a_man_company_com".
This should work but connecting to ext_a_man_company_com#instance-ip:22 using ppk on PuTTY is returning
"Server refused our key"
Disconnected: No supported authentication methods available (server sent: publickey)
How should I connect to this server ?
NB: I also tried by adding ssh key to metadata with no success.
You can try troubleshooting OS Login configuration using these instructions.
If you are trying to add the key directly via VM's metadata then you need to remember to turn off OS Login for this particular VM to make it work.
Assuming both options don't work then I recommend checking your putty configuration and making sure you're using the correct user. You should be able to see what is happening in sshd logs directly on your instance (logging via console or gcloud to gain access).
In the current setup, I have a bastion/ jump server with a public IP with password authentication and MFA enabled with google authenticator.
I have a private host with inbound rules allowing ssh only from the security group where my bastion host is existing.
The ask is, I want to allow the users of my jumpbox host to directly login to the private hosts in the cluster with their password, instead of me creating their users and setting a password for them in the private host(with a user data or using an elastic IP).
Currently, I am creating a user in the private servers by using an elastic IP. I am expecting a solution where I could have a script in the user data which will allow all the users of the bastion host to log in directly with their password. That way I only will have to create users in the bastion host and not worry about the private hosts.
Steps to reproduce:
Create an EC2 in the public subnet.
log in as the root user.
Edit the /etc/ssh/sshd_config file.
Update the following lines.
PasswordAuthentication yes
PermitRootLogin yes
Setup a password for the ec2-user with the following command
passwd ec2-user
enter the password
Enable google authenticator for the bastion host.
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install google-authenticator.x86_64 -y
sudo vi /etc/pam.d/sshd
Add this line at the end.
auth required pam_google_authenticator.so nullok
sudo vi /etc/ssh/sshd_config
Add this line ChallengeResponseAuthentication yes
Open the google-authenticator and set up MFA.
refer this page for more info: https://www.middlewareinventory.com/blog/aws-mfa-ssh-ec2-setup/
finally, restart the sshd service
service sshd restart
Now, create an EC2 instance in the private subnet and allow inbound traffic from port 22(SSH) from the security group of your jumpserver.
By default, the private ec2 will ask for the private key. I could forward the private key from my local system from the bastion host to the private server. But instead, I want to use password authentication even for the private servers.
I hope the description was concise enough. Let me know in the comments if you need anything else.
I have google account that is not #gmail ; it is "XXXX#myUnuiversity.edu"
I created ubuntu instance in Google Cloud Platform
I want to use mobaXterm to connect to this instance:
I used:
ssh XXXX#myUnuiversity.edu#the_external_IP_for_the_insatnce
But, I got error
Permission denied (publickey).
This error can occur for several reasons. The following are some of the most common causes of this error:
1.- You used an SSH key stored in metadata to connect to a VM that has OS Login enabled. If OS Login is enabled on your project, your VM doesn't accept SSH keys that are stored in metadata.
To resolve this issue, try one of the following:
Connect to your VM using the Google Cloud Console or the gcloud command-line tool.
Add your SSH keys to OS Login.
Disable OS Login
2.- You used an SSH key stored in an OS Login profile to connect to a VM that doesn't have OS Login enabled. If you disable OS Login, your VM doesn't accept SSH keys that were stored in your OS Login profile.
To resolve this issue, try one of the following:
Connect to your VM using the Google Cloud Console or the gcloud command-line tool. .
Enable OS Login.
Add your SSH keys to metadata
3.- You connected using a third-party tool and your SSH command is misconfigured. If you connect using the ssh command but don't specify a path to your private key or you specify an incorrect path to your private key, your VM refuses your connection.
To resolve this issue, try one of the following:
Run the following command:
ssh -i PATH_TO_PRIVATE_KEY USERNAME#EXTERNAL_IP
Replace the following:
PATH_TO_PRIVATE_KEY: the path to your private SSH key file.
USERNAME: the username of the user connecting to the instance. If you manage your SSH keys in metadata, the username is what you specified when you created the SSH key. For OS Login accounts, the username is defined in your Google profile.
EXTERNAL_IP: The external IP address for your VM.
Here you can find the documentation from Google. https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh
This error can occur for several reasons
More details/solutions in the link below:
https://cloud.google.com/compute/docs/troubleshooting/troubleshooting-ssh#permission_denied
But the easiest way to connect via SSH client using the command-line, is to use gcloud using
gcloud compute ssh <YOUR_INSTANCE_NAME>
Below the doc explaining how to install gcloud (Google Cloud SDK) on windows
https://cloud.google.com/sdk/docs/install#windows
I was configuring cPanel in a Amazon EC2 CentOS server. I was able to reach the login screen of WHM by using https://ipaddress:2087. But I can't enter inside it. I tried all my root and other user passwords.
Is there any different configurations like "/usr/libexec/webmin/changepass.pl /etc/webmin root password" of Webmin, specific for cPanel?
Or is there any recommended method to install cPanel? I am ready to start other server and perform as CentOS needs fresh server. Also I have added the Elastic IP.
There is no different configuration of cPanel for Amazon EC2 server. I will suggest you please try to login your server through SSH and try to disable cPHulk Brute Force Protection on your server with the following command. May be your account is blocked in cPHulk Brute Force Protection database and due to that you are getting this issues.
/usr/local/cpanel/bin/cphulk_pam_ctl --disable
Enter the command below in the linux terminal to update your root password incase you forgot
passwd
enter a non dictionary password
confirm the new password
use that password to login whm at https://ipaddress:2087
I have just set up a new cloudLinux AMI instance on AWS and have correctly ssh in from my terminal with the key pair. However it is requesting a password for the instance which I have not set. Any thoughts on how to ascertain this password so I can get into the server?
ssh -i root#<--Instance Public IP -->
terminal requests password: ?????
A lot of AMI's don't let you log in as root. Try logging in as the user "ec2-user".
ssh -i mypem.pem ec2-user#my-ip