SSH unprotected private key file error

Problem

I tried to SSH to a server using a private key file and got this error:

$ ssh -i myprivate.key 10.0.0.100
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for '/home/joe/myprivate.key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/joe/myprivate.key

Solution

This key file strangely had access permissions by all to read, write and execute! SSH was complaining that such a file is too open and could be compromised. I reduced the access permissions to just read by me:

$ chmod 0400 myprivate.key

SSH worked after this change 🙂

Tried with: SSH 6.6 and Ubuntu 14.04

How to check for SSH session in shell

There are times when you want to check if you are in a SSH session from your shell. For example, I like to change the shell prompt based on whether it is in a local machine or in a SSH session on another machine.

An easy way to do this is to check if any environment variable related to SSH has been set. For example, I check if the SSH_CLIENT variable is set in my shell. In Fish, this can be done by checking the result of set --query SSH_CLIENT for example.

How to SSH without username or password

Normally when you SSH into a computer, you need to provide a username and it will prompt you for your password, like this:

$ ssh joe@server_machine
joe@server_machine's password:

By generating a public-private key pair on the local machine and sharing the public key with a remote machine, you can SSH to the remote machine without providing a login or being prompted for a password.

After this setup is done, you will operate like this:

$ ssh server_machine
$ That is it! You are logged in without login or password!

To set this up:

  • Generate a public-private key pair on your local computer. If you already have one (probably you generated it for Github) and want to use that, then skip this step.
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This generates a public key in ~/.ssh/id_rsa.pub and its corresponding private key in ~/.ssh/id_rsa file.

  • We need to add the public key from local machine to the ~/.ssh/authorized_keys file on the remote computer you are logging to. You can do this manually. However, the ssh-copy-id script does this for you. Just pass the remote computer name as input:
$ ssh-copy-id remote_machine

If there is no ~/.ssh/authorized_keys file on the remote machine, this script will create it for you. If the file exists, your public key from local machine will be appended to the existing file.

  • Make sure that the permissions of the .ssh directory is -rwx------ and of the .ssh/authorized_keys file is -rw-------. Otherwise SSH will determine that the keys are not safe and you will still get asked for your password.

  • That is it! You can now SSH directly to this server machine!

Reference: Arabesque: Linux Crypto – SSH Keys

Tried with: Ubuntu 14.04

Ice Cold Apps SSH Server app for Android

The SSH Server app from Ice Cold Apps enables you to SSH into any Android device. I use this to SSH from my Ubuntu computers to my Android devices, both connected to my home wireless network.

  • If you have not rooted your phone, you will not be able to access privileged directories and files. You will also have to pick a port number that is bigger than 1024.

  • First, create a Server and create a User in the app. Remember to specify a port number that is bigger than 1024. Start the server to run the SSH server.

  • SSH to the Android device using its IP address, the username you created and the port you specified. You will be asked to accept its key and will be prompted to enter the password you specified earlier:

$ ssh joe@192.168.0.200 -p 1700
  • Assign a static IP address to your Android device for easier access, so that you do not have to look up what IP address has been assigned to it every time.

Tried with: SSH Server 3.1, Moto G2 (XT1068) and Ubuntu 14.04

SSH connection refused

Problem

I SSH to another Linux computer and get this error:

$ ssh joe@172.20.128.100
ssh: connect to host 172.20.128.100 port 22: Connection refused

Solution

Typically, there is no complicated reason of permissions why this failed. Since the OpenSSH client is almost always installed by default on Linux computers, people assume that the OpenSSH server is also installed. It is not and it gives this error!

Install the OpenSSH server on the host and you should be able to SSH to it:

$ sudo apt install openssh-server

Tried with: Ubuntu 14.04

How to issue password in ssh command

The ssh command can be passed the name of the host computer and your login on it. After this it asks for the password. However, you may sometimes want to issue the password along with the ssh command.

One possible solution for this is to use the sshpass tool. The tool can be installed easily from the Ubuntu repositories:

$ sudo apt-get install sshpass

To issue your password along with your ssh command, use this:

$ sshpass -p "mypassword" ssh mylogin@myhost

Tried with: sshpass 1.05 and Ubuntu 12.04 LTS

How to auto-login with username using PuTTY

PuTTY is a popular SSH client on Windows. SSH accepts a username using which it can auto-login, thus saving you the hassle of having to type it in every time. This can be configured in PuTTY easily.

Choose the session you want to configure and click Load. Go to Connection → Data and enter the username you want to use in Auto-login username. Save the session.

Tried with: PuTTY 0.62

How to SSH wirelessly to your Nook Color running CyanogenMod 10

SSH to Nook Color running CyanogenMod 10
SSH to Nook Color running CyanogenMod 10

The Nook Color can be easily made to run CyanogenMod 10. If such a Nook Color is connected to the same home (wireless) network as your computer, then it is pretty easy to SSH to it wirelessly.

  1. Make sure your Nook Color running CM 10 is powered on and connected to the home network.
  2. Note down the IP address assigned to your Nook Color. Since the IP address given by DHCP varies, it is convenient to assign a static IP address to your Nook Color.
  3. Install a SSH server on the Nook Color. I installed DropBear Server II from the Google Play Store.
  4. Start the DropBear Server II app. Choose Install. You will be asked to provide it superuser privileges.
  5. Start the SSH server by choosing Start in DropBear Server II.
  6. The password for root user can be found in the Settings section of DropBear Server II. Change it to anything you want.
  7. On your computer, ping the IP address of the Nook Color to make sure it is reachable over wireless. If you cannot ping it, you have some networking problem.
  8. If you can ping your Nook Color and its SSH server is running, then SSH to it using PuTTY. Provide the IP address of Nook Color and use root as user and password set in DropBear Server II as the password.

Happy hacking! 🙂

Tried with: Nook Color 8 GB, CyanogenMod 10-20121228-NIGHTLY-encore and DropBear Server II 1.5.4