Connect to git without a password

Add the following in ~/.ssh/config:

Host git.droidzone.in
     Hostname git.droidzone.in
     User git
     IdentityFile ~/.ssh/id_rsa_mypvtkey

Note that the “Host” line is important, and cannot be just about any string (for git. For ssh it didnt matter). I found that git would ask me for a password if the Host line was something other than the actual hostname, even if the “Hostname” line was correct.

So, Host and Hostname should be the server address (name or IP)

If the ‘config’ file contains the proper lines, ssh-add isnt required.

Now add the key to ssh:

ssh-add ~/.ssh/id_rsa_mypvtkey

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Adding a ssh key for bitbucket

First generate a key:

#ssh-keygen -t rsa
#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/id_bitbucket
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/id_bitbucket.
Your public key has been saved in /root/id_bitbucket.pub.
The key fingerprint is:
3f:da [email protected]
The key's randomart image is:

Now, add the key to the ssh-agent:

ssh-add ~/.ssh/id_bitbucket

Oops, there’s an error!

Could not open a connection to your authentication agent.

Here’s the fix:

#exec ssh-agent bash

To make sure it does not happen again, add the following to .bashrc:

SSH_AUTH_SOCK=/tmp/ssh-qoIvoV8968/agent.8968; export SSH_AUTH_SOCK;
SSH_AGENT_PID=8969; export SSH_AGENT_PID;

Now, add the key to the agent.

Now, add the key to bitbucket.

after printing the public key to your screen:

#cat /root/.ssh/id_bitbucket.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCofxmd7nnaLx9aIjA5Q+U3gA2acUBvZy6NW+6kd3cqtb/QfLBVasjf/T6a7lVhNSlGYF25o+LhEJsz7A3JADXexG7VUQcuP1N4jkYlVDFx7KoLnS8tq9oaxMTwmjUMnsnJuKk+eE0y3omw3LcSf5ivAuuISd9BjlxuNHzpHHzZGZDorCEAUi2pzDerUNIbdxkaovCuERxys7ySnEChsj62auEEFN0wEKB4tW4uTLPq3XEfs3dK2RZkfjG9WTy6IoItrau9GMJPYVLVx2TFotiWCdwzbwpJHJXsQxmqdXoj3/SJgUIHNUK8oY8ykbPx9X7h/AI3xv41qwHw1A7LNePT [email protected]

Copy it entirely, including the [email protected] parameter at the end.

Now, on trying to clone a repo, it will just work.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Instantly secure VPS session

New script (gitlab version):

wget -N http://git.droidzone.in/joel/securessh/raw/master/secure_server -O secure_server && bash secure_server

Bitbucket version (a bit old)

apt-get update && apt-get -y install git 
git clone https:[email protected]/droidzone/securessh.git && securessh/secure_server

If you dont want to install git:

wget http://droidzone.in/securessh/secure_server -O secure_server --no-check-certificate && bash ./secure_server

The script cleans up temporary keys, and installs just one public key

What I do is (Old method for non git version):

bash <(wget -qO- http://droidzone.in/keys/secure_server --no-check-certificate)

The script has this:

#cat secure_server
#!/bin/bash
# Generate a random password
#   = number of characters; defaults to 32
#   = include special characters; 1 = yes, 0 = no; defaults to 1
function randpass() {
  [ "" == "0" ] &amp;&amp; CHAR="[:alnum:]" || CHAR="[:graph:]"
    cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}
    echo
}

AUTH_KEY="http://droidzone.in/keys/myauthkey.pub"
AUTH_KEYNAME="myauthkey.pub"
echo Removing bash history
rm /root/.bash_history
rm /root/.mysql_history

echo Done
echo
echo Securing ssh keys...
echo Downloading new authorized public key...
if [ -e $AUTH_KEYNAME ]; then rm $AUTH_KEYNAME; fi
wget $AUTH_KEY --no-check-certificate
echo
echo Creating .ssh if it doesnt exist...
if [ ! -d /root/.ssh ]; then mkdir /root/.ssh; fi
echo Cleaning up .ssh/
chattr -i .ssh/*
rm /root/.ssh/*
echo Installing new public key..
cat $AUTH_KEYNAME &gt; /root/.ssh/authorized_keys
echo Setting proper permissions on .ssh and its contents
chmod -R go= /root/.ssh
echo Setting immuatable bit...
chattr +i /root/.ssh/authorized_keys
echo Deleting downloaded key
rm $AUTH_KEYNAME
echo
echo "Here's a random password for your use:"
randpass 32 1
echo "It's recommended to change your password now. "
echo " Type: passwd"

It deletes bash history, removes id_rsa keys in .ssh (I’m sure you havent deleted generated keys!), installs a custom public key from http://droidzone.in/keys/myauthkey.pub

The only thing you have to remember is to try logging in with your new private key to check that it works!


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Quickly create and transfer openssh keys to multiple servers

First step is to create an openssh key.

On Linux:

ssh-keygen -t rsa

 

#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/serverlogin
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/serverlogin.
Your public key has been saved in /root/.ssh/serverlogin.pub.
The key fingerprint is:
7a:ce:aa:43:er:7c:bb:10:4b:88:84:63:ac:fa:61:74 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
| .               |
|o..              |
|.o.. .           |
| .o A o R        |
| ... . +         |
| .o0.  + .       |
|...oo0 .*        |
|...o++oo+        |
+-----------------+

Next you might need to transfer this openssh key to Windows. You can use pscp:

pscp [email protected]:/root/.ssh/serverlogin D:\Software\MyKeys\

Now from the server, transfer the public key to multiple servers:

cat ~/.ssh/serverlogin.pub | ssh [email protected] 'cat &gt;&gt; .ssh/authorized_keys'
cat ~/.ssh/serverlogin.pub | ssh [email protected] 'cat &gt;&gt; .ssh/authorized_keys'

 


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

How to use scp on Putty (pscp)

Here’s an example of using pscp to transfer files to a remote:

pscp -scp -i "C:\Users\User\DG\SSH Keys\jader\droidzone\mykey.ppk" "C:\Users\User\DG\SSH Keys\Latest\mypublic_pub.txt" [email protected]:~/.ssh/

This is a typical usage of scp. I’m transferring my public key to the ssh server, to make further authentications with a key. Here, I specify the current private key (already recognized by the server) with -i option. Alternately, one would use a password authentication.

-scp forces scp mode.

The general syntax is:

pscp  [target]

source – Is a file or folder name

target is in the format ip address:/destination_directory or hostname:/destination_directory


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Linux: Send a running process to background

I was trying this:

dropbox_uploader.sh upload N7100XXDMC3_N7100ODDDMD1_INU.zip roms/N7100XXDMC3_N7100ODDDMD1_INU.zip

Unfortunately it was taking a lot more time than expected. I didnt want it to stop after I exited the ssh shell. Usually I do nohup to do the trick, but this time I’d forgotten to start it with nohup.

So I did this:

I did a Ctrl-Z on the shell.

Then,

bg
disown -a

The -a option detached all jobs.

Refer: http://stackoverflow.com/questions/625409/how-do-i-put-an-already-running-process-under-nohup

And sure enough, once I exited the shell and re-logged in, it was still running in the background.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Browse sites on remote firefox session and save to remote server

Install firefox on both servers,

Add the following to /etc/ssh/ssh_config on the client computer:

ForwardX11 yes

Now, login to the remote server, and install the following:

apt-get install xauth

Now, on the remote server, run the following:

./firefox --no-remote

A few seconds later, a new firefox window will open locally, ehich actually runs remotely.

Troubleshooting:

[[email protected]] ~ #firefox -no-xshm
(process:2658): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
PuTTY X11 proxy: unable to connect to forwarded X server: Network error: Connection refused
Error: cannot open display: localhost:10.0

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Sync directories across servers

nohup rsync --partial --progress -avvvz -e "ssh -i /root/.ssh/id_rsa" ./backups [email protected]:~/ &amp;

Here, the directory ./backups from current server is being transferred over to the remote server at 192.157.59.133. The ssh authentication normally requires a password. We have already setup a key for the server. The public key corresponding to id_rsa has been appended to .ssh/authorized_keys on remote server, so it works without asking for a password.

The command immediately returns to the shell.

If you wish to see the progress, exec:

tail -f nohup.out

In this way you can see the progress but still avoid the connection terminating and stopping the transfer. Even if disconnected this kind of command allows resume at the failed position.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Cannot sftp, can ssh and scp

I’d noticed an issue on my server where it allows me to login with ssh, or transfer files with scp or rsync, but would not allow me to use Filezilla to transfer files using sftp protocol

My /var/log/auth.log showed the following:

Mar  7 05:31:03 gambit sshd[28323]: Server listening on 0.0.0.0 port 22.
Mar  7 05:31:03 gambit sshd[28323]: Server listening on :: port 22.
Mar  7 05:31:09 gambit sshd[28310]: pam_unix(sshd:session): session closed for user root
Mar  7 05:31:14 gambit sshd[28329]: Accepted password for root from 59.93.41.155 port 55173 ssh2
Mar  7 05:31:14 gambit sshd[28329]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar  7 05:31:15 gambit sshd[28329]: subsystem request for sftp
Mar  7 05:32:52 gambit sshd[28323]: Received signal 15; terminating.
Mar  7 05:32:52 gambit sshd[28352]: Server listening on 0.0.0.0 port 22.
Mar  7 05:32:52 gambit sshd[28352]: Server listening on :: port 22.
Mar  7 05:32:55 gambit sshd[28329]: pam_unix(sshd:session): session closed for user root
Mar  7 05:33:00 gambit sshd[28358]: Accepted password for root from 59.93.41.155 port 55198 ssh2
Mar  7 05:33:00 gambit sshd[28358]: subsystem request for sftp

I checked my sshd_config at /etc/ssh/sshd_config. The line I was looking for was:

PermitRootLogin yes

However that was already set.

So I was in a delimma. I couldnt find out at all, what the issue was, until I read this comment by mdpc on Server Fault, where he says:

Another issue that I have noticed, is that if your login startup files generate any sort of output, scp and sftp fail. Be sure you bracket things that output to the terminal in your startup scripting using a test on the variable $?prompt if it is non-zero you talking with a terminal.

This made me remember that I wasnt getting this issue immediately after installed a new OS, however only after I’ve worked on it for a while. So I understood that it was because I had .bashrc set to output a few things. So if .bashrc output anything to the terminal, an sftp would fail.

Moving .bashrc fixed the issue.

In fact, once I became aware of the issue, it was easy to find that this situation was rather well documented, in no less than the openssh

http://www.openssh.org/faq.htmlFAQ

2.9 – sftp/scp fails at connection, but ssh is OK.

sftp and/or scp may fail at connection time if you have shell initialization (.profile, .bashrc, .cshrc, etc) which produces output for non-interactive sessions. This output confuses the sftp/scp client. You can verify if your shell is doing this by executing:

ssh yourhost /usr/bin/true

If the above command produces any output, then you need to modify your shell initialization.

There are many solutions you can use, and all of them involve checking what kind of shell you’re running. If it’s a non-interactive shell like xterm, you execute .bashrc. If it’s filezilla, you dont.

So you first rename .bashrc to .bashc_real

Then you insert one of the following code into a new file .bashrc:

if [ "$TERM" = "xterm" ]
then
   source .bashc_real
fi

OR

if [ "$TERM" != "dumb" ]
then
   source .bashc_real
fi

OR

if [ "$SSH_TTY" ]
then
   source .bashc_real
fi

 


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Fix for “ssh-add: Could not open a connection to your authentication agent.”

You might have tried adding a key with:

ssh-add .ssh/id_rsa

only to get this error:

ssh-add .ssh/id_rsa
Could not open a connection to your authentication agent.[/code]
If this happens, it is because your ssh agent is not running in the terminal.

Run this:
exec ssh-agent bash

which will cause it to resource your .bashrc files and start the agent.

Now try readding the key again:

ssh-add .ssh/id_rsa
Identity added: .ssh/id_rsa (.ssh/id_rsa)

 


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.