ssh-keygen -t rsa -f ~/some_folder/username -C username
ssh keygen set name
Leave a reply
Tag Archives: OpenSSH
SSH Received disconnect from 192.168.0.100 port 22:2: Too many authentication failures
ssh -o IdentitiesOnly=yes 192.168.0.100
Unable to negotiate with xx.xx.xx.xx port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.100
ssh: connect to host xx.xx.xx.xx port 22: No route to host
ping xx.xx.xx.xx
firewall-cmd --permanent --add-port=22/tcp
firewall-cmd --reload
run ssh server verbose
/usr/sbin/sshd -ddd -p 2222
no matching cipher found: client arcfour server
Control socket connect: Connection refused
sshd -T | grep "\(ciphers\)"
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
arcfour is disabled on Centos 7, its weak, but you can enable it to speed rsync or rnaspshopt
vi /etc/ssh/sshd_config
Ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc,arcfour,arcfour128,arcfour256
Warning: the ECDSA host key for ‘xxx.xxx.com’ differs from the key for the IP address 192.168.111.1
Warning: the ECDSA host key for ‘xxx.xxx.com’ differs from the key for the IP address 192.168.111.1
Are you sure you want to continue connecting (yes/no)
ssh-keygen -R 192.168.111.1
ssh use multiplexing with rsync
This will increase rsync speed.
vi ~/.ssh/config
host *
controlmaster auto
controlpath /tmp/ssh-controlmaster-%r@%h:%p
ssh user@hostname
In other terminal:
ssh -O check user@hostname
Master running (pid=444444)
#ssh -O stop user@hostname
#ssh -O exit ser@hostname
rsync -avz -e ssh /some/path user@hostname:/some/path
ssh remove cm_socket session
If you still can get access to server without password after logout it means you have SSH ControlMaster session on your ~/.ssh/cm_socket/
So:
ls -la ~/.ssh/cm_socket/ | grep 132.168.2.100
[email protected]:22
rm -rf ~/.ssh/cm_socket/[email protected]:22
Another way: ssh -O stop 132.168.2.100
ubuntu Missing privilege separation directory: /var/run/sshd
start-stop-daemon –start –pidfile /var/run/sshd.pid –exec /usr/sbin/sshd — -p 22
If error like missing privilege separation directory: /var/run/sshd
mkdir /var/run/sshd
chmod 0755 /var/run/sshd
linux add public key to server
If ssh-copy-id hangs, you can use this:
cat ~/.ssh/*.pub | ssh [email protected] '[[ ! -d .ssh ]] && mkdir .ssh && chmod 700 .ssh || cat >> .ssh/authorized_keys && echo "Key copied"
sshd error: could not load host key
rm -rf /etc/ssh/ssh*key
systemctl restart sshd
for Debian OS:
rm -rf /etc/ssh/ssh*key
dpkg-reconfigure openssh-server
ssh_exchange_identification: read: Connection reset by peer
Fix.
It means there are some restrictions from server side, like some SSH wrapper rules are blocking access to this server. You should contact the server administrator, if you suddenly lost ability to access the server.
multi-factor authentication OpenSSH
sshd(8): Added support for multiple required authentication in SSH
protocol 2 via an AuthenticationMethods option. This option lists
one or more comma-separated lists of authentication method names.
Successful completion of all the methods in any list is required for
authentication to complete. This allows, for example, requiring a
user having to authenticate via public key or GSSAPI before they
are offered password authentication.
I found interesting article about Google authentication http://www.heitorlessa.com/ssh-two-factor-authentication/
Why multi factor authentication important? For example it is very easy to require both an ssh public key and a password to login. If you don’t have the public key, you will never see the password prompt window.