SSH login without password using SSH public/private keys

SSH or Secure SHELL is the most popular and trusted UNIX-based cryptographic network protocol. It can be used for secure data communication, remote server logins, remote command execution, and many other secure network services between two networked servers.

Normally, password authentication is used to connect to a remote server via SSH. In this blog tutorial we will show you how to login to a remote Linux VPS without password, using SSH keys. This method is more secure than using a password.

First of all, we need to generate the public and private keys. We will use the RSA (Rivest-Shamir-Adleman) cryptosystem.

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): PRESS ENTER
Enter passphrase (empty for no passphrase): PRESS ENTER
Enter same passphrase again: PRESS ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4a:91:e0:19:89:37:41:ce:3e:ff:56:2c:02:eb:65:cb root@LOCALSERVER
The key's randomart image is:
+--[ RSA 2048]----+
|   o=o           |
|  .+++ .         |
|   .=.o          |
|   ..  .         |
|    oo. S.       |
|    .++.. o      |
|   . +oo o       |
|    . E..        |
|       ..        |
+-----------------+

This will create 2048 bit public and private keys in the ‘/root/.ssh/’ directory on your server

ls /root/.ssh/
id_rsa  id_rsa.pub

Create a new ‘.ssh’ directory on the remote server

ssh root@REMOTE_SERVER mkdir -p .ssh

The -p for mkdir will create all directories leading up to the given directory that do not exist already. If the given directory already exists, ignore the error. -p is most often used when using mkdir to build up complex directory hierarchies, in case a necessary directory is missing or already there. For more detail: mkdir wiki

Copy the newly generated public key to the remote server you want to SSH without password

cat /root/.ssh/id_rsa.pub | ssh root@REMOTE_SERVER 'cat >> /root/.ssh/authorized_keys'

Change the permissions of the public key and the ‘.ssh’ directory

ssh root@REMOTE_SERVER "chmod 700 .ssh; chmod 600 .ssh/authorized_keys"

Now, login to the remote server and configure the SSH server to accept key authentication. Open the SSH configuration file

nano /etc/ssh/sshd_config

And make sure that the following three options are not commented and  ‘RSAAuthentication’ and ‘PubkeyAuthentication’ are set to ‘yes’.

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

Save the changes and restart the SSH server

/etc/init.d/sshd restart

That’s all. You should be able to the remote server without password

ssh REMOTE_SERVER

If you use chrome’s secure shell extension, just click the import and select the private key and then connect.

From here

git command line commit

Git has a “staging area” where files need to be added before being committed, you can read an explanation of it here.

So if you make some change and commit directly, you get some message like:

no changes added to commit (use “git add” and/or “git commit -a”)

git-flow

preview

Before you add, you could have done a:

git add -u -n

To check which files you modified and are going to be added (dry run: -n option), and then

git add -u

once you added, another way to preview is:

git diff --cached

add modified files

To commit all the change, you can do any of the following:

git add filename1 filename2

or add all changes (from root path of the project)

git add .

or use the shorthand -a while commiting:

git commit -a -m "message".

or

git commit . -m "save arezzo files"

One other note for SSH

First follow this official link

To use SSH for github to avoid entering username/password, make sure you’re using the SSH one:

ssh://git@github.com/username/repo.git

And NOT the https or git one:

https://github.com/username/repo.git
git://github.com/username/repo.git

You can now validate with just the SSH Key instead of the username and password.

If you need to replace https origin with git one:

git remote set-url git@github.com:Username/Project.git

git reset SHA

first see the history by:

 git log

. Then use the first 7 chars of the SHA code to do reset.

git SHA b7cg6h3

v

git branch

use git branch to see what branch current is in, the * means current.

To create a new branch, just use

git branch BRANCH_NAME

Then switch to the branch with

git checkout BRANCH_NAME

To merge, switch back to master and

git merge BRANCH_NAME

To resolve conflict , just modify the master to the desired status and commit.

To delete a branch

git branch -d BRANCH_NAME

Git Rebase

The major benefit of rebasing is that you get a much cleaner project history

more about rebase vs merge .

 

中文的常用list

 

ssh to the ec2 instance(beanstalk)

Configure Security Group

  1. In the AWS console, open the EC2 tab.
  2. Select the relevant region and click on Security Group.
  3. You should have an elasticbeanstalk-default security group if you have launched an Elastic Beanstalk instance in that region.
  4. Edit the security group to add a rule for SSH access. The below will lock it down to only allow ingress from a specific IP address.
    SSH | tcp | 22 | 22 | 192.168.1.1/32
    

Configure the environment of your Elastic Beanstalk Application

  1. If you haven’t made a key pair yet, make one by clicking Key Pairs below Security Group in the ec2 tab.
  2. In the AWS console, open the Elastic Beanstalk tab.
  3. Select the relevant region.
  4. Environment Details | Edit Configuration | Instances
  5. Under “EC2 key pair:”, select the name of your keypair in the Existing Key Pair field.

Once the instance has relaunched, you need to get the host name from the AWS Console EC2 instances tab, or via the API. You should then be able to ssh onto the server.

$ ssh -i path/to/keypair.pub ec2-user@ec2-an-ip-address.compute-1.amazonaws.com

Note: For adding a keypair to the environment configuration, the instances’ termination protection must be off as Beanstalk would try to terminate the current instances and start new instances with the KeyPair.

.pem are too open

you might get ‘WARNING: UNPROTECTED PRIVATE KEY FILE!’

what you need to do is to

chmod 0400 keyPairFile

Note: If something is not working, check the “Events” tab in the Beanstalk application / environments and find out what went wrong.

access the tomcat log

you might get access denied when trying to access the tomcat directory because the ec2-user is not in tomcat group.

Instead of trying to access the logs as root user, it may be simpler to change the permissions on the server to grant access to the ec2-user. This can usually be done with the commands chown and chmod, but the exact steps depend on the way your server is set up. If you need help to do that, you can post the output of the following commands and I’ll try to help:

sudo ls -ld /var/log/tomcat7
id

Edit: Ok based on your output bellow, what you could do is change the group of the log directory to tomcat (instead of root) and then add the ec2-user to the tomcat group:

sudo chown -R tomcat:tomcat /var/log/tomcat7
sudo usermod -G ec2-user,wheel,tomcat ec2-user

Then you must log out and log back in for the new group membership to apply.

Reference here, here

putty ssh vi ctrl s

Every once in awhile, I’ll press CTRL+S by accident while I’m inside a terminal window. For the longest time, this simple accidental keystroke meant I had reconnect to my Linux server, kill whatever program I was running, and then start it again. Eventually I got sick of this happening and decided to do what I should have done in the first place: Google It.

Apparently CTRL+S actually does XOFF, which means the terminal will accept key strokes but won’t show the output of anything. It will appear as if your terminal is dead when it’s really just waiting to be turned back on. The fix?Simply press CTRL+Q to turn flow-control on (XON). If you pressed a whole bunch of keys before pressing CTRL+Q, you’ll see the output from those keystrokes.

use

stty -ixon

to disable it.

 

FROM HERE

copy file through ssh

I use winscp or secure shell client.

 

sftp is (and works) similar to ftp

scp is a neat little program:

copy from a remote machine to my machine:
scp user@192.168.1.100:/home/remote_user/Desktop/file.txt /home/me/Desktop/file.txt

copy from my machine to a remote machine:
scp /home/me/Desktop/file.txt user@192.168.1.100:/home/remote_user/Desktop/file.txt

copy all file*.txt from a remote machine to my machine (file01.txt, file02.txt, etc.; note the quotation marks:
scp “user@192.168.1.100:/home/remote_user/Desktop/file*.txt” /home/me/Desktop/file.txt

copy a directory from a remote machien to my machine:
scp -r user@192.168.1.100:/home/remote_user/Desktop/files /home/me/Desktop/.

 

 

SCP Introduction

scp stands for secure cp (copy), which means you can copy files across ssh connection. That connection will be securely encrypted, it is a very secure way to copy files between computers

You can use scp to copy files from or to a remote server. You can also copy files from one remote server to another remote server, without passing traffic through your PC.

You can use scp on Linux, Mac and Windows (using WinSCP).

SCP Usage

scp [[user@]from-host:]source-file [[user@]to-host:][destination-file]
from-host
Is the name or IP of the host where the source file is, this can be omitted if the from-host is the host where you are actually issuing the command
user
Is the user which have the right to access the file and directory, that is supposed to be copied in the case of the from-host, and the user who has the rights to write in the to-host
source-file
Is the file or files that are going to be copied to the destination host, it can be a directory but in that case you need to specify the -r option to copy the contents of the directory
destination-file
Is the name that the copied file is going to take in the to-host, if none is given all copied files are going to keep its names

SCP Options

-p
Preserves the modification and access times, as well as the permissions of the source-file in the destination-file
-q
Do not display the progress bar
-r
Recursive, so it copies the contents of the source-file (directory in this case) recursively
-v
Displays debugging messages

VPS上使用ssh mysql命令

连接ssh, 在terminal中:ssh -l root ip , 敲入密码,搞定。

navigate到usr/bin下面(有mysql执行文件的地方),开始mysql

一、mysql服务的启动和停止

net stop mysql

net start mysql

二、登陆mysql

语法如下: mysql -u用户名 -p用户密码

键入命令mysql -uroot -p, 回车后提示你输入密码,输入12345,然后回车即可进入到mysql中了,mysql的提示符是:

mysql>

注意,如果是连接到另外的机器上,则需要加入一个参数-h机器IP

三、增加新用户

格式:grant 权限 on 数据库.* to 用户名@登录主机 identified by “密码”

如,增加一个用户user1密码为password1,让其可以在本机上登录, 并对所有数据库有查询、插入、修改、删除的权限。首先用以root用户连入mysql,然后键入以下命令:

grant select,insert,update,delete on *.* to user1@localhost Identified by “password1”;

如果希望该用户能够在任何机器上登陆mysql,则将localhost改为”%”。

如果你不想user1有密码,可以再打一个命令将密码去掉。

grant select,insert,update,delete on mydb.* to user1@localhost identified by “”;

如果需要所有权限,就grant ALL on *.* to vcfvct@”%” identified by “myPassword”;

四: 操作数据库

登录到mysql中,然后在mysql的提示符下运行下列命令,每个命令以分号结束。

1、 显示数据库列表。

show databases;

缺省有两个数据库:mysql和test。 mysql库存放着mysql的系统和用户权限信息,我们改密码和新增用户,实际上就是对这个库进行操作。

2、 显示库中的数据表:

use mysql;

show tables;

3、 显示数据表的结构:

describe 表名;

4、 建库与删库:

create database 库名;

drop database 库名;

5、 建表:

use 库名;

create table 表名(字段列表);

drop table 表名;

6、 清空表中记录:

delete from 表名;

7、 显示表中的记录:

select * from 表名;

五、导出和导入数据

1. 导出数据:

mysqldump –opt test > mysql.test

即将数据库test数据库导出到mysql.test文件,后者是一个文本文件

如:mysqldump -u root -p123456 –databases dbname > mysql.dbname

就是把数据库dbname导出到文件mysql.dbname中。

2. 导入数据:

mysqlimport -u root -p123456 < mysql.dbname。

不用解释了吧。

3. 将文本数据导入数据库:

文本数据的字段数据之间用tab键隔开。

use test;

load data local infile “文件名” into table 表名;

1:使用SHOW语句找出在服务器上当前存在什么数据库:

mysql> SHOW DATABASES;

2:2、创建一个数据库MYSQLDATA

mysql> CREATE DATABASE MYSQLDATA;

3:选择你所创建的数据库

mysql> USE MYSQLDATA; (按回车键出现Database changed 时说明操作成功!)

4:查看现在的数据库中存在什么表

mysql> SHOW TABLES;

5:创建一个数据库表

mysql> CREATE TABLE MYTABLE (name VARCHAR(20), sex CHAR(1));

6:显示表的结构:

mysql> DESCRIBE MYTABLE;

7:往表中加入记录

mysql> insert into MYTABLE values (“hyq”,”M”);

8:用文本方式将数据装入数据库表中(例如D:/mysql.txt)

mysql> LOAD DATA LOCAL INFILE “D:/mysql.txt” INTO TABLE MYTABLE;

9:导入.sql文件命令(例如D:/mysql.sql)

mysql>use database;

mysql>source d:/mysql.sql;

10:删除表

mysql>drop TABLE MYTABLE;

11:清空表

mysql>delete from MYTABLE;

12:更新表中数据

mysql>update MYTABLE set sex=”f” where name=’hyq’;

posted on 2006-01-10 16:21 happytian 阅读(6) 评论(0) 编辑 收藏 收藏至365Key

13:备份数据库

mysqldump -u root 库名>xxx.data

14:例2:连接到远程主机上的MYSQL

假设远程主机的IP为:110.110.110.110,用户名为root,密码为abcd123。则键入以下命令:

mysql -h110.110.110.110 -uroot -pabcd123

(注:u与root可以不用加空格,其它也一样)

3、退出MYSQL命令: exit (回车)