In the process of creating a custom VPC, i first created an EC2 instance and mapped it to the Public subnet and then created another EC2 and mapped it to Private subnet. Now from within the putty i could able to ping to my private subnet from my public subnet, but after that,i couldn't able to understand how to SSH from public to private subnet. Whether we need to copy the contents of .pem or .ppk file into the ec2 instance attached to the public subnet. I tried copying the content of .pem file into ec2 and also changed the access to 0600 for the .pem and when i tried to SSH from public subnet to private subnet, i was getting the following error as "warning permanently added (ecdsa) to the list of known hosts. permission denied (publickey)". I am doing all this from my Windows OS laptop and i created a Amazon Linux instances for Public and Private
You probably created a keypair when you created the AWS instance. Assuming that you want to ssh from the public instance to the private instance, now you need to take the pem file that you downloaded and copy it to the public instance. Did you use ubuntu to create your instance? Then from the public instance console, you'll ssh -i your_keyname.pem ubuntu#your_private_ip If you used the amazon linux ami, then ssh -i your_keyname.pem ec2-user#your_private_ip. Now if you were intending something else, please edit your question accordingly.
I don't think to make a copy of keypair file into EC2 Instance.
Use this command to login another EC2 Instance.
ssh -v -i key -l username instance-IP
The easiest way to copy the .pem file to AMI is using sftp
try replacing sftp in place of ssh to connect your instance from MAC terminal and you will get sftp> prompt.
once you get sftp> prompt use " put 'your key name'
and your file will be uploaded to AMI
Related
I'm trying to clone a private Github repo to a new Amazon EC2 (Ubuntu) instance.
The EC2 Instance fails to git clone <PATH> due to
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Here's my steps:
Run ssh-keygen on local machine
Add the newly generated public key (~/.ssh/id_rsa.pub) into GitHub 'SSH Keys' section
Also import that public key into the EC2 'Key Pairs' dashboard
Make the instance ensuring that new Key Pair is used during launch
log into EC2 instance, update yum and yum install git etc
Try git clone <PATH> but get permission error. Works fine on local machine...
I'm not fully understanding how EC2 is using my Key Pair... why doesn't GitHub recognize the EC2 instance?
"Also import that public key into the EC2 'Key Pairs' dashboard"
That only allows you to use that key pair for SSH into EC2 instances. And only instances that you create after you add that key pair to AWS. That key pair management dashboard has nothing to do with the git command you are running on the EC2 server.
You need to copy your local ~/.ssh/id_rsa private key file to that same location on the EC2 server.
I want to edit code on server over VS code ssh. With public access server it works fine. I just connect to IP over ssh with my key by VS Code ssh extension. But now I want to edit code on private server that can be accessed over public one.
Over terminal connection process look like:
> ssh -i key user#10.445.322.12
connected to public server
> ssh -i key user#172.43.65.11
connected to private server
So how I can achieve that? This two servers hosted on EC2 Amazon.
You can use SSH's feature ProxyJump to achieve this.
Press Ctrl+Shift+P and run command Remote-SSH: Open SSH Configuration File:
Insert both hosts and add the ProxyJump directive to your private server:
Host PublicServer
HostName 10.445.322.12
User user
Host PrivateServer
HostName 172.43.65.11
User user
ProxyJump PublicServer
Afterwards you should be able to connect to PrivateServer directly from VS Code.
I am using vscode to connect to a remote host. I use Remote-SSH (ms-vscode-remote.remote-ssh) extension to do so. Every time I want to connect to the remote host, I need to enter the password.
Is there a way to save the ssh password to vscode?
To setup password-less authentication for ssh on Visual Studio Code, perform the following steps.
These examples assume the following (replace with your actual details)
Host: myhost
Local User: localuser
Remote User: remoteuser
Remote User Home Dir: remoteuserhome
SSH Port: 22
I'm using a Mac so Windows will be a bit different but the basics are the same
Tell VS Code and your machine in general how you will be connecting to myhost
Edit:
/Users/<localuser>/.ssh/config
Add:
Host <myhost>
HostName <myhost>
User <remoteuser>
Port 22
PreferredAuthentications publickey
IdentityFile "/Users/<localuser>/.ssh/<myhost>_rsa"
Next generate a public and a private key with something like OpenSSL
ssh-keygen -q -b 2048 -P "" -f /Users/<localuser>/.ssh/keys/<myhost>_rsa -t rsa
This should make two files:
<myhost>_rsa (private key)
<myhost>_rsa.pub (public key)
The private key (<myhost>_rsa) can stay in the local .ssh folder
The public key (<myhost>_rsa.pub) needs to be copied to the server (<myhost>)
I did it with FTP but you can do it however you wish but it needs to end up in a similar directory on the server.
ON THE SERVER
There is a file on the server which has a list of public keys inside it.
<remoteuserhome>/.ssh/authorized_keys
If it exists already, you need to add the contents of <myhost>_rsa.pub to the end of the file.
If it does not exist you can use the <myhost>_rsa.pub and rename it to authorized_keys with permissions of 600.
If everything goes according to plan you should now be able to go into terminal and type
ssh <remoteuser>#<myhost>
and you should be in without a password. The same will now apply in Visual Studio Code.
Let's answer the OP's question first:
How to 'save ssh password'?
Since there is no such thing as "ssh password", the answer to "how to save the remote user password" is:
This is not supported by VSCode.
VSCode proposes to setup an SSH Agent in order to cache the passphrase (in case you are using an encrypted key)
But if the public key was not properly registered to the remote account ~/.ssh/authorized_key, SSH daemon will default to the remote user credentials (username/password).
It is called PasswordAuthentication, often the remote user password.
And caching that password is not supported for SSH sessions.
It is only supported by a Git credential helper, when using HTTPS URLs.
(it defers to the OS underlying credential manager)
But I don't know of a remote user password cache when SSH is used.
As Chagai Friedlander comments, the answer to the original question is therefore:
No, but you can use SSH keys and that is better.
Speaking of SSH keys:
"ssh password": Assuming you are referring to a ssh passphrase, meaning you have created an encrypted private key, then "saving the ssh password" would mean caching that passphrase in order to avoid entering it every time you want to access the remote host.
Check first if you can setup the ssh-agent, in order to cache the passphrase protecting your private key.
See "VSCode: Setting up the SSH Agent"
This assumes you are using an SSH key, as described in "VSCode: Connect to a remote host", and you are not using directly the remote user password.
Using an SSH key means its public key would have been registered to the remote account ~/.ssh/authorized_keys file.
This section is the workaround the OP ended up accepting: registering the public key on the remote user account, and caching the local private key passphrase worked.
For those trying to connect through Vscode Remote SSH Extension steps provided at https://code.visualstudio.com/docs/remote/troubleshooting#_ssh-tips)
For Windows(Host) --> Linux(Remote)
Create an SSH .pub key in your windows ssh-keygen -t rsa -b 4096
Copy the contents of the .pub key (default path C:\Users\username/.ssh/id_rsa.pub)
SSH into Remote machine and append the contents of the pub key in authorized keys echo "pub-key" >> ~/.ssh/authorized_keys
Been trying to solve this for hours already. Already searched the net and follow tutorials but nothing is working.
In my Windows local machine I installed Remote SSH plugin in VSCode. I'm trying to connect to my remote linux server.
My config file looks like this (changed hostname and user to dummy values for security).
Host RemoteServer
HostName remote.server.infra
User user123
IdentityFile ~/.ssh/privkey
When trying to connect to New Host. It keeps prompting for password.
As per checking the logs it is saying
no such identity: C:\\Users\\user123/.ssh/privkey: No such file or directory
This privkey file is the exact file I'm using in my putty when connecting to remote server.
What am I missing?
EDIT:
Finally figured it out. I had to convert my private key to openssh format with puttygen.
In addition of using an openSSH format, I would also put the full path in the config file:
Host RemoteServer
HostName remote.server.infra
User user123
IdentityFile /c/Users/user123/.ssh/privkey
Note that the SSH URL then becomes:
ssh -Tv RemoteServer
Note: Başar Söker adds in the comments:
I also needed to add a colon to my path.
Here how it looks like:
IdentityFile /c:/Users/username/.ssh/privatekey.pem
Note: reukiodo adds in the comments:
If you copy/paste the private key, it MUST end with a newline, or it will also result in this same error.
Reminder: only the public key can be copied elsewhere. The private key should remain on your computer.
if you have generated public private key pair using putty you need to convert the private key using putty generation conversion or else it will not work and it will show public key access denied
How do I clean up my ssh keys for my Virtual Servers. I have defined a number of keys but want to delete all of them and start a fresh
I guess right now your only option to delete them is through an OpenStack client on the command line. See here for details and on where to obtain that client.
List available ssh keys:
openstack keypair list
Delete a specific ssh key:
openstack keypair delete myKey
I connected to bluemix via the openstack client (installed on my workstation) and was able to delete the ssh keys with the commands above