• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

ssh

Google SDK SSH Mac Terminal

February 14, 2022

I’m having trouble logging in using Google SDK Compute SSH on a Mac Terminal.

Here’s the fix.

gcloud compute ssh USERNAME@SERVER --zone ZONE --project PROJECTID --internal-ip 2>&1

gcloud compute ssh USERNAME@SERVER --zone ZONE --project PROJECTID --internal-ip 2>&1

There was an issue with a redirect to another shell.

Filed Under: Cloud, Linux Tagged With: compute, gcp, mac, redirect, sdk, ssh, terminal

Git Switch from HTTPS to SSH

January 20, 2022

If you have trouble cloning a github repo using https, you can tell it to switch to SSH instead.

Here’s the command.

git config --global url.ssh://git@github.com/.insteadOf https://github.com/

git config --global url.ssh://git@github.com/.insteadOf https://github.com/

I had to specify reconfigure when I ran terraform init.

terraform init --reconfigure

terraform init --reconfigure

Filed Under: Cloud, Linux Tagged With: clone, git, https, ssh, switch

Allow Key Access for user in SSH

January 16, 2022

Allow shared key access only for one user in SSH.

Disable the password authentication for one user in your SSH config. Edit /etc/ssh/sshd_config.

Match User username
  PasswordAuthentication no

Match User username PasswordAuthentication no

Restart the SSH service.

service ssh restart

service ssh restart

Copy user’s public key to the destination server’s authorized file in ~/.ssh/authorized_keys.

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

Back on your client, login via SSH. User will not be prompted for password since public key is already authorized on server.

ssh username@server

ssh username@server

Filed Under: Linux Tagged With: authentication, key, password, ssh

GCP SSH Issues

July 20, 2021

There are a few issues that prop up every once in a while with gcloud compute ssh. gcloud compute ssh creates local user at first login. The account password has a default expiration of 90 days. If unable to login, you can try logging in as a different name (even a fictitious name) e.g. superheroes, etc. something unique.

gcloud compute ssh username@servername --zone us-central1-c --project project-id --internal-ip

gcloud compute ssh username@servername --zone us-central1-c --project project-id --internal-ip

Once logged in, you can delete local users with expired passwords or perform other admin tasks.

userdel -r username

userdel -r username

You can also try to run chage to adjust the password expiration.

chage -M 180 username ​ (extends expiration from 90 to 180 days)

chage -M 180 username ​ (extends expiration from 90 to 180 days)

If you continue to have login issues, you can also delete Metadata SSH keys in both the instance and project levels.

Last resort you can use force key overwrite which will regenerate a new key and overwrite broken ssh keys.

gcloud compute ssh username@servername \
--force-key-file-overwrite \
--zone us-central1-c \
--project project-id \
--internal-ip

gcloud compute ssh username@servername \ --force-key-file-overwrite \ --zone us-central1-c \ --project project-id \ --internal-ip

Filed Under: Cloud Tagged With: compute, gcp, issues, login, ssh

GCP SSH Issues Return Code [1]

July 16, 2021

If you are getting this return code [1] error, check if enable-oslogin metadata is set to TRUE in your VM.

Here’s the error when logging in.

gcloud compute ssh your-server-name \
--zone us-central1-a \
--project your-project-id \
--internal-ip &
ERROR: (gcloud.compute.ssh) [C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\bin\sdk\plink.exe] exited with return code [1].

gcloud compute ssh your-server-name \ --zone us-central1-a \ --project your-project-id \ --internal-ip & ERROR: (gcloud.compute.ssh) [C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\bin\sdk\plink.exe] exited with return code [1].

Remove metadata.

gcloud compute instances remove-metadata your-server-name \
--keys=enable-oslogin \
--zone us-central1-a \
--project your-project-id
Updated [https://www.googleapis.com/compute/v1/projects/your-project-id/zones/us-central1-a/instances/your-server-name].

gcloud compute instances remove-metadata your-server-name \ --keys=enable-oslogin \ --zone us-central1-a \ --project your-project-id Updated [https://www.googleapis.com/compute/v1/projects/your-project-id/zones/us-central1-a/instances/your-server-name].

Run gcloud ssh again.

gcloud compute ssh your-server-name \
--zone us-central1-a \
--project your-project-id \
--internal-ip &
[1] 1257

gcloud compute ssh your-server-name \ --zone us-central1-a \ --project your-project-id \ --internal-ip & [1] 1257

This time it opens up a Putty session and you’re able to login.

Filed Under: Cloud Tagged With: enable-oslogin, gcp, metadata, ssh

SSH Script

October 15, 2020

Here’s my custom ssh script named login.sh using multiple arguments.

#!/bin/bash
if [ $# -eq 0 ]
  then
    echo 'no server supplied'
        exit 1
fi
INPUT=$2
case "$INPUT" in
  abc)
    ssh user1@$1
    ;;
  def)
    ssh user2@$1
    ;;
  *)
    ssh user3@$1
    ;;
esac

#!/bin/bash if [ $# -eq 0 ] then echo 'no server supplied' exit 1 fi INPUT=$2 case "$INPUT" in abc) ssh user1@$1 ;; def) ssh user2@$1 ;; *) ssh user3@$1 ;; esac

How to use with expected outputs.

./login.sh
no server supplied
./login.sh server3 abc
ssh user1@server3
./login.sh server2 def
ssh user2@server2
./login.sh server1
ssh user3@server1

./login.sh no server supplied ./login.sh server3 abc ssh user1@server3 ./login.sh server2 def ssh user2@server2 ./login.sh server1 ssh user3@server1

Filed Under: Linux Tagged With: arguments, case, ssh

Increase SSH Timeout

August 25, 2020

Here’s how to keep your SSH timeout alive for a longer period.

Edit /etc/ssh/sshd_config. Adjust interval and count max.

ClientAliveInterval 1200
ClientAliveCountMax 3

ClientAliveInterval 1200 ClientAliveCountMax 3

ClientAliveInterval is set to 1200 and ClientAliveCountMax is set to the default which is 3. This means unresponsive SSH clients will be disconnected after approximately 3600 seconds or 1 hour.

Filed Under: Linux Tagged With: clientalivecountmax, clientaliveinterval, ssh, timeout

AWS LightSail Restrict IP Address

July 27, 2020

AWS LightSail now has the ability to restrict IP addresses in their firewall rules. LightSail instances can now be secured by limiting firewall rules from an IP CIDR block or a single IP address. For example, you can restrict who can SSH into your instance by limiting it to just your IP address, so only you can SSH into your machine. Another feature AWS added in their LightSail firewall is support for ping, which could be helpful for monitoring and checks.

Filed Under: Cloud Tagged With: aws, ip address, lightsail, ping, restrict, ssh

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023