# - - # # - When this error happen on ssh command - # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 51:82:00:1c:7e:6f:ac:ac:de:f1:53:08:1c:7d:55:68. Please contact your system administrator. Add correct host key in /Users/isaacalves/.ssh/known_hosts to get rid of this message. Offending RSA key in /Users/isaacalves/.ssh/known_hosts:12 RSA host key for 192.168.1.236 has changed and you have requested strict checking. Host key verification failed. # - - # # - Fixing this error - # ssh-keygen -R "you server hostname or ip" ssh-keygen -R 192.168.1.236 # - - # # - Install SSH in Manjaro Linux - Tested in i3 - # sudo pacman -S openssh; sudo systemctl enable sshd; sudo systemctl start sshd; # - - # # - SSH Documentation - # https://www.ibm.com/developerworks/linux/library/l-keyc/index.html https://www.ibm.com/developerworks/linux/library/l-keyc2/ https://www.ibm.com/developerworks/library/l-keyc3/ https://kimmo.suominen.com/docs/ssh/ https://stribika.github.io/2015/01/04/secure-secure-shell.html sshfs example.com:/stuff /media/home-pc # - In the terminal - # sshfs 72.76.190.188/home/Documents/SidneyJason-Documents /home/is_derayo/Documents/u-ServerDocuments/SidneyJason-Documents sshfs 72.76.190.188/home/Documents/SidneyJason-Documents /home/is_derayo/Documents/SidneyJason-Documents sudo sshfs -o allow_other,defer_permissions root@xxx.xxx.xxx.xxx:/ /mnt/droplet sudo sshfs -o allow_other,defer_permissions is_derayo@72.76.190.188:/home/Documents/SidneyJason-Documents /home/is_derayo/Documents/SidneyJason-Documents # - In the terminal - The good one - # sudo sshfs -o allow_other is_derayo@72.76.190.188:/home/Documents/SidneyJason-Documents /home/is_derayo/Documents/SidneyJason-Documents # - In the terminal - The good one - For Manjaro Based Linux - # sshfs is_derayo@192.168.1.100:/home/AllDisks-Data/Documents/SidneyJason-Documents/ /home/is_derayo/uServerHome Unmounting the Remote File System When you no longer need the mount point you can simply unmount it with the command sudo umount /home/is_derayo/Documents/SidneyJason-Documents Permanently Mounting the Remote File System SSHFS also allows for setting up permanent mount points to remote file systems. This would set a mount point that would persist through restarts of both your local machine and droplets. In order to set up a permanent mount point, we will need to edit the /etc/fstab file on the local machine to automatically mount the file system each time the system is booted. First we need to edit the /etc/fstab file with a text editor. sudo nano /etc/fstab Scroll to the bottom of the file and add the following entry # - - # # - In the /etc/fstab file - # # - sudo gedit /etc/fstab - # sshfs#is_derayo@72.76.190.188:/home/Documents/SidneyJason-Documents /home/is_derayo/Documents/SidneyJason-Documents sftp://is_derayo@72.76.190.188:/home/Documents/SidneyJason-Documents /home/is_derayo/Documents/SidneyJason-Documents # - - # # - sshfs mounting SSH point in /etc/fstab file with authorized_keys file in place - # sshfs#user@server:/home/user /media/server fuse user,noauto,transform_symlinks 0 0 sshfs#is_derayo@72.76.190.188:/home/Documents/SidneyJason-Documents /home/is_derayo/Documents/SidneyJason-Documents fuse user,noauto,transform_symlinks 0 0 Save the changes to /etc/fstab and reboot if necessary. # - - # # - ssh keygen for automatic ssh login - # # - In home directory - # # - If .ssh folder doesn't exist - mkdir .ssh - # mkdir .ssh cd .ssh ssh-keygen -t rsa; You can also add an optional comment field to the public key with the -C switch, to more easily identify it in places such as ~/.ssh/known_hosts, ~/.ssh/authorized_keys and ssh-add -L output. For example: ssh-keygen -C "$(whoami)@$(hostname)-$(date -I)" This will add a comment saying which user created the key on which machine and when. RSA ssh-keygen defaults to RSA therefore there is no need to specify it with the -t option. It provides the best compatibility of all algorithms but requires the key size to be larger to provide sufficient security. Minimum key size is 1024 bits, default is 2048 (see ssh-keygen(1)) and maximum is 16384. If you wish to generate a stronger RSA key pair (e.g. to guard against cutting-edge or unknown attacks and more sophisticated attackers), simply specify the -b option with a higher bit value than the default: $ ssh-keygen -b 4096 The reason why RSA keys are so small is that: With every doubling of the RSA key length, decryption is 6-7 times times slower. Enter file - Just enter to go default Passphrase - In my case "Guatemala" Your identification has been saved in /home/is_derayo/.ssh/id_rsa. Your public key has been saved in /home/is_derayo/.ssh/id_rsa.pub. # - Copy SecurityKey to the server - # scp id_rsa.pub is_derayo@72.76.190.188:~ cat ~/.ssh/id_rsa.pub | ssh is_derayo@192.168.1.100 "cat >> .ssh/authorized_keys" # - Login into the server - # ssh is_derayo@72.76.190.188 # - - # # - SSH key asking me for a passphrase? - # # - The short version that worked for me (in bash): - # $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-rnRLi11880/agent.11880; export SSH_AUTH_SOCK; SSH_AGENT_PID=11881; export SSH_AGENT_PID; echo Agent pid 11881; I took the 3 lines it echoes out, and executed them. Another way to do that is take the output of -s: $ eval `ssh-agent -s` Then I added my credentials to it: $ ssh-add ~/.ssh/id_rsa Enter passphrase for /home/me/.ssh/id_rsa: Identity added: /home/me/.ssh/id_rsa (/home/me/.ssh/id_rsa) $ ssh-add -K ~/.ssh/id_rsa # - - # # - MacOS - # One fix is to add the following to your ~/.ssh/config file: # - 1. vim .ssh/config - # # - This worked for me, paste the following text - # Host * AddKeysToAgent yes IdentityFile ~/.ssh/id_rsa UseKeychain yes Host * UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/id_25519 # - 2. Go to create your new password in keychain: - # How to Use Keychain to Manage Mac Passwords a. Open finder b. Go to Applications c. Utilities d. Keychain access e. Go to Passwords f. Add with + g. Keychain name: uServerHome-sshPassword h. Account Name: is_derayo i. Password: Connecticut, Nicaragua, Guatemala, NewJersey j. Click Add button k. Done. Now the agent supplies the credentials instead of me having to type in my passphrase. # - - # # - When this error happen: - # Could not open a connection to your authentication agent. # - Do this: - # exec ssh-agent bash eval `ssh-agent -s` ssh-add ~/.ssh/id_rsa # - - # pwd command (print working directory) Writes the full pathname of the current working directory to the standard output. # - When we are in the server - # pwd /home/is_derayo # - - # # - Create .ssh directory & copy id_rsa.pub file into it changing the name to "authorized_keys" - # mkdir .ssh mv id_rsa.pub .ssh/authorized_keys cd .ssh ls -la total 12 drwx------ 2 is_derayo is_derayo 4096 Jul 19 21:52 . drwxr-xr-x 6 is_derayo is_derayo 4096 Jul 19 21:49 .. -rw-r--r-- 1 is_derayo is_derayo 398 Jul 19 21:42 authorized_keys chmod 777 authorized_keys ls -la total 12 drwx------ 2 is_derayo is_derayo 4096 Jul 19 21:52 . drwxr-xr-x 6 is_derayo is_derayo 4096 Jul 19 21:49 .. -rwxrwxrwx 1 is_derayo is_derayo 398 Jul 19 21:42 authorized_keys chmod 644 authorized_keys ls -la total 12 drwx------ 2 is_derayo is_derayo 4096 Jul 19 21:52 . drwxr-xr-x 6 is_derayo is_derayo 4096 Jul 19 21:49 .. -rw-r--r-- 1 is_derayo is_derayo 398 Jul 19 21:42 authorized_keys cd .. chmod 755 .ssh ls -la total 80 drwxr-xr-x 6 is_derayo is_derayo 4096 Jul 19 21:49 . drwxr-xr-x 9 root root 4096 Jul 15 13:27 .. -rw------- 1 is_derayo is_derayo 17973 Jul 17 20:31 .bash_history -rw-r--r-- 1 is_derayo is_derayo 220 May 2 08:03 .bash_logout -rw-r--r-- 1 is_derayo is_derayo 3771 May 2 08:03 .bashrc drwx------ 2 is_derayo is_derayo 4096 Jul 19 21:52 .ssh -rw------- 1 is_derayo is_derayo 60 Jul 12 10:32 .Xauthority # - - # logout ssh is_derayo@72.76.190.188 # - Is going to ask you for the "Passphrase for SSH key id_rsa" just one time - # Passphrase - In my case "Guatemala" find /etc/ -name sshd_config cd /etc/ssh ls -la total 348 drwxr-xr-x 2 root root 4096 Jul 12 10:24 . drwxr-xr-x 106 root root 4096 Jul 18 21:46 .. -rw-r--r-- 1 root root 300261 Apr 16 01:24 moduli -rw-r--r-- 1 root root 1756 Apr 16 01:24 ssh_config -rw-r--r-- 1 root root 2564 May 4 07:21 sshd_config -rw------- 1 root root 668 May 2 07:59 ssh_host_dsa_key -rw-r--r-- 1 root root 609 May 2 07:59 ssh_host_dsa_key.pub -rw------- 1 root root 227 May 2 07:59 ssh_host_ecdsa_key -rw-r--r-- 1 root root 181 May 2 07:59 ssh_host_ecdsa_key.pub -rw------- 1 root root 411 May 2 07:59 ssh_host_ed25519_key -rw-r--r-- 1 root root 101 May 2 07:59 ssh_host_ed25519_key.pub -rw------- 1 root root 1679 May 2 07:59 ssh_host_rsa_key -rw-r--r-- 1 root root 401 May 2 07:59 ssh_host_rsa_key.pub -rw-r--r-- 1 root root 338 May 2 07:59 ssh_import_id sudo cp sshd_config sshd_config.bak ls -la sudo vim sshd_config ?PasswordAuthentication n -> repeat search PasswordAuthentication no # - - # # - To test - # # - Don't use TCPKeepAlive - Packages can be spoofed (fooled) - # #TCPKeepAlive yes # - Every 80 second SecureAliveInterval will send pachage making the connection active - # SecureAliveInterval 80 AuthorizedKeysFile /home/is_derayo/.ssh/authorized_keys AllowUsers is_derayo@192.168.1.163 is_derayo@192.168.1.100 etc DenyUsers AllowGroups DenyGroups :wq # - - # sudo vim ~/.ssh/authorized_keys # - Add from="192.168.1.163", to the authorized_keys file- # from="192.168.1.163", ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDInAm4TVchIQOzIR37DFlzV6AugeAnx5LvLk8/+MYzS5ILkp7VFEvTvnhyHhVviWSfLnw9Y4YqPgthBXMR5XM8V6DQwGuCcQC1DhysvHIOfH1suIsE7+BEh+jV0Sd/eFLM9uKI2DjtpgFtjA5kPaREVOEsNeA1SiPXcASPzVfgDG+/7Rq1+aeh5hgF+JZFCcCM0GCNWmsoxaKsxe5v6bHDU8lG2CmK2CkPtctsKPgIJBurOdQXc53VBvfWVO0/Q+TtKigH3Bpi8kzJYCOZPn4TI37cC7pAA/OhqF8M0LS/BfNguwTOKA1kRH0ujf3Di+AEXvlLUyRYkPmxZUjRiuKP is_derayo@Mint17 :wq # - - # # - Minimize typing - # # - In client computer create ~/.ssh/config file to specify instructions to server - # gedit ~/.ssh/config Host smallname1 Hostname longnameofserver.com User longusername Port 2222 IdentityFile ~/.ssh/some-other-ssh-file.key Host smallname2 Hostname longnameofserver.com User longusername Port 2222 IdentityFile ~/.ssh/some-other-ssh-file.key # - To access the server from terminal - # ssh -Y smallname1 # - gedit ~/.ssh/config - # Host uoffice HostName 72.76.190.188 User is_derayo Port 22 IdentityFile ~/.ssh/authorized_keys # - In terminal: - # ssh uoffice # - - # # - Look for all the services in the terminal - # service --status-all sudo service ssh restart # - Logout the server - # logout ssh is_derayo@72.76.190.188 ssh 72.76.190.188 logout # - Create an "Alias" to login the server - # alias log='ssh is_derayo@72.76.190.188' Next time just "log" to login the server log # - - # # - Multiple authorized_keys for SSH - # # - Copying - # mv id_rsa.pub .ssh/authorized_keys cat id_rsa.pub >> /home/is_derayo/authorized_keys sudo cat /root/.ssh/authorized_keys >> /home/is_derayo/authorized_keys # - - # # - Howto use multiple SSH keys for password less login - # http://www.cyberciti.biz/tips/linux-multiple-ssh-key-based-authentication.html Step # 1: Generate first ssh key Type the following command to generate your first public and private key on a local workstation. Next provide the required input or accept the defaults. Please do not change the filename and directory location. workstation#1 $ ssh-keygen -t rsa Finally, copy your public key to your remote server using scp workstation#1 $ scp ~/.ssh/id_rsa.pub user@remote.server.com:.ssh/authorized_keys Step # 2: Generate next/multiple ssh key a) Login to 2nd workstation b) Download original the authorized_keys file from remote server using scp: workstation#2 $ scp user@remote.server.com:.ssh/authorized_keys ~/.ssh c) Now create the new pub/private key: workstation#2 $ ssh-keygen -t rsa d) Now you have new public key. APPEND this key to the downloaded authorized_keys file using cat command: workstation#2 $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys e) Finally upload authorized_keys to remote server again: workstation#2 $ scp ~/.ssh/authorized_keys user@remote.server.com:.ssh/ You can repeat step #2 for each user or workstations for remote server. Step #3: Test your setup Now try to login from Workstation #1, #2 and so on to remote server. You should not be asked for a password: workstation#1 $ ssh user@remote.server.com workstation#2 $ ssh user@remote.server.com # - - # # - How to setup SSH authorized_key access for root user - # http://askubuntu.com/questions/115151/how-to-setup-passwordless-ssh-access-for-root-user 1. On the Server - Login as root sudo su - root ssh-keygen -t rsa cat id_rsa.pub >> /home/is_derayo/.ssh/authorized_keys vim /etc/ssh/sshd_config # - - # # - Look for - # #PermitRootLogin without-password PermitRootLogin yes StrictModes no RSAAuthentication yes # - Look for - # PubkeyAuthentication yes #AuthorizedKeysFile /home/is_derayo/.ssh/authorized_keys :wq sudo service ssh restart # - - # # - Activate root passwd - Very importan - # sudo passwd root; # - - # # - SSH Accessing server from thunar after the authorized_keys file is setup- # sftp://is_derayo@192.168.1.100/ sftp://root@192.168.1.100/ sftp://tmp_user@72.76.190.188/ sftp://is_derayo@72.76.190.188/ sftp://root@72.76.190.188/ # - - # # - SSH Create user without login in your computer -> just to access the server - # # - Accessing server after the authorized_keys file is setup- # # - Create user - # sudo adduser tmp_user; # - Login with that user - Open terminal - # mkdir .ssh cd .ssh ssh-keygen -t rsa; Enter file - Just enter to go default Passphrase - In my case "Guatemala" Your identification has been saved in /home/is_derayo/.ssh/id_rsa. Your public key has been saved in /home/is_derayo/.ssh/id_rsa.pub. # - Login with your user - Open terminal - # cp /home/tmp_user/.ssh/id_rsa.pub ~/.ssh/tmp_user_id_rsa.pub # - "Add" to authorized_keys file into the server - # cat ~/.ssh/tmp_user_id_rsa.pub | ssh is_derayo@72.76.190.188 "cat >> /home/is_derayo/.ssh/authorized_keys" sftp://tmp_user@72.76.190.188/ # - - # # - SEE THE WHOLE DOCUMENT AT - # https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh How To Use SSHFS to Mount Remote File Systems Over SSH Posted Dec 23, 2013 494.7k views Linux Basics Introduction In many cases it can become cumbersome to transfer files to and from a droplet. Imagine a development usage scenario where you are coding apps remotely and find yourself uploading a script repeatedly to your virtual server to test. This can become quite a hassle in a very short period of time. Luckily there is a way to mount your VPS file system to your local computer so you can make changes on the fly and treat your droplet as local storage. In this article, we will show you how to do exactly that. Installing SSHFS On Ubuntu/Debian SSHFS is Linux based software that needs to be installed on your local computer. On Ubuntu and Debian based systems it can be installed through apt-get. sudo apt-get install sshfs On Mac OSX You can install SHFS on Mac OSX. You will need to download FUSE and SSHFS from the osxfuse site On Windows To install SSHFS in Windows you will need to grab the latest win-sshfs package from the google code repository. A direct download link can be found below. After you have downloaded the package, double click to launch the installer. You may be prompted to download additional files, if so the installer will download the .NET Framework 4.0 and install it for you. https://win-sshfs.googlecode.com/files/win-sshfs-0.0.1.5-setup.exe Mounting the Remote File System The following instructions will work for both Ubuntu/Debian and OSX. Instructions for Windows systems can be found at the bottom of the tutorial. To start we will need to create a local directory in which to mount the droplet's file system. sudo mkdir /mnt/droplet <--replace "droplet" whatever you prefer Now we can use sshfs to mount the file system locally with the following command. If your VPS was created with a password login the following command will do the trick. You will be asked for your virtual server's root password during this step. sudo sshfs -o allow_other,defer_permissions root@xxx.xxx.xxx.xxx:/ /mnt/droplet If your droplet is configured for login via ssh key authorization, you will need to tell sshfs to use your public keys with the following command. You will be asked to enter the passphrase you used during the creation of your keys with ssh-keygen. sudo sshfs -o allow_other,defer_permissions,IdentityFile=~/.ssh/id_rsa root@xxx.xxx.xxx.xxx:/ /mnt/droplet Now you can work with files on your droplet as if it were a physical device attached to your local machine. For instance, if you move to the /mnt/droplet directory on your local machine you can create a file locally and the file will appear on your virtual server. Likewise you can copy files into the /mnt/droplet folder and they will be uploaded to your droplet in the background. It is important to note that this process provides only a temporary mount point to your droplet. If the virtual server or local machine is powered off or restarted, you will need to use the same process to mount it again. Unmounting the Remote File System When you no longer need the mount point you can simply unmount it with the command sudo umount /mnt/droplet Permanently Mounting the Remote File System SSHFS also allows for setting up permanent mount points to remote file systems. This would set a mount point that would persist through restarts of both your local machine and droplets. In order to set up a permanent mount point, we will need to edit the /etc/fstab file on the local machine to automatically mount the file system each time the system is booted. First we need to edit the /etc/fstab file with a text editor. sudo nano /etc/fstab Scroll to the bottom of the file and add the following entry sshfs#root@xxx.xxx.xxx.xxx:/ /mnt/droplet Save the changes to /etc/fstab and reboot if necessary. It should be noted that permanently mounting your VPS file system locally is a potential security risk. If your local machine is compromised it allows for a direct route to your droplet. Therefore it is not recommended to setup permanent mounts on production servers. Using Win-SSHFS to Mount Remote File Systems on Windows After launching the win-sshfs program, you will be presented with a graphical interface to make the process of mounting a remote file share simple. Step 1: Click the Add button in the lower left corner of the window. Step 2: Enter a name for the file share in the Drive Name field. Step 3. Enter the IP of your droplet in the Host field. Step 4. Enter your SSH port. (Leave as port 22 unless you have changed the SSH port manually). Step 5. Enter your username in the Username field. (Unless you have set up user accounts manually you will enter root in this field). Step 6. Enter your SSH password in the password field. (Note on Windows you will need to have your droplet configured for password logins rather than ssh-key-authentication). Step 7. Enter your desired mount point in the Directory field. (Enter / to mount the file system from root. Likewise you can enter /var/www or ~/ for your home directory). Step 8. Select the drive letter you would like Windows to use for your droplets file system. Step 9. Click the Mount button to connect to the droplet and mount the file system. Now your virtual server's file system will be available through My Computer as the drive letter you chose in step 8. Usage of the Remote Mount Point The remote mount behaves similarly to locally mounted storage: you are able to create, copy, move, edit, compress or perform any file system operations you would be able to do on the droplet, but you are not able to launch programs or scripts on the remote server. One typical usage of this would be if you host a website on your VPS and need to make changes to the website on a regular basis. Mounting the file system locally allows you to launch whatever code editor, IDE, or text editor you wish to edit the site, and any changes you make will reflect on the virtual server as soon as they are made on your local machine. Similarly, on droplets used for testing purposes of coding projects, it allows for much simpler code modifications which can be tested immediately without the need to modify the code locally as well as remotely (and eliminates the hassle of uploading new copies of files for small code changes).