Ssh: automatically accept keys



Through LabVIEW's, I am using PuTTy's command line interface, plink, to access information and change settings automatically on a remote Linux computer through Secure SHell.

When using plink through, all user prompts that are normally generated in a MS-DOS command line interface are supressed. Keep this in mind.

When using SSH, upon first connection you are required to verify a service host key in order to make a connection. Through plink, the command line will generate a prompt, asking the user to "accept service host key? (y/n)".

So my problem is that will run plink, but i cant figure out a way to automatically accept the host key. All i need is for LabVIEW to recognize the prompt returned from plink and enter a "y" value.

Please let me know if this is confusing. I tried my best to explain my problem in a way that everyone can understand, but if I did a bad job, please allow me to rephrase...

0 0

When you connect to a ssh server for the first time, you will be shown a fingerprint, a hash of its full host key, and asked to confirm its validity, and accept the host key. Once confirmed, the host key will be added to ~/.ssh/known_hosts file. However, in a controlled environment where the authenticity of ssh hosts is already known, you may want to automatically accept a new host key without checking. This will be useful when you ssh/scp in a non-interactive batch processing script.

In this post, I will describe how to automatically accept ssh host keys on Linux.

The ssh command allows you to use "-oStrictHostKeyChecking=[yes|no]" command line option to enable or disable ssh host key checking. To ssh without strict host key checking, run the following.

$ ssh -oStrictHostKeyChecking=no user@remote_host

In this case, you will not be prompted to accept a host key. Note that you may still see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED"...

0 0

Thanks WesR,

I think you're right - the real question is how to determine the protocol beforehand. Thanks for catching this! It would be great to be able to access the session options from within a script, or to be able to have a protocol fallback option so that if one method of connecting didn't work, SecureCRT would try the next method.

There is not a scripting object property or method that allows you to find out the protocol, and automatic protocol fallback is not currently a built-in option. However I've added the forum posts to our request database and we will post a follow up message to this forum if either of these features are added. For direct e-mail notification, please let us know ( and refer to forum post 2289.

At this time the only way to determine the protocol is to parse the session's .ini file. We have an example script which shows how you can parse lines out of the .ini file...

0 0

I do not completely agree with the last answer. The first time you accept an SSH key, you know nothing about the remote host, so automatically accepting it makes no difference.

What I would do is auto accept the key the first time you connect to a host. I've read that doing something like yes yes | ssh user@host works, but it doesn't, because SSH does not read from stdin, but from a terminal.

What does work is to pass, that first time you connect, the following ssh option (it works for both scp and ssh:

scp -oStrictHostKeyChecking=no user@host1:file1 user@host2:file2

This command would add the key the first time you run it, but if, as Eric says, doing this once you have accepted the key is dangerous (man in the middle is uncool). If I were you I'd add it to a script that checked in ~/.ssh/known_hosts if there's already a line for that host, in which case I wouldn't add that option. On the other hand, if there was no line, I'd do so ;).

If you are dealing...

0 0
Author Message DJD


I'm making a script to copy a directory on a window machine to several linux servers.
Is there any way I can automatically accept the host keys/fingerprint of the linux servers while making a connection for the first time ?

The only thing I know about the linux servers is the IP address and root password.

I'm currently testing with the following command
winscp407.exe root:password@%IP% /synchronize %LOCFOLDER% /install /defaults /log=%0\..\%IP%.log /ini=%0\..\winscp407.ini /hostkey

Advertisements martin
Site Admin

Joined: 2002-12-10
Posts: 24459
Location: Prague, Czechia

Please read


. If that does not help, come back.


Martin Prikryl

Lauri ...
0 0

SSH keys are fairly simple to setup, especially when using the native terminal applications available in either Linux or Mac OSX. Here's how!

In terminal, type the following command:

ssh-keygen -t dsa

This will ask you a few questions, the defaults for which are just fine, no passcode is necessary. This will generate a key in the ~/.ssh/ directory. Now we just need to get that file up to the server.

You can do this using scp, or rsync. Below is an example of a properly formatted rsync command, be sure to replace username with the username intended to access the server and the IP address with the address of your server:

rsync -av -e "ssh" ~/.ssh/

In the event your server uses a non-standard port for ssh, you can specify this inside the quotes around ssh. Here is an example for port 2222, the default port for HostGator shared servers:

rsync -av -e "ssh -p 2222" ~/.ssh/

0 0

By default, the SSH client verifies the identity of the host to which it connects.

If the remote host key is unknown to your SSH client, you would be asked to accept it by typing "yes" or "no".

This could cause a trouble when running from script that automatically connects to a remote host over SSH protocol.

This article explains how to bypass this verification step by disabling host key checking.

The Authenticity Of Host Can't Be Established

When you log into a remote host that you have never connected before, the remote host key is most likely unknown to your SSH client, and you would be asked to confirm its fingerprint:

The authenticity of host ***** can't be established. RSA key fingerprint is *****. Are you sure you want to continue connecting (yes/no)?

If your answer is yes, the SSH client continues login, and stores the host key locally in the file ~/.ssh/known_hosts.

If you would like to bypass this verification step, you...

0 0


SSH, or secure shell, is a network protocol that provides a secure, encrypted way to communicate with and administer your servers. As SSH is the most common way of working with a FreeBSD server, you will want to familiarize yourself with the different ways that you can authenticate and log in to your server. While there are several ways of logging into a FreeBSD server, this tutorial will focus on setting up and using SSH keys for authentication.

How SSH Keys Work

An SSH server can authenticate clients using a variety of methods. The most common methods include password and SSH key authentication. While passwords do provide a barrier against unauthorized access, using SSH keys is generally much more secure.

The issue with passwords is that they are typically are created manually, without sufficient length or complexity in content. Therefore, they can be susceptible to being compromised by brute force attacks. SSH keys provide a reliably...

0 0

On this page:


Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (i.e., a key pair), one "private" and the other "public". You keep the private key a secret and store it on the computer you use to connect to the remote system. Conceivably, you can share the public key with anyone without compromising the private key; you store it on the remote system in a .ssh/authorized_keys directory.

To use SSH public-key authentication:

The remote system must have a version of SSH installed. The information in this document assumes the remote system uses OpenSSH, which is generally the case for UITS central systems at Indiana University. If the remote system is using a different version of SSH (e.g., Tectia SSH), the process outlined below...
0 0

This document covers the SSH client on the Linux Operating System and other OSes that use OpenSSH. If you use Windows, please read the document SSH Tutorial for Windows If you use Mac OS X or other Unix based system, you should already have OpenSSH installed and can use this document as a reference.

This article is one of the top tutorials covering SSH on the Internet. It was originally written back in 1999 and was completely revised in 2006 to include new and more accurate information. As of October, 2008, it has been read by over 473,600 people and consistently appears at the top of Google's search results for SSH Tutorial and Linux SSH.

What Is SSH?

There are a couple of ways that you can access a shell (command line) remotely on most Linux/Unix systems. One of the older ways is to use the telnet program, which is available on most network capable operating systems. Accessing a shell account through the telnet method though poses a danger in that...

0 0

As an administrator of Bitvise SSH Server, you should first become comfortable with the SSH server's log files. Bitvise SSH Server writes warnings and errors into the Application section of the Windows Event Log, but it also writes more detailed information to textual log files. These are located by default in the 'Logs' subdirectory of the SSH server installation directory.

Whenever you have a problem, the SSH server log files are the first place you should look.

Q000. Where do I get an activation code for personal use?

No activation code is needed to use Bitvise SSH Server for personal use. If your Bitvise SSH Server Control Panel is saying that there is an evaluation period, this means that you installed the product as the Standard Edition. In this case, you need to uninstall Bitvise SSH Server, re-install it again, and choose the Personal Edition this time.

Note that Bitvise SSH Server may be installed in the Personal Edition only by genuine,...

0 0


ssh - OpenSSH SSH client (remote login program) ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D
.Sm off [bind_address:] port
.Sm on ] [-e escape_char] [-F configfile]
.Bk -words [-i identity_file]
.Ek [-L
.Sm off [bind_address:] port: host: hostport
.Sm on ]
.Bk -words [-l login_name]
.Ek [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R
.Sm off [bind_address:] port: host: hostport
.Sm on ] [-S ctl_path]
.Bk -words [-w tunnel: tunnel] [user @hostname] [command]
.Ek ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel.

ssh connects and logs into the specified hostname (with...

0 0

Use the StrictHostKeyChecking option, for example:

ssh -oStrictHostKeyChecking=no $h uptime

This option can also be added to ~/.ssh/config, e.g.:

Host somehost Hostname StrictHostKeyChecking no

Note that when the host keys have changed, you'll get a warning, even with this option:

$ ssh -oStrictHostKeyChecking=no somehost uptime @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 31:6f:2a:d5:76:c3:1e:74:f7:73:2f:96:16:12:e0:d8. Please contact your system administrator. Add correct host key in /home/peter/.ssh/known_hosts to get rid of this message. Offending RSA key in...
0 0

setting ssh authorized_keys seem to be simple but hides some traps I'm trying to figure

-- SERVER --

in /etc/ssh/sshd_config set passwordAuthentication yes to let server temporary accept password authentication

-- CLIENT --

1. generate private and public keys (client side) # ssh-keygen

here pressing just ENTER you get DEFAULT 2 files "id_rsa" and "" in ~/.ssh/ but if you give a name_for_the_key the generated files are saved in your pwd

2. place the to target machine ssh-copy-id user_name@host_name

if you didn't create default key this is the first step to go wrong ... you should use

ssh-copy-id -i path/to/ user_name@host_name

3. logging ssh user_name@host_name will work only for default id_rsa so here is 2nd trap for you need to ssh -i path/to/key_name user@host

(use ssh -v ... option to see what is happening)

If server still asks for password then you gave smth. to Enter...

0 0

SSH keys serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. One immediate advantage this method has over traditional password authentication is that you can be authenticated by the server without ever having to send your password over the network. Anyone eavesdropping on your connection will not be able to intercept and crack your password because it is never actually transmitted. Additionally, using SSH keys for authentication virtually eliminates the risk posed by brute-force password attacks by drastically reducing the chances of the attacker correctly guessing the proper credentials.

As well as offering additional security, SSH key authentication can be more convenient than the more traditional password authentication. When used with a program known as an SSH agent, SSH keys can allow you to connect to a server, or multiple servers, without having to remember or enter your password for each...

0 0


SSH is a secure protocol used as the primary means of connecting to Linux servers remotely. It provides a text-based interface by spawning a remote shell. After connecting, all commands you type in your local terminal are sent to the remote server and executed there.

In this cheat sheet-style guide, we will cover some common ways of connecting with SSH to achieve your objectives. This can be used as a quick reference when you need to know how to do connect to or configure your server in different ways.

How To Use This Guide

Read the SSH Overview section first if you are unfamiliar with SSH in general or are just getting started. Use whichever subsequent sections are applicable to what you are trying to achieve. Most sections are not predicated on any other, so you can use the examples below independently. Use the Contents menu on the left side of this page (at wide page widths) or your browser's find function to locate the sections you...
0 0

"Secure Shell or SSH is both a computer program and an associated network protocol designed for logging into and executing commands on a networked computer." -WikiPedia-

An SSH server can be set up in various ways, but in this document I’ll describe how it can be configured to:

only support connections through the 2nd version of the SSH protocol (SSH-2) use DSA keys for user authentication, without permitting authentication with passwords allow only a specific group of users to connect

The SSH-2 protocol, apart from many other useful features, provides stronger security than SSH-1. It’s a bit more cpu hungry than the latter, but this should not be a problem. Using the above configuration, someone must be extremely lucky to manage to break into our system.

But, let me say a few words about how the authentication is done. The user creates a keypair, which consists of a private key, that can be protected with a passphrase, and a public key. The public key...

0 0

A very simple way is:

cp ~/.ssh/known_hosts ~/.ssh/known_hosts.bak

Then edit known_hosts to clear the original key, then ssh to the host using:

ssh name@computer

It'll add the new key automatically; then compare the two files. A program such as meld is a nice way to compare the two files. Then merge the files to make known_hosts contain both keys

My 'reason' for keeping two keys is that the destination system is multiboot, even though I dare say there's a way of synchronizing the keys across the installations, it seems more straightforward to allow multiple keys.

EDIT 2015/06

I should add, revisiting it now, that I notice an even simpler way [as long as the entry is identifiable, normally from the hostname / IP address quite aside from the error message referencing its specific location];

Edit known_hosts to add # at the start of the 'old' entry in known_hosts temporarily Connect [ssh to the host], agree to the prompt to add the new key...
0 0

Step 1. Ensure you have an SSH client installed

SSH is most likely included with your version of Mac OS or Linux. To make sure, do the following to verify your installation:

From your terminal window, enter the following command, which identifies the version of SSH you have installed.
If SSH is installed, you see something similar to the following:

$ ssh -V
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]>

If you have ssh installed, the terminal returns version information.
If you...

0 0
0 0

If you are having problems with SSH, here are some things you can try when troubleshooting your issues.

Specific Error Messages

Permission denied (publickey) or No suitable response from remote

When attempting to clone, push or pull over SSH with Git or Mercurial, you receive the message:

Permission denied (publickey).


remote: Permission denied (publickey). abort: no suitable response from remote hg!

You are receiving this message because Bitbucket Cloud could not authenticate you with any of the keys that were offered to it by your SSH agent. To verify this is the case, do the following:

The command tests your connection to Bitbucket as a Git or Mercurial user. It first sees if your SSH Agent has an identity loaded. The command then checks if that private key matches a public key for an existing Bitbucket account. You might have either problem.

The permission denied message can be caused by a couple of factors, but these are...

0 0
Using public keys for SSH authentication

Previous | Contents | Index | Next

8.1 Public key authentication - an introduction

Public key authentication is an alternative means of identifying yourself to a login server, instead of typing a password. It is more secure and more flexible, but more difficult to set up.

In conventional password authentication, you prove you are who you claim to be by proving that you know the correct password. The only way to prove you know the password is to tell the server what you think the password is. This means that if the server has been hacked, or spoofed (see section 2.2), an attacker can learn your password.

Public key authentication solves this problem. You generate a key pair, consisting of a public key (which everybody is allowed to know) and a private key (which you keep secret and do not give to anybody). The private key is able to generate signatures. A signature created using your private key cannot be...

0 0