eval "$(ssh-agent -s)"
ssh-add ~/.ssh/nameofkey
ssh-add -l
ssh-copy-id user@remote.server.location
ssh-copy-id user@host.local
If you see a warning “Permission 0664 for ‘key_id’ are too open”, do this:
chmod og-rw key_id
Originally posted here:
https://www.linkedin.com/pulse/adding-ssh-key-agent-eduardo-robles/
If you get “SSH handshake failed” when trying to use Guacamole to connect to Ubuntu via SSH, you need to use a workaround:
In the meantime a workaround is adding “HostKeyAlgorithms +ssh-rsa” to the end of /etc/ssh/sshd_config on the Ubuntu machine and restart sshd. Note: I don’t have an understanding of the security implications of this, so use at your own risk
The solution was posted here:
https://www.reddit.com/r/linuxquestions/comments/ued2vq/comment/i736why/?utm_source=share&utm_medium=web2x&context=3
Original: https://askubuntu.com/questions/179889/how-do-i-set-up-an-email-alert-when-a-ssh-login-is-successful
Since the sshrc method doesn’t work if the user has their own ~/.ssh/rc file, I’ll explain how to do this with pam_exec as @adosaiguas suggested. The good thing is that this can also be easily adapted to login types other than ssh (such as local logins or even all logins) by hooking into a different file in /etc/pam.d/.
First you need to be able to send mail from the command line. There are other questions about this. On a mail server it’s probably easiest to install mailx (which is probably already installed anyway).
Then you need an executable script file login-notify.sh (I put it in /etc/ssh/ for example) with the following content. You can change the variables to change the subject and content of the e-mail notification. Don’t forget to execute chmod +x login-notify.sh to make it executable.
#!/bin/sh
# Change these two lines:
sender="sender-address@example.com"
recepient="notify-address@example.org"
if [ "$PAM_TYPE" != "close_session" ]; then
host="`hostname`"
subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
# Message to send, e.g. the current environment variables.
message="`env`"
echo "$message" | mailx -r "$sender" -s "$subject" "$recepient"
fiOnce you have that, you can add the following line to /etc/pam.d/sshd:
session optional pam_exec.so seteuid /path/to/login-notify.shFor testing purposes, the module is included as optional, so that you can still log in if the execution fails. After you made sure that it works, you can change optional to required. Then login won’t be possible unless the execution of your hook script is successful (if that is what you want).
For those of you in need of an explanation of what PAM is and how it works, here is a very good one.
Just make sure you have UsePAM set to yes in your sshd_config
And this is how to use Pushover API for alerts instead of email:
#!/bin/sh
# This script monitors /var/log/auth.log for SSH logins
# and sends a notification via Pushover when one is
# detected.
# Need to wait a bit before actually starting this script
sleep 90 # sleeps for 90 seconds
# Pushover
PUSHOVER_TITLE="FreeNAS SSH Login" # This is the title for each message.
APITOKEN=******
USERKEY=******
# Log
LOG=/mnt/Tank/sshNotify.log
/bin/date > $LOG
echo "PID: $$" >> $LOG
# Priority: -2 to generate no notification/alert
# -1 to always send as a quiet notification
# 0 to use the default priority
# 1 to display as high-priority and bypass the user's quiet hours
# 2 to also require confirmation from the user.
# Note: For priority 2, the retry and expire parameters
# must also be supplied.
# Monitoring loop
echo "Script running." >> $LOG
/usr/bin/tail -Fn0 /var/log/auth.log | \
while read line ; do
echo "$line" | grep -q " Accepted publickey for "
if [ $? = 0 ] ; then
TS=$(date +%s)
USER=$(echo "$line" | cut -d':' -f4 | cut -d' ' -f5)
IP=$(echo "$line" | cut -d':' -f4 | cut -d' ' -f7)
/usr/local/bin/curl https://api.pushover.net/1/messages.json -d "token=${APITOKEN}&user=${USERKEY}&title=${PUSHOVER_TITLE}&message=User: ${USER} IP: ${IP}×tamp=${TS}&priority=-1"
fi
done
echo "Script finished, will now exit." >> $LOG
/bin/date >> $LOG
exit 0If using this with FreeNAS run the script by creating an entry under Tasks –> Init/Shutdown Scripts. The fields are:
Type: Command
Command: /bin/sh /mnt/Tank/sshNotify.sh &
When: postinit# failed attempt
grep sshd.\*Failed /var/log/auth.log | less
# successful attempts
grep sshd.\*Accepted /var/log/auth.log | less
Step 1. Connect to ESXi console and press the Alt+F1 key combination.
Step 2. Type unsupported and then press . Note that nothing will appear on the screen whilst you type this.
Step 3. When prompted enter in the Root password and press.
Step 4. You will now be presented with a prompt on the console. From this prompt type vi /etc/inetd.conf
Step 5. vi (the file editor) has now opened the inetd.conf file. Using the direction arrows scroll through the lines until you reach the line that has #ssh and remove the hash (ie: #). This is effectively un-commenting this line so that the ssh service can be started.
Step 6. Now that you have made this minor file you want to save this change and exit out of the editor (vi). To do this press the ESC key (to put vi back into Command Mode) and then type :wq *Note: If you want to exit without saving any changes to the file then just press the ESC key (Command Mode) and then type :q!.
Step 7. With the SSH service now un-commented from this file we want to restart the