• 201511.22

    SSH public key fix

    So once in a while I’ll run into a problem where I can log into a server via SSH as one user via public key, and taking the authorized_keys keys and dumping it into another user’s .ssh/ folder doesn’t work.

    There are a few things you can try.


    Try this:

    chmod 0700 .ssh/
    chmod 0600 .ssh/authorized_keys
    sudo chown -R myuser:mygroup .ssh/

    That should fix it 99% of the time.

    Locked account

    Tonight I had an issue where the permissions were all perfect…checked, double checked, and yes they were fine.

    So after poking at it for an hour (instead of smartly checking the logs) I decided to check the logs. I saw this error:

    Nov 23 05:26:46 localhost sshd[1146]: User deploy not allowed because account is locked
    Nov 23 05:26:46 localhost sshd[1146]: input_userauth_request: invalid user deploy [preauth]

    Huh? I looked it up, and apparently an account can become locked if its password is too short or insecure. So I did

    sudo passwd deploy

    Changed the password to something longer, and it worked!

    Have any more tips on fixing SSH login issues? Let us know in the comments below.

  • 200912.02

    SSH Agent on Cygwin

    There are probably a billion guides for this already, but whatever. If you DON'T have a ~/.bash_profile (a file that gets executed every time you start cyg):

    touch ~/.bash_profile
    chmod a+x ~/.bash_profile

    Now that you have the file, add this to it:

    if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
    	trap "kill $SSH_AGENT_PID" 0

    This will start up ssh-agent for each Cygwin shell you have open. Close your Cygwin shell (if one is open) and open a new one. Now type:

    ssh-add ~/.ssh/id_rsa
    [enter your password]

    Voila! No more typing your stupid password every time you need to ssh somewhere. Note that if you close the Cygwin window, you'll have to ssh-add your key again! This is good security...you can close the window when you're done and someone who happens on your computer sitting there won't have password-less access to any of your secure logins.