I have a few different ssh identities configured for my client. Sometimes I am logging into a system I don't manage that either limits the number of failing identities to a smaller number than I have configured, or is refusing because of a wrong identity (as opposed to finding a valid one and using that). Some of these hosts need to be logged in to with no identity at all (strictly password based) but I don't get any password prompt at all. If I rename the ".ssh" directory to another name briefly, it all works for the affected hosts (and now fails for others). But renaming the directory is not a solution, and not even a work around (it was just a test to show what's happening). I need a way to specify that certain hosts have NO identity file, while all the rest have the usual set of identity files. But the -i option and the IdentityFile configuration don't delete identities; they just add more.
Any ideas? What I want to avoid is having to separately configure an identity file for every host I log in to (over 400 ... most using the same few identities).
Hi
im using redhat enterprise linux 7
im trying to update to the latest openssh version 6.8
i ran the command yum update openssh and this upgraded only to version 6.6
how can i update to the latest version 6.8?
thanks! (5 Replies)
Hi,
I am trying to login from one AIX server to another without using a password, a basic configuration, however it doesn't seem to work.
All things are in place. I have both a public and private key in the ~/.ssh folder and also have an "authorized_keys" file on the target-server containing... (5 Replies)
I am familiar with using tar and exclude/include files:
tar zcf backup.dirs.tgz --files-from=include.mydirs --exclude-from=exclude.mydirs --no-recursion
but was wondering if I could use find in the same way. I know that you can just specify the directories to exclude but my list is... (2 Replies)
Hi All,
I am using SFTP command to download some files from a remote server. My both the servers are SFTP enabled. I am sending SFTP request to a Windows server from my Linux server via openSSH. and i have already exchanged publickey between both the servers. But still remote server is asking... (1 Reply)
Hello,
I downloaded Cygwin to practice on my coursework from home. I was told to download the OpenSSH from Cygwin website so that I can access my files from home. However, the file saves itself with a cgi extension and I have no idea as to what I am supposed to do next. I found info on some... (1 Reply)
Help! SSH is returning the following error message:
OpenSSL version mismatch. Built against 90581f, you have 90602f
How can I correct this? (21 Replies)
SSH-ADD(1) BSD General Commands Manual SSH-ADD(1)NAME
ssh-add -- adds private key identities to the authentication agent
SYNOPSIS
ssh-add [-cDdkLlqXx] [-E fingerprint_hash] [-t life] [file ...]
ssh-add -s pkcs11
ssh-add -e pkcs11
DESCRIPTION
ssh-add adds private key identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files ~/.ssh/id_rsa,
~/.ssh/id_dsa, ~/.ssh/id_ecdsa, and ~/.ssh/id_ed25519. After loading a private key, ssh-add will try to load corresponding certificate
information from the filename obtained by appending -cert.pub to the name of the private key file. Alternative file names can be given on
the command line.
If any file requires a passphrase, ssh-add asks for the passphrase from the user. The passphrase is read from the user's tty. ssh-add
retries the last passphrase if multiple identity files are given.
The authentication agent must be running and the SSH_AUTH_SOCK environment variable must contain the name of its socket for ssh-add to work.
The options are as follows:
-c Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by
ssh-askpass(1). Successful confirmation is signaled by a zero exit status from ssh-askpass(1), rather than text entered into the
requester.
-D Deletes all identities from the agent.
-d Instead of adding identities, removes identities from the agent. If ssh-add has been run without arguments, the keys for the default
identities and their corresponding certificates will be removed. Otherwise, the argument list will be interpreted as a list of paths
to public key files to specify keys and certificates to be removed from the agent. If no public key is found at a given path,
ssh-add will append .pub and retry.
-E fingerprint_hash
Specifies the hash algorithm used when displaying key fingerprints. Valid options are: ``md5'' and ``sha256''. The default is
``sha256''.
-e pkcs11
Remove keys provided by the PKCS#11 shared library pkcs11.
-k When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates.
-L Lists public key parameters of all identities currently represented by the agent.
-l Lists fingerprints of all identities currently represented by the agent.
-q Be quiet after a successful operation.
-s pkcs11
Add keys provided by the PKCS#11 shared library pkcs11.
-t life
Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in
sshd_config(5).
-X Unlock the agent.
-x Lock the agent with a password.
ENVIRONMENT
DISPLAY and SSH_ASKPASS
If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh-add does
not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS (by
default ``ssh-askpass'') and open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from a
.xsession or related script. (Note that on some machines it may be necessary to redirect the input from /dev/null to make this
work.)
SSH_AUTH_SOCK
Identifies the path of a UNIX-domain socket used to communicate with the agent.
FILES
~/.ssh/id_dsa
Contains the DSA authentication identity of the user.
~/.ssh/id_ecdsa
Contains the ECDSA authentication identity of the user.
~/.ssh/id_ed25519
Contains the Ed25519 authentication identity of the user.
~/.ssh/id_rsa
Contains the RSA authentication identity of the user.
Identity files should not be readable by anyone but the user. Note that ssh-add ignores identity files if they are accessible by others.
EXIT STATUS
Exit status is 0 on success, 1 if the specified command fails, and 2 if ssh-add is unable to contact the authentication agent.
SEE ALSO ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
BSD August 29, 2017 BSD