ssh public key

By OK -
-v Verbose mode. Causes ssh to print debugging messages about its progress.
This is helpful in debugging connection, authentication, and configuration
problems. Multiple -v options increase the verbosity. The maximum is 3.

-T Disable pseudo-tty allocation.
As explained in "gitolite: PTY allocation request failed on channel 0", it is important to do ssh test connection with -T, because some server could abort the transaction entirely if a text-terminal (tty) is requested.

-i identity_file
Selects a file from which the identity (private key) for public key authenti‐
cation is read. The default is ~/.ssh/identity for protocol version 1, and
~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for proto‐
col version 2. Identity files may also be specified on a per-host basis in
the configuration file. It is possible to have multiple -i options (and mul‐
tiple identities specified in configuration files). ssh will also try to load
certificate information from the filename obtained by appending -cert.pub to
identity filenames.


If your local system has the ssh-copy-id tool installed, you can directly add your public key to the server's authorized_keys file with a single command:

$ ssh-copy-id john@serverdomain

 Additionally, you can use the verbose flag (-v or -vvv) with the ssh command to get details of every step taken by the SSH client.
sshuser1@ubuntu2:~/.ssh$ ssh-copy-id -i ubuntu@192.168.40.128
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ubuntu@192.168.40.128's password: 

 Number of key(s) added: 1

 Now try logging into the machine, with:   "ssh 'ubuntu@192.168.40.128'"
and check to make sure that only the key(s) you wanted were added.

 sshuser1@ubuntu2:~/.ssh$ ssh ubuntu@192.168.40.128
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-77-generic i686)

  * Documentation:  https://help.ubuntu.com/

 43 packages can be updated.
26 updates are security updates.

 New release '16.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
WARNING: Security updates for your current Hardware Enablement Stack
ended on 2016-08-04:
 * http://wiki.ubuntu.com/1404_HWE_EOL

 There is a graphics stack installed on this system. An upgrade to a
configuration supported for the full lifetime of the LTS will become
available on 2016-07-21 and can be installed by running 'update-manager'
in the Dash.
    
You have new mail.
Last login: Tue May 19 12:46:08 2015 from 192.168.174.129
=====================================
testus@ubuntu2:~$ mkdir .ssh
testus@ubuntu2:~$ touch .ssh/authorized_keys
testus@ubuntu2:~$ pwd
/home/testus
testus@ubuntu2:~$ chmod 700 .ssh/
testus@ubuntu2:~$ chmod 600 .ssh/authorized_keys 

 testus@ubuntu2:~$ pwd
/home/testus
testus@ubuntu2:~$ ssh-key
ssh-keygen   ssh-keyscan  
testus@ubuntu2:~$ ssh-keygen 


testus@ubuntu2:~/.ssh$ cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwNEA2qSBDmOBH2J3RsaPqBqbKQ1UxzFsJaNCciupHrJHBZxAFhWQhTy+AYuPgAIMMTQVP/bBheWjAp6ql8YTtGdxBAQhlbuH330NTYVamAgYV5V57uOh2vgPTTRCFt28VWmwx2MMdDpENsyKlNpbA8ZzVsjS3aggmZ1/G83NiEvQ5rSqQcVgKXlFawVqXM0TNQfDK8IyDP6esK8iEEZdZOKUTcCjUkpxEP6HECEqpNkDclI9DkjYqV4Mi57QhFBZnGivYuqIyPpvU/GB3bhftK49pqkDtj6Pk8fc35Si1PbMYU3mdsOJWEve6WlcgU+f4R5Sg8JGBLjRLiijQHVb testus@ubuntu2


testus@ubuntu:~/.ssh$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwNEA2qSBDmOBH2J3RsaPqBqbKQ1UxzFsJaNCciupHrJHBZxAFhWQhTy+AYuPgAIMMTQVP/bBheWjAp6ql8YTtGdxBAQhlbuH330NTYVamAgYV5V57uOh2vgPTTRCFt28VWmwx2MMdDpENsyKlNpbA8ZzVsjS3aggmZ1/G83NiEvQ5rSqQcVgKXlFawVqXM0TNQfDK8IyDP6esK8iEEZdZOKUTcCjUkpxEP6HECEqpNkDclI9DkjYqV4Mi57QhFBZnGivYuqIyPpvU/GB3bhftK49pqkDtj6Pk8fc35Si1PbMYU3mdsOJWEve6WlcgU+f4R5Sg8JGBLjRLiijQHVb testus@ubuntu2

testus@ubuntu2:~/.ssh$ ssh testus@192.168.40.128
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-77-generic i686)
testus@ubuntu:~$ exit

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more

teamcity Automatic Agent Start under Linux

By OK -
Automatic Agent Start under Linux To run agent automatically on the machine boot under Linux, configure daemon process with the  agent.sh start  command to start it and  agent.sh stop  command to stop it. Refer to an example procedure below: 1. Navigate to the services start/stop services scripts directory: cd /etc/init.d/ 2. Open the build agent service script: sudo vim buildAgent 3. Paste the following into the file : #!/bin/sh ### BEGIN INIT INFO # Provides: TeamCity Build Agent # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start build agent daemon at boot time # Description: Enable service provided by daemon. ### END INIT INFO #Provide the correct user name: USER="agentuser" case "$1" in start) su - $USER -c "cd BuildAgent/bin ; ./agent.sh start" ;; stop) su - $USER -c "cd BuildAgent/bin ; ./agent.
Read more