I have little idea in security aspects in and outside docker world.
As the document states, I tried the below command
docker trust key generate jeff
Whenever I run this command first time it will automatically generate a root key. Isn't it possible to generate a root key based on my own existing pem file? I have checked docker and notary client/ server etc there is no information regarding this. I hope this is a valid question.
Yes we can do that
Reference Link:https://docs.docker.com/engine/reference/commandline/trust_key_load/#:~:text=docker%20trust%20key%20load%20adds%20private%20keys%20to,this%20command%2C%20refer%20to%20the%20examples%20section%20below.
Below are the steps to load existing pem file (ie private key) .It works only in windows VM Image.(Not Ubuntu Image)
set DOCKER_CONTENT_TRUST=1
docker trust key load privatekey.pem --name username
Enter passphrase :
docker trust signer add --key publickey.pem username dockerimageregistry.azurecr.io/hello-world:signed
I am a first time AWS user, and have been following this tutorial
to set up with Ubuntu. I've generated my keys, saved to my computer, and now I'm at a screen that looks like this:
and the next steps is "put in your key"... I have been searching for hours on the internet, and I can not figure out where to find my key. Am I just pasting in the ssh file I have already saved on my folder, or is there a unique string within that file that I am needing to grab? If so - how do I find that? If not, what am I looking for here? Any help would be appreciated!! Sorry if this is a very elementary question. Thanks!!
Hopefully #error2007s helped but just in case -- you would need to put in your public key that is usually stored in a file called id_rsa.pub in your .ssh folder in your home directory. It starts with ssh-rsa, has a long list of letters and numbers and then ends with the email address you used when creating the key. You can list out the contents of that file by typing this in your terminal:
cat ~/.ssh/id_rsa.pub
That is what you need to add to the file on your server when you typed ~/.ssh/authorized_keys. Let me know if you have any other questions!
To be Direct to your question, on your blank nano editor for authorized_keys, you must put content of id_rsa.pub located under /home/deploy/.ssh/id_rsa.pub. you can simply cat /home/deploy/.ssh/id_rsa.pub, copy entire content and paste on the authorized_keys.
general steps to generate keys are below:
1) ls -ltr /home/deploy/.ssh - you would see like id_rsa, id_rsa.pub and authorized_keys. If you don't have authorized_keys, then do cp id_rsa.pub authorized_keys, it will copy id_rsa.pub content to authorized_keys. Please be sure that .ssh folder has 700 permission and files inside it has 600. Chmod 700 ~/ssh and Chmod 600 ~/ssh/*.
2) Create a key file in your local computer like (nano mydeploykey.pem) and make sure you copy the entire content of id_rsa and paste it on mydeploy.pem. Please ensure -----BEGIN RSA PRIVATE KEY----- contents and -----END RSA PRIVATE KEY----- is present. Note that there are five (5) dashes ----- and make sure you have those in your keys. If you missed copying one dash, it will not work.
Alternatively, you can use winscp or filezilla to copy id_rsa to your local computer and rename it as mydeploykey.pem. this key (mydeploykey.pem) should have 600 permission as well, if its too open, it will complain.
if you are using terminal to login, please use the following command.
ssh -i /path/to/mydeploykey.pem ubuntu#awspublicipaddress. Let me know if this does not work.
I am following this guide to set ruby on rails environment on my Mac El Captain.
I followed upto installing homebrew, ruby latest version 2.2.3 with rbenv. Now, I was setting up git.
Followed up first few commands
git config --global color.ui true
git config --global user.name "YOUR NAME"
git config --global user.email "YOUR#EMAIL.com"
ssh-keygen -t rsa -C "YOUR#EMAIL.com"
Now, I have been asked to save the generated key. I saved it to ~ directory with a name file. I have now two files namely file and file.pub.
I went to this link to copy ssh key. I clicked on Add SSH key option there. Named the key ROR SSH Key.
The key in file.pub looks like
ssh-rss asfjasfhjalsfdhaskfdhalsdfsdf\asdf\as\dg\sa\fasdfas\f\asdf---so on random numbers---adfasdfasfa myemail#gmail.com
and I pasted the key there in github and saved the key.
Then, I went back to terminal and typed the below command.
ssh -T git#github.com
but I didn't received any message saying "Hi excid3! You've successfully authenticated, but GitHub does not provide shell access."
I got a message saying
The authenticity of host 'github.com (192.30.251.130)' can't be established.
RSA key fingerprint is SHA256:nThbg6sdfgdfgsdfgGOCspRomTxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.251.130' (RSA) to the list of known hosts.
Permission denied (publickey).
Here above I have change few characters in SHA256 key. Just for security. Also, I have changed IP address a little bit for the same. But, the idea behind it is same.
Please guide me what's wrong. Thanks.
By default, ssh will look in the ~/.ssh folder for your private keys. Since you saved it in ~ instead, it can't find it.
You can either:
Move the file and file.pub files into ~/.ssh and rename to id_rsa and id_rsa.pub, as OS X will automatically use those files for any ssh command (if you hadn't manually entered a filename, this is where ssh-keygen would have saved them).
Use the ssh-add -K file command to permanently add your key to the OS X Keychain.
Note that GitHub's own instructions say they "strongly suggest keeping the default settings" instead of saving the private/public key somewhere else.
I can authenticate successfully with putty on the server with my private key and passphrase. But when I try to do it with jenkins publish over SSH plugin (using Test for configuration), I get the following error message:
jenkins.plugins.publish_over.BapPublisherException: Failed to connect session for config myconfig. Message [Auth fail]
I entered the same information as in putty:
Hostname : myhostname
Username : myusername
Remote Directory :
Use password authentication, or use a different key Passphrase / Password
Path to key : checked
Path to key : mypath
Passphrase : mypasssword
Key:
Port:22
Timeout(ms):300000
If you have any idea ...
Thanks for your help.
Looks like you're using keyfile authentication, so you'll get this error from Jenkins if you haven't set the permissions correctly on your .ssh folder and/or ~/.ssh/authorized_keys file.
the .ssh folder should have drwx------ permissions (read/write/execute owner only)
the authorized_keys file should have -rw------- permissions (read/write owner only)
To fix it:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
I ran into the same issue today and it turned out i was accidentally supplying the path to the public key instead of the private one.
So the "path to key" should be something like
.ssh/id_rsa
instead of
.ssh/id_rsa.pub
Because your linux login need password, the answer is :
1. Passphrase: your passphrase
2. path to key: your private key path
3. key : blank
4. Disable exec : un-check
SSH Servers
1. Name: remote_user#remotehost.com
2. hostname: remotehost.com
3. Username: remote_user
4. Remote Directory: empty
Advanced --
5. check the box "use passsword authentication, or use a different key"
`important`
6. Passphrase / Password: your linux login password`important`
7. path to key: blank
8. key:blank
9. port: 22
10. Timeout(ms): 300000
'Test Configuration'
success
Check that the public key is in the .ssh/authorized_keys file on the target server, even if the target server is the same as the jenkins server. I had what is probably the same problem, and it turned out that I needed this, even though ssh localhost worked fine.
(Addendum: also check that the jenkins server has the target server in its .ssh/known_hosts file, as that can affect this as well.)
I think as it says this is a authentication issue:
Use password authentication, or use a different key
Selecting this option will produce 3 more configuration boxes that mirror the options available for the Jenkins SSH Key.
Passphrase / Password
If either Path to key or Key are configured then this is the passphrase to use with the encrypted key.
If no key is configured then this is the password that will be used for password authentication.
Path to key
See description above.
Key
See description above.
Disable exec
This option will remove the ability to execute commands using this configuration.
LINK HERE
I am facing same issue , the following steps work for me:- ( i am using jenkins 1.57)
Go to http:///jenkins/manage
Configure System
Browse to Publish over SSH section
Passphrase: blank
path to key: blank
key : blank
Disable exec : un-check
SSH Servers
-- Name: remote_user#remotehost.com
-- hostname: remotehost.com
-- Username: remote_user
-- Remote Directory: empty
-- Advanced
-- check the box "use passsword authentication, or use a different key"
-- port: 22
-- Timeout(ms): 300000
-- 'Test Configuration'
success
Try restarting ssh of remote server
/etc/init.d/sshd restart
Don't do any ssh-keygen. Just enter the pem key details under key field,
Add SSH server details: Name, Hostname and Username as ec2-user.
Click test connection and it works.
Sometimes the SSH connection would fail, if the destination server doesnt have enough disk space to perform PUT operation
{ERROR: Exception when publishing, exception message [Failure]}
Make sure to verify the destination server has enough disk space.
In case of Linux, you can use 'df -kh /directoryname' to check the disk space
Just copy jenkins-user's id_rsa.pub to the end of ~/.ssh/authorized_keys on remote host.
I was having the same exact issue today and thought I would share what worked for me
Normally when I would SSH into my ec2 instance AWS likes the username to be
ubuntu#[ip address/url]
Jenkins likes it to be just the username so remove the rest
ubuntu
If you use RSA key, and see string like this in your private key:
-----BEGIN RSA PRIVATE KEY-----
***************************************
-----END RSA PRIVATE KEY-----
You need edit config file sshd on remote machine:
sudo vim /etc/ssh/sshd_config
add in this file stoke:
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
I have the same problem,I am on windows, the solution:
open the openssh debug model, no can see the error detail, detail click
Stop the sshd service
Type 'sshd -d' in PowerShell
no if you connect again ,you can see the error detail, my error is
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
we can add PubkeyAcceptedKeyTypes=+ssh-rsa in server sshd_config file, detail click
now test success, if still has error like Failed to connect SFTP channel and debug is
debug1: subsystem: cannot stat sftp-server.exe: No such file or directory
this because the openssh no in windows system path. detail click
I am following this guide: https://thesweetsetup.com/how-to-use-digital-ocean-for-web-development-on-an-ipad/ To setup an environment on an iPad using Blink/Mosh.
I generated a droplet in the DO UI and added the public key I created using ssh-keygen in blink (also tried ssh-keygen -m pem). When I do ssh root#<IP-ADDRESS. I get the usual dialog:
Ed25519 key fingerprint is SHA256:<key>.
The server is unknown.
Do you trust the host key? (yes/no): yes
This new key will be written on disk for further usage.
Do you agree? (yes/no): yes
After this I just get back to blink. If I try to SSH again nothing happens. If I try to say ssh -i id_rsa root#<IP-ADDRESS> also nothing happens.
What am I doing wrong? I found this: https://github.com/blinksh/blink/issues/725 But do not understand what to do to fix.
I had this same problem. The blink terminal didn't give me any output or anything. The problem is that you have to give the full path of the id_rsa file (from the perspective of your default blink directory). So instead of ssh -i id_rsa root#<IP-ADDRESS>, do ssh -i .ssh/id_rsa root#<IP-ADDRESS>.
Btw one difference in our ssh key creation is that you created your key with the command ssh-keygen -m pem while I used ssh-keygen -t rsa -b 4096. I don't think that should be a problem though.
I had this same issue on some DO droplets I had. I had already set up the droplets with another key and added a new one for my blink app through the DO interface with no luck.
Realized that I had to still add the new public key to the authorized keys file in your users .ssh directory. ( ~/.ssh/authorized_keys ) and this solved my problem.
I did this through the device I was already using successfully, and copied to new key to that device to paste in.