Page MenuHomePhabricator
Create Task
Maniphest T249165

Issue generating new ssh keypair
Closed, ResolvedPublic
Actions

Description

Hi Dallas,

I've tried to issue a new ssh keypair and I get the below issue as failed. Could you let me know what should I do?
Appreciate it

Marianas-MacBook-Pro:~ marianasuijkerbuijk$ ssh-keygen -t rsa -b 4096 -C msuijkerbuijk@wikimedia.org
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/marianasuijkerbuijk/.ssh/id_rsa): /Users/you/fr_id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Saving key "/Users/you/fr_id_rsa" failed: No such file or directory
Marianas-MacBook-Pro:~ marianasuijkerbuijk$

Event Timeline

MSuijkerbuijk_WMF created this task.Apr 1 2020, 7:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 1 2020, 7:51 PM
Dwisehaupt added a project: fundraising-tech-ops.Apr 1 2020, 8:59 PM

Hi Mariana,

You need to specify the path on your local machine for your username. So, instead of specifying /Users/you/fr_id_rsa for the key file location, you would want /Users/marianasuijkerbuijk/.ssh/id_rsa

Let me know how that goes.

Dwisehaupt moved this task from Triage to FR-Ops on the Fundraising-Backlog board.Apr 1 2020, 9:00 PM
Dwisehaupt moved this task from Triage to In Progress on the fundraising-tech-ops board.
MSuijkerbuijk_WMF added a comment.Apr 2 2020, 8:20 AM

Here's the public key.

Your identification has been saved in /Users/marianasuijkerbuijk/.ssh/fr_id_rsa.
Your public key has been saved in /Users/marianasuijkerbuijk/.ssh/fr_id_rsa.pub.
The key fingerprint is:
SHA256:tq1wsRBKnD4r1E42GwJiXDCzp4NcyqqWZLQMCyowFfs msuijkerbuijk@wikimedia.org
The key's randomart image is:
+---[RSA 4096]----+

+oo
. *o .
o=.o+ .
@o== . .
OO+ E . S
=*.= * o =
= o + . + .
.o . o .
o .

+----[SHA256]-----+
Marianas-MacBook-Pro:~ marianasuijkerbuijk$

Dwisehaupt added a comment.Apr 2 2020, 5:38 PM

@MSuijkerbuijk_WMF Ok, that created the key correctly but you only pasted in the fingerprints. Could you please paste in the contents of the /Users/marianasuijkerbuijk/.ssh/fr_id_rsa.pub file?

Also, please verify that the lines in /Users/marianasuijkerbuijk/.ssh/config that reference IdentityFile are pointed at ~/.ssh/fr_id_rsa. That will ensure you should be ready to test when I get the file updated and in place.

MSuijkerbuijk_WMF added a comment.Apr 3 2020, 9:41 AM

@Dwisehaupt Where do I get that content from?

I searched in This Mac and nothing comes up.
Then I'm trying in the terminal and this is what I get:

Marianas-MacBook-Pro:~ marianasuijkerbuijk$ /Users/marianasuijkerbuijk/.ssh/fr_id_rsa.pub
-bash: /Users/marianasuijkerbuijk/.ssh/fr_id_rsa.pub: Permission denied
Marianas-MacBook-Pro:~ marianasuijkerbuijk$

I'm looking at this site https://collab.wikimedia.org/wiki/Fundraising_ssh_access
And this one https://collab.wikimedia.org/wiki/Fundraising_ssh_client_config
But i'm afraid it doesn't work either.

Thanks!

Dwisehaupt added a comment.Apr 3 2020, 1:55 PM

@MSuijkerbuijk_WMF In a terminal window, run the following command: cat /Users/marianasuijkerbuijk/.ssh/fr_id_rsa.pub

That will output the contents of the file.

MSuijkerbuijk_WMF added a comment.Apr 3 2020, 2:36 PM

@Dwisehaupt

Here:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDezdLl+56sNpETPmQqWjLNWuJEsU73gWxE4UG38oe4SEIyPLR7uIBEOGWsZkdeH8fo4eyV/rrIYrM/fC0mQzSGKRIzOE9ItsTMqE4NB7xI9FORSrTEbxnQx6oQ650tb/Zv95KLoCNSj+fx1rhxNPULwO7hPQ/0Sr4dF2Nsd+n7QzkGqB/WxKA8pHbI2GhUB0ZSo6ABjv0oMkbowdHePEd5tztzQd9WHosMa0RWfbyud/B9e/8YpqZcGCjECAWOoM9Ku9mPl7oKkqwCLzQ8rPasayvU7gh/J7ss4Nnb4JRdVSeIKQrpAQtF5+SERzV1aIDUxxo9ERjOcZHoAuSAIydJntNZdxYth4JI9aJUWt+v8/umdkq9Yz9BgF2trvmlX+BQsVVXtZfx6/TbZCxa7daran4yU5ykG0WaVYHYh+RAsksvBt8R+LGFZQZg/SJmhagrBGGY33Z5wndKtqoS7C9izbFjQGACFzMzhA4lV396IilqNGe1CEVfmbrFY4XGOaDe/G861Dah8GzhX+Hey7j8y44wDyBCbDs0eWkF3l0h56Id7o6FyX46Omt0fWbVhRHdr44mY+FBT1v01NyDUDng+jFvde/UVfzZKT4X+STohkWpvDK4Yl+n0M74m+ENFO9julH9K16JxezQi5xxWW+Yd+YCPqG3srDdh9ACpbI+Bw== msuijkerbuijk@wikimedia.org

Dwisehaupt added a comment.Apr 3 2020, 4:35 PM

@MSuijkerbuijk_WMF I have pushed the updated key. You should be able to test again. If you have issues now, please double check the config file I mentioned before and make sure it has the correct IdentityFile specified. It should be ~/.ssh/fr_id_rsa.pub.

Updated key pushed in the following commit:

[frack::puppet::private] aa36f5a Updated ssh key for msuijkerbuijk
MSuijkerbuijk_WMF added a comment.Apr 6 2020, 6:43 AM

@Dwisehaupt

@Dwisehaupt I changed the identityFile as per your reply (point 1 below) and got the warning (point 2). What am I missing?

Point 1
Host frbast.wikimedia.org

User msuijkerbuijk
IdentitiesOnly yes
IdentityFile ~/.ssh/fr_id_rsa.pub
ProxyCommand none

Host *.frack.* frdev1*

User msuijkerbuijk
IdentitiesOnly yes   
IdentityFile ~/.ssh/fr_id_rsa.pub
ProxyCommand ssh -a -W %h:%p frbast.wikimedia.org

Point 2
Marianas-MacBook-Pro:~ marianasuijkerbuijk$ ssh frdev1001
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/marianasuijkerbuijk/.ssh/fr_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/marianasuijkerbuijk/.ssh/fr_id_rsa.pub": bad permissions
msuijkerbuijk@frbast.wikimedia.org: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host
Marianas-MacBook-Pro:~ marianasuijkerbuijk$

Dwisehaupt added a comment.Apr 6 2020, 3:57 PM

@MSuijkerbuijk_WMF I'm sorry. That is my fault. I copied/pasted in the wrong filename for the identity file. It should have been ~/.ssh/fr_id_rsa and not the pub key. Sorry about that mistake.

MSuijkerbuijk_WMF added a comment.Apr 6 2020, 4:24 PM

Thanks @Dwisehaupt It's working now --I'll need a new training from the team but I'm in!

Dwisehaupt closed this task as Resolved.Apr 6 2020, 4:32 PM
Dwisehaupt moved this task from In Progress to Done on the fundraising-tech-ops board.

@MSuijkerbuijk_WMF Great to hear. Sorry for the extra back and forth.

MSuijkerbuijk_WMF added a comment.Apr 7 2020, 9:43 AM

@Dwisehaupt

I'm having an issue again accessing. This is weird because I did manage to access yesterday.
It's asking for my passphrase and then my password. Are both followed by yubikey? Apologies, I might have done it too quickly.

Marianas-MacBook-Pro:~ marianasuijkerbuijk$ ssh frdev1001
ssh: connect to host frbast.wikimedia.org port 22: Connection refused
kex_exchange_identification: Connection closed by remote host

Dwisehaupt reopened this task as Open.Apr 7 2020, 6:34 PM
Dwisehaupt moved this task from Done to In Progress on the fundraising-tech-ops board.

@MSuijkerbuijk_WMF There are 2 different prompts you may see.

The first would be for your ssh keypair. That prompt will look something like :

Enter passphrase for key /Users/marianasuijkerbuijk/.ssh/fr_id_rsa':

When you see that, you will need to enter in the passphrase for your ssh key. If you have an ssh agent set up, you may not see this prompt every time.

The other prompt would be a password prompt that says: Password: When you see that, you'll want to hit the button on you yubikey for it to do the authentication.

MSuijkerbuijk_WMF added a comment.Apr 8 2020, 7:32 AM

Thanks @Dwisehaupt -- worked now

Dwisehaupt closed this task as Resolved.Apr 8 2020, 4:18 PM
Dwisehaupt moved this task from In Progress to Done on the fundraising-tech-ops board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL