ssh public key

By OK -
-v Verbose mode. Causes ssh to print debugging messages about its progress.
This is helpful in debugging connection, authentication, and configuration
problems. Multiple -v options increase the verbosity. The maximum is 3.

-T Disable pseudo-tty allocation.
As explained in "gitolite: PTY allocation request failed on channel 0", it is important to do ssh test connection with -T, because some server could abort the transaction entirely if a text-terminal (tty) is requested.

-i identity_file
Selects a file from which the identity (private key) for public key authenti‐
cation is read. The default is ~/.ssh/identity for protocol version 1, and
~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for proto‐
col version 2. Identity files may also be specified on a per-host basis in
the configuration file. It is possible to have multiple -i options (and mul‐
tiple identities specified in configuration files). ssh will also try to load
certificate information from the filename obtained by appending -cert.pub to
identity filenames.


If your local system has the ssh-copy-id tool installed, you can directly add your public key to the server's authorized_keys file with a single command:

$ ssh-copy-id john@serverdomain

 Additionally, you can use the verbose flag (-v or -vvv) with the ssh command to get details of every step taken by the SSH client.
sshuser1@ubuntu2:~/.ssh$ ssh-copy-id -i ubuntu@192.168.40.128
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ubuntu@192.168.40.128's password: 

 Number of key(s) added: 1

 Now try logging into the machine, with:   "ssh 'ubuntu@192.168.40.128'"
and check to make sure that only the key(s) you wanted were added.

 sshuser1@ubuntu2:~/.ssh$ ssh ubuntu@192.168.40.128
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-77-generic i686)

  * Documentation:  https://help.ubuntu.com/

 43 packages can be updated.
26 updates are security updates.

 New release '16.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
WARNING: Security updates for your current Hardware Enablement Stack
ended on 2016-08-04:
 * http://wiki.ubuntu.com/1404_HWE_EOL

 There is a graphics stack installed on this system. An upgrade to a
configuration supported for the full lifetime of the LTS will become
available on 2016-07-21 and can be installed by running 'update-manager'
in the Dash.
    
You have new mail.
Last login: Tue May 19 12:46:08 2015 from 192.168.174.129
=====================================
testus@ubuntu2:~$ mkdir .ssh
testus@ubuntu2:~$ touch .ssh/authorized_keys
testus@ubuntu2:~$ pwd
/home/testus
testus@ubuntu2:~$ chmod 700 .ssh/
testus@ubuntu2:~$ chmod 600 .ssh/authorized_keys 

 testus@ubuntu2:~$ pwd
/home/testus
testus@ubuntu2:~$ ssh-key
ssh-keygen   ssh-keyscan  
testus@ubuntu2:~$ ssh-keygen 


testus@ubuntu2:~/.ssh$ cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwNEA2qSBDmOBH2J3RsaPqBqbKQ1UxzFsJaNCciupHrJHBZxAFhWQhTy+AYuPgAIMMTQVP/bBheWjAp6ql8YTtGdxBAQhlbuH330NTYVamAgYV5V57uOh2vgPTTRCFt28VWmwx2MMdDpENsyKlNpbA8ZzVsjS3aggmZ1/G83NiEvQ5rSqQcVgKXlFawVqXM0TNQfDK8IyDP6esK8iEEZdZOKUTcCjUkpxEP6HECEqpNkDclI9DkjYqV4Mi57QhFBZnGivYuqIyPpvU/GB3bhftK49pqkDtj6Pk8fc35Si1PbMYU3mdsOJWEve6WlcgU+f4R5Sg8JGBLjRLiijQHVb testus@ubuntu2


testus@ubuntu:~/.ssh$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwNEA2qSBDmOBH2J3RsaPqBqbKQ1UxzFsJaNCciupHrJHBZxAFhWQhTy+AYuPgAIMMTQVP/bBheWjAp6ql8YTtGdxBAQhlbuH330NTYVamAgYV5V57uOh2vgPTTRCFt28VWmwx2MMdDpENsyKlNpbA8ZzVsjS3aggmZ1/G83NiEvQ5rSqQcVgKXlFawVqXM0TNQfDK8IyDP6esK8iEEZdZOKUTcCjUkpxEP6HECEqpNkDclI9DkjYqV4Mi57QhFBZnGivYuqIyPpvU/GB3bhftK49pqkDtj6Pk8fc35Si1PbMYU3mdsOJWEve6WlcgU+f4R5Sg8JGBLjRLiijQHVb testus@ubuntu2

testus@ubuntu2:~/.ssh$ ssh testus@192.168.40.128
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-77-generic i686)
testus@ubuntu:~$ exit

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more