ssh Without a Password

Short form:

  • ssh-copy-id user@host

Long form:

Here’s how to set up password-free ssh.

  • Work out any problems with passworded ssh before proceeding.
  • On the client machine, run “ssh-keygen -t rsa”. (Note: Only do this if you don’t have ssh without password connecting from this client to ANYWHERE.)
  • Copy your id_rsa.pub (or your identity.pub, or whatever you’ve named your public key) to the server as ~/.ssh/authorized_keys. If you already have an authorized_keys, append your id_rsa.pub to that file. If you have no other authorized_keys, the command will be something like:
    • scp ~/.ssh/id_rsa.pub username@hostname:.ssh/authorized_keys
  • On the server:
    • chmod 700 .ssh
    • chmod 600 .ssh/authorized_keys
  • On the client, run ssh yourId@yourServer; and it should login without a password.

Windows Is Different:

  • With Microsoft’s “OpenSSH Server”:
    • If you are a non-admin user, your authorized_keys file is C:\Users\USERID.ssh\authorized_keys.
    • If you are logging in as an admin user, your authorized_keys file is C:\ProgramData\ssh\administrators_authorized_keys.
      • The ACL on this file must only allow access to Administrators and System.
        • (Right-click on the file in Explorer. Go into security. Disable inheritance. Change the permissions.)

Debugging:

If you still get a password prompt after you set this up:

  • On the server: chmod go-w ~
  • On the server: chmod 700 ~/.ssh
  • On the server: chmod 600 ~/.ssh/authorized_keys

Then try again. If you still fail:

  • On the server: sudo tail -f /var/log/auth.log (that’s the path for Ubuntu 18)
  • On the client: ssh -v user@host

You should see something like this on the client:

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:blahBlah  /Users/username/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).

You’re looking for it to offer public key and for publickey to succeed.

On the server, you should see something like:

Sep  4 14:26:22 hostname sshd[10444]: Accepted publickey for username from 192.168.1.22 port ...
Sep  4 14:26:22 hostname sshd[10444]: pam_unix(sshd:session): session opened for user username by (uid=0)
Sep  4 14:26:22 hostname systemd-logind[1450]: New session 240 of user username.

Usually, you’ll see a pretty clear message in the server’s log about having a permission wrong somewhere. You need:

  • ONLY YOU to be able to write to your home directory
  • ONLY YOU should have read permission for .ssh and authorized_keys
  • ONLY YOU should have write permission for .ssh and authorized_keys.

UPDATE: It looks like something changed in the cygwin ssh and now ssh2 is the default. Consequently, if you have a keygen-generated a file named “identity”, you need to rename the private key to be id_rsa (or you could “ln identity id_rsa”).

UPDATE2: If you’ve checked your permissions and file contents, and everything looks right, but it keeps doing password authentication, try specifying the identify file to use via the command line. e.g.

  • ssh -i /path/to/identity username@remotehost

UPDATE3: Note that ssh uses your home directory as defined in /etc/passwd, and not an environment variable. Oddly, you can do “cd ~/.ssh” and end up in the directory which bash thinks is your home directory, and wind up with ssh looking for .ssh in a completely different directory. If UPDATE2 fixes your problem, fixing your /etc/passwd entry may help.

Tested with Cygwin ssh client, Ubuntu 9, and a few flavors of Solaris. This is basic stuff, so it should work with all Unix-like systems.

If you have set up public key authentication, and you want to force a particular ssh session to use password-based authentication, you can use the following:

  • ssh -o PubkeyAuthentication=no user@remotehost

How it works: The ssh client encrypts a string with your private key. The ssh server decrypts it with your public key. Only things encrypted with your private key can be decrypted with your public key, so the server knows you’re you.

Hide Dock Icon In Mac OS X 10.5

Inside the .app's Info.plist set:
<KEY>NSUIElement</KEY>
<STRING>0</STRING>

Using the Todoist API

If you are trying to use the Todoist (www.todoist.com) API

  • And you find that your URL works from a web browser (Internet Explorer, Safari, Firefox)
  • But it doesn't work via wget or curl
  • And you're getting "500 Internal Server Error" in your response
  • And some URIs work via wget (e.g. http://todoist.com/API/getProjects?token=fb5f22601ec566e48083213f7573e908a7a272e5 )
  • But other URIs fail via wget (e.g. http://todoist.com/API/getProject?project_id=22073&token=fb5f22601ec566e48083213f7573e908a7a272e5 )

before you blame the Todoist API -- remember that the ampersand must be escaped on the wget/curl command-line.

wget http://todoist.com/API/getProject?project_id=22073\&token=fb5f22601ec566e48083213f7573e908a7a272e5

(I figured this out by using the Fiddler2 debugging proxy. Great tool.)

Task and To-do Applications and Techniques Revisited

­­­I’m revisiting the the topic of my to-do list.  Some things that are important to me for a task list:

  1. Rapid capture of new tasks
  2. Available online, offline, and mobile (e.g. carry-with in pocket or accessible via cell phone)
  3. Supports manual sequencing of tasks (e.g. This item goes here in the list.)
  4. Supports nesting of tasks
  5. Cross-platform
  6. TheGTD concept of 'contexts' would be nice.  However, in my current situation I have many non-exclusive contexts.  For example, when I'm at the office at my desk, I'm simultaneously in the Phone, Computer, and Office contexts; when I'm at home, I'm simultaneously in the Phone, Computer, and Home contexts.
  7. Ability to capture task notes along with the task title (typically an email body).
  8. Note: I can type much faster than I can write; much, much faster than I can write legibly.

The three I currently consider viable are index cards, todoist.com, and Evernote.  Checkvist and tonido are worth watching, in the event they add missing functionality.  I’d like online and offline, but if I can’t get both, online is more important because I can use it from all my computers.


  • Index cards are simple, but I can type much faster than I write, and they get to be cumbersome when you've got 150 open tasks.
  • Evernoteshould be a really good fit, but it isn't really an outliner or a to-do list, so it is adequate at all and great at none. 
  • Todoist isn't bad.  Backups are via http://www.kinggary.com/tools/todoist-export.php, or you can write your own using the API.


In the table below, Y = Yes, N = No, P = Partially, or with some issues/limits.  On = Online, Off = Offline, Mob = Mobile, Nes = Nesting tasks, Seq = Sequencing, Kbd = Good keyboard interface, CGrp = Context Groups, Rap = Rapid entry­, Bak = backups are feasible


Tool On Off Mob Nes Seq Kbd CGrp Rap Bak Notes
Index Cards Y Y Y Y Y N Y P N Hard to see the complete list.  Sorting and grouping can be slow when you have a lot.
Outlook N Y P N N Y Y Y Y
rmilk.com Y Y Y N N N Y Y
Evernote Y Y Y P Y P N Y Y
Orchestrate Y N N N ? N Y N ? No recent dev
­Todoist N Y Y Y Y N Y Y Use the Firefox sidebar.  Write your own back-up using their API. It isn't hard.
MLO N Y ? Y Y Y Y Y Y
Bonsai N Y P Y Y Y Y Y Y
tadalists Y N N N Y N N N Y Can't edit a task!
­­OneNote N Y ? Y Y Y Y Y Y
­Todo.txt N Y N Y Y Y Y Y Y Adding task notes is not elegant.
ToDoList (abstractspoon) N Y ? Y Y Y ? Y Y
Toodledo Y N N N N ? ? N ?
Tudumo N Y N N ? Y ? ? Y Windows only
­Tiddlywiki ? Y N Y Y N Y Y Y
­­Excel N Y P P Y Y Y Y Y
Backpack Y N N N Y N N Y Y
­Checkvist Y N N Y Y Y! N N Y No filters. Tags are on their radar. Really nice, i­f they add tags and rapid entry.
Jello N Y N Y N N Y Y Y
Google Tasks Y N N Y Y Y N N Attached to GMail; employers block web mail.
eyeos.org








Doesn't do tasks yet (April 2009).  DIY Google apps plus file sharing.
groundos.org­








Releases May 1, 2009. DIY Google apps plus file sharing. Don't see tasks mentioned.
tonido.com Y N Y N N N N N Y DIY Google apps plus file sharing. Does do tasks.
­getontracks.org P P Y N N
Y N Y Either web OR local
TaskToy Y N N N N N N N N
Task Coach N Y N Y Y Y ? ? Y Windows, Mac, Linux - no synch
TaskToMe N Y N





a basic, Windows-only task program
SwiftToDoList








way too expensive
Vitalist Y N Y Y ? ? ? Y ? $5 per month to get past free limits
Task2Gather Y N Y ? ? N ? N Y I was unable to figure out how to nest tasks. UI is hard to use.
Enleiten Y N N N N N ? N ?
HiTask Y N N N ? N ? N ?
Nozbe­ Y N N N Y N ? N ?


Lazailess - way too under-powered and slow
GTDAgennda.com - similar to Tracks, but not free.
MojoNote - too underpowered
Pityfish.com - too underpowered
Awesome Note on the iPhone synched with Google Docs or Evernote - neither priority nor due date synch. I’m not going to use a to-do list where I can’t see these fields on my PC.

Rails requires RubyGems Error Message Solved

When running script/server, I was getting the error message

<pre> Rails requires RubyGems >= . Please install RubyGems and try again: http://rubygems.rubyforge.org</pre> <ul> <li>Ruby Enterprise Edition in /opt/ruby-enterprise/bin</li> <li>Ubuntu’s default ruby</li> </ul> <pre> apt-get remove ruby</pre>fixed the problem</code>

Silence the PC Speaker in VMware Guests

Ubuntu has a habit of beeping the virtual PC's speaker.  To silence it, add the following line to your VMX file on the host:

mks.noBeep = "TRUE"

Note: Make sure you get ordinary quote marks around the TRUE, and not typographic quotes.

If that doesn't work, in Ubuntu:

  • vi /etc/modprobe.d/blacklist.conf and add "blacklist pcspkr"

Rails on Windows April 2009

(Much content based on http://www.netbeans.org/kb/docs/ruby/rapid-ruby-weblog.html)

  • Install Ruby 1.8.6 from the one-click installer.
  • Install MySQL 5.0.27, as a Windows Service, with developer Tools.
  • Install NetBeans 6.5.1 with just the Ruby package.
  • gem update –system
  • gem install mysql
    1. It installed mysql-2.7.3-mswin32.  Note: Only MySQL 5.0.27 works with 2.7.3 of the gem.  That is the version it was linked with when it was compiled.  If you mismatch the versions, you’ll get “rake aborted! undefined method `each' for #<Mysql:…”
    2. It gave an error installing the doc, but the rest appears OK.
  • gem install rails
  • Start NetBeans
    1. File/New Project
      1. Ruby
      2. Ruby on Rails Application
      3. Project Name = rubyweblog
      4. Location=K:\NetBeansProjects
      5. Platform=Ruby 1.8.6-p287
      6. Server=WebRick
      7. Database Adapter=mysql
      8. database name = rubyweblog_development
      9. user=root
      10. Rails Version=2.3.2
    2. Right-click Rubyweblog in the tree
      1. Generate / Scaffold
      2. Model Name = Post (singular, initial Cap.)
    3. Right-click Rubyweblog in the tree
      1. Run/Debug rake task
      2. db:create
    4. Right-click Rubyweblog in the tree
      1. Migrate Database
      2. To Current Version
    5. Open rubyweblog/Configuration/routes.rb
      1. Add   map.root :controller => "posts"    somewhere inside the do.
    6. Delete K:\NetBeansProjects\rubyweblog\public\index.html
    7. Right-click rubyweblog and select Run.
    8. Open a web browser to http://localhost:3000/ and create a couple of posts.
    9. Right-click Database Migrations, and select Generate (Generator = migration; Arguments = “AddBodyToPost body:text”)
    10. Right-click Rubyweblog in the tree
      1. Migrate Database
      2. To Current Version
    11. Edit rubyweblog\views\posts\edit.html.erb, and add a “<p>” for the body, similar to the title.
    12. Edit rubyweblog\views\posts\new.html.erb, and add a “<p>” for the body, similar to the title.
    13. Edit rubyweblog\views\posts\show.html.erb and make it look like: 
      <p>
  <b>Title:</b>
  <%=h @post.title %>
</p>

<p>
  <b>Body:</b>
  <%=h @post.body %>
</p>

<%= link_to 'Edit', edit_post_path(@post) %> |
<%= link_to 'Back', posts_path %>
    14. Use your browser to edit the posts and add bodies.

Let’s add Clearance authentication:

 

In config/environment.rb:

config.gem "thoughtbot-clearance", 
  :lib     => 'clearance', 
  :source  => 'http://gems.github.com', 
  :version => '>= 0.5.3'

In config/environments/test.rb:

config.gem 'thoughtbot-shoulda',
  :lib     => 'shoulda',
  :source  => "http://gems.github.com", 
  :version => '2.10.0'
config.gem 'thoughtbot-factory_girl',
  :lib     => 'factory_girl',
  :source  => "http://gems.github.com", 
  :version => '>= 1.2.0'

Then:

rake gems:install
rake gems:unpack 
rake gems:install RAILS_ENV=test
rake gems:unpack  RAILS_ENV=test
ruby script/generate clearance

Define a HOST constant in your environments files. In config/environments/test.rb and config/environments/development.rb it can be:

HOST = "localhost"

In production.rb it must be the actual host your application is deployed to. The constant is used by mailers to generate URLs in emails.

In config/environment.rb (outside the ‘do’):

DO_NOT_REPLY = donotreply@dialectic.us

Migrate Database / to current version

Add this to posts_controller.rb

  before_filter :authenticate, :except => [:index, :show]

Confirm that you can view posts but not create them without logging in

To logout enter http://localhost:3000/sessions/destroy

If you put “map.logout    '/logout',    :controller => 'sessions',  :action => 'destroy' ” into routes.rb, you can logout with http://localhost:3000/logout

These are some handy routes:

map.register  '/register',  :controller => 'users',     :action => 'new'
map.login     '/login',     :controller => 'sessions',  :action => 'new'
map.logout    '/logout',    :controller => 'sessions',  :action => 'destroy'

Some Web Servers Drop Guest Connections (e.g. Twitter)

Some web sites drop connections from the guest, without returning anything (even headers).  This happens with twitter.com when run from

    * VMWare Fusion 2.0.2 on an OS X 10.5.5 host, with bridged networking, from a Windows XP SP3 guest
    * VMWare Player 2.0.5 on a Windows XP SP3 host, with NAT networking, from a Windows XP SP3 guest

This behavior is independent of the tool I use to send the request to the server:

    * I tried fetching http://twitter.com/ from Firefox, and the connection gets dropped before returning data to Firefox.
    * I tried using "wget –user-agent=Mozilla –server-response http://twitter.com/" and it reports "Read error (Connection reset by peer) in headers"
    * I tried using telnet to port 80 at twitter.com, and issuing "GET /" manually, and the host disconnects immediately after I press Enter after the "GET /"


Event Viewer on the Windows guests shows no errors.  Neither guest is running a firewall.  On both hosts, I can fetch the page via all the tools, but in the guest, twitter.com disconnects after receiving the request.

I’m not running a firewall on the OS X host.  There is firewall software on the Windows host, but I told it not to filter connections.  (I can’t remove it entirely.  Corporate IT policy.)

What else could I try?  It really looks like some web servers are configured to reject GET requests that match some criteria, and VM guests match that criteria.

I’ll donate $20 to a charity of your choice if you’re the first commenter to come up with a solution.

Time Machine Backups Failing

Time Machine on my Mac started giving the "The backup volume could not be found" error when backing up. To make matters worse, it never gave a big "Backups are NOT HAPPENING" type of error dialog.

It turns out that I had disabled the built-in Ethernet, when I was testing a USB-Ethernet adapter. Time Machine apparently relies on the MAC address of the built-in Ethernet. Re-enabling the built-in Ethernet corrected the problem.

I had heard that some people had trouble with Time Machine on a Western Digital (WD) MyBook External drive, so I was worried that it wouldn't work on my 1TB WD MyBook.  It worked fine, once I re-enabled the Ethernet.

The connection between a USB disk drive and an Ethernet address and Time Machine certainly violates the "principle of least surprise."

©2025 Kevin P. Kleinfelter.