I'm looking to lock down our Solaris 10, RHEL 5, and SLES 11.2 servers. It has come to my attention that some of the users have no passphrase for their SSH keys. Is there a way I can check for this.
Check Ssh Agent Registration
Enable the SSH server in Windows
- After you entered your password the key is loaded in the key manager ssh-agent. You can test this by logging into the server you put your public key on. If the key is correctly loaded in the ssh agent it wont ask you for your passphrase and log you in. ('ssh -v host.with.pubkey'). Also you can have a look at your currently loaded keys by using 'ssh-add -l'. After you logged in, log out by typing 'logout'.
- Ssh-agent creates a socket and then checks the connections from ssh. Everyone who is able to connect to this socket also has access to the ssh-agent. The permissions are set as in a usual Linux or Unix system. When the agent starts, it creates a new directory in /tmp with restrictive permissions.
You need to add the optional feature ‘OpenSSH Server’ in Windows 10 first by going to Settings -> search for Add an optional feature -> search again for OpenSSH Client and choose to install.
Configure SSH service to automatically start
By default Windows won’t start the ssh-agent. You can tell Windows to start the service automatically in the future by running the following command in PowerShell (as Administrator).
But right now, manually start the service by running
Generate the key
Open PowerShell and follow these commands to generate SSH key on your machine.
Keep the default location for where to save the key. This should be C:Users<username>/.ssh/id_rsa.
Check Ssh Agent Keys
Generate a complex password and store in safe place, ideally a password manager.Enter this password when prompted. When complete you’ll be shown the key fingerprint and the key's randomart image.
Add key to the SSH Agent
We need to add the key to our ssh-agent so we don’t have to type the key each time we use it.
The agent will recognise that a new key is present and will ask for the passphrase.
Once entered you’ll see the confirmation message Identity added.
I still needed to manually add the key to the ssh-agent. To do so navigate to the .ssh folder where we stored our keys earlier C:Users<username>/.ssh/ and run the following with the correct key name.
This will prompt you to enter the passphrase in and once again you should see the Identity added confirmation.
Access your public key
Check Ssh Agent Portal
Now we have our key we can add it to systems such as GitHub or Bitbucket. To do so follow the instructions for that particular service. We’ll need to retrieve the public key from our machine to do so.
Navigate to the .ssh folder and find the file <private-key>.pub. Open this in a text editor. The contents of this file is what you need to copy and paste into the relevant service you’re wanted to add the key to.
Testing the keys
In this example lets assume we’ve added our key to Bitbucket. We can test that the key is correctly set up by running the following command.
If all is well then we should see the logged in as message without needing to enter the passphrase
Using with Git
Zabbix Ssh Checks
By now we have our key correctly stored in the SSH agent and we’re allowed to connect to the Bitbucket servers using SSH. However we might still be prompted to enter our passphrase whenever we try to perform a git command that talks to the remote.
The ssh -T command uses the Windows 10 agent so all appears to be correct, but it won’t behave the same in Git. This is due to the fact Git is using it’s own ssh agent, not the Windows 10 agent that we’ve added our keys to.
We need to tell Git to use the Windows SSH agent instead of it’s own. We do this by updating the git config.
Now when we use Git, we won’t be prompted for our passphrase, even after a restart.
References
Question – I need to check whether SSH (sshd) is running on my Linux machine. I have a Debian Linux distribution. How can I tell if my OpenSSH server is running?
There are several ways to check whether SSH is running. The sshd daemon is the process that runs the OpenSSH ssh server.
First Check if the process sshd is running:
This will output something like the following if it finds the process called sshd:
So sshd is running with process ID 1399! It is indeed running!
Second, check if the process sshd is listening on port 22:
If ssh is listening on port 22, you will get the following:
So the process with ID 1399 (sshd) is listening on port 22! The second test passed!
Third, you can use the lsof command to check if the port 22 TCP file is open:
So sshd (SSH daemon) and httpd (Apache web server daemon) are both running and listening on the ssh and http ports respectively! Third test passed.
Four, try to telnet to port 22:
If the port is open, you will get the following output:
If the port number 22 is not open, you will get the following:
Five, check the status of the sshd service:
If you use CentOS or Red Hat:
Check If Ssh-agent Is Running Windows
If you use Debian or Ubuntu (or CentOS or RedHat):
Check Ssh Agent Keys
So these were five interesting methods in which you could check if the SSH OpenSSH server is running and listening on port 22. If the process sshd is misbehaving or not listening on port 22, one of these methods will surely fail and you should start or restart sshd using the following command: