SSHコピーIDの「No identities found」エラーを解決する方法

Introduction

The SSH copy-id command is a useful tool for easily setting up SSH key-based authentication between servers. However, you may occasionally encounter the "/usr/bin/ssh-copy-id: error: no identities found" error when trying to use this command. This tutorial will guide you through the steps to troubleshoot and resolve this issue, ensuring a smooth SSH key-based authentication process. By the end of this lab, you will understand how SSH key authentication works and be able to properly configure it on your systems.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/RemoteAccessandNetworkingGroup(["Remote Access and Networking"]) linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/BasicFileOperationsGroup -.-> linux/cat("File Concatenating") linux/BasicFileOperationsGroup -.-> linux/chmod("Permission Modifying") linux/RemoteAccessandNetworkingGroup -.-> linux/ssh("Secure Connecting") subgraph Lab Skills linux/ls -.-> lab-398384{{"SSHコピーIDの「No identities found」エラーを解決する方法"}} linux/cat -.-> lab-398384{{"SSHコピーIDの「No identities found」エラーを解決する方法"}} linux/chmod -.-> lab-398384{{"SSHコピーIDの「No identities found」エラーを解決する方法"}} linux/ssh -.-> lab-398384{{"SSHコピーIDの「No identities found」エラーを解決する方法"}} end

Understanding SSH Key Authentication

Before we dive into troubleshooting the "no identities found" error, it is important to understand what SSH key authentication is and how it works.

What is SSH Key Authentication?

SSH (Secure Shell) key authentication is a method of logging into remote systems securely without having to type a password each time. It uses a pair of cryptographic keys:

A private key that remains on your local machine
A public key that is copied to the remote server

When you try to connect to a remote server, your SSH client uses your private key to create a signature. The server checks this signature using your public key stored in its authorized_keys file. If the signature is valid, you gain access without needing to enter a password.

What is ssh-copy-id?

The ssh-copy-id command is a utility that simplifies the process of copying your public key to a remote server. It adds your public key to the remote server's ~/.ssh/authorized_keys file, allowing for password-less authentication in future connections.

Let's check if you already have any SSH keys on your system. Run the following command in your terminal:

ls -la ~/.ssh

If you see files named id_rsa (private key) and id_rsa.pub (public key), you already have an SSH key pair. If not, we'll create them in the next step.

You might see output similar to:

total 20
drwx------ 2 labex labex 4096 Sep 15 10:00 .
drwxr-xr-x 5 labex labex 4096 Sep 15 09:55 ..
-rw------- 1 labex labex 1766 Sep 15 09:58 id_rsa
-rw-r--r-- 1 labex labex  401 Sep 15 09:58 id_rsa.pub
-rw-r--r-- 1 labex labex  444 Sep 15 10:00 known_hosts

If you don't see any files or the .ssh directory does not exist, don't worry - we'll create everything in the next step.

Generating SSH Keys

If you don't have SSH keys or want to create new ones, you can generate them using the ssh-keygen command. This is often the first step in resolving the "no identities found" error.

Creating a New SSH Key Pair

Let's generate a new SSH key pair by running the following command:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This command:

-t rsa specifies the type of key to create (RSA)
-b 4096 specifies the bit length (stronger encryption)
-C adds a comment (usually an email) to help identify the key

When you run this command, you'll be prompted to:

Enter a file location to save the key (press Enter to use the default location ~/.ssh/id_rsa)
Enter a passphrase (you can press Enter twice for no passphrase, but using one adds an extra layer of security)

The output should look similar to:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/labex/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/labex/.ssh/id_rsa
Your public key has been saved in /home/labex/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:abcdefghijklmnopqrstuvwxyz1234567890ABCD [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+----[SHA256]-----+

Verifying the SSH Key Creation

Now let's verify that the keys were created properly:

ls -la ~/.ssh

You should now see both the private key (id_rsa) and the public key (id_rsa.pub) files in the output:

total 20
drwx------ 2 labex labex 4096 Sep 15 10:10 .
drwxr-xr-x 5 labex labex 4096 Sep 15 09:55 ..
-rw------- 1 labex labex 3389 Sep 15 10:10 id_rsa
-rw-r--r-- 1 labex labex  746 Sep 15 10:10 id_rsa.pub
-rw-r--r-- 1 labex labex  444 Sep 15 10:00 known_hosts

Let's also look at the content of your public key file:

cat ~/.ssh/id_rsa.pub

The output should be a single line starting with ssh-rsa followed by a long string of characters and ending with your email address or comment.

Now that we have confirmed our SSH keys exist, we can move on to the next step: troubleshooting and resolving the "no identities found" error.

Understanding and Resolving the "No Identities Found" Error

Now that we have our SSH keys in place, let's understand why the "no identities found" error occurs and how to fix it.

Common Causes of the Error

The "no identities found" error typically occurs for one of these reasons:

SSH keys do not exist
SSH keys are not in the default location
SSH keys have incorrect permissions
The ssh-copy-id command cannot find any public keys to use

Since we've already confirmed our SSH keys exist in the default location, let's check the permissions.

Checking and Fixing SSH Key Permissions

SSH is very particular about file permissions for security reasons. Run the following command to check the permissions of your .ssh directory and its contents:

ls -la ~/.ssh

For proper security:

The .ssh directory should have permissions 700 (rwx------)
The private key (id_rsa) should have permissions 600 (rw-------)
The public key (id_rsa.pub) should have permissions 644 (rw-r--r--)

If your permissions are incorrect, you can fix them with the following commands:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Using ssh-copy-id Correctly

Now let's try to use the ssh-copy-id command properly. The correct syntax is:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host

Where:

-i specifies the identity file (public key) to use
username is your username on the remote server
remote_host is the hostname or IP address of the remote server

For our lab environment, we will simulate this by using the local machine. Run:

ssh-copy-id -i ~/.ssh/id_rsa.pub labex@localhost

You will be prompted for the password of the remote user. In a real environment, you would enter that password, and the public key would be copied to the remote server.

If you see a message like "Number of key(s) added: 1", then your key was successfully copied.

Troubleshooting When the Error Persists

If you still get the "no identities found" error, you can explicitly specify the path to your public key:

ssh-copy-id -i ~/.ssh/id_rsa.pub labex@localhost

If the error persists, it might be that your SSH agent is not running or your key hasn't been added to it. You can check this with:

ssh-add -l

If it says "The agent has no identities," you can add your key:

ssh-add ~/.ssh/id_rsa

Now try the ssh-copy-id command again:

ssh-copy-id -i ~/.ssh/id_rsa.pub labex@localhost

By following these steps, you should be able to resolve the "no identities found" error and successfully copy your SSH key to the remote server.

Verifying SSH Key Authentication

Now that we have resolved the "no identities found" error and successfully copied our SSH key to the remote server, let's verify that SSH key authentication works properly.

Testing SSH Key Authentication

In a real environment, you would test SSH key authentication by connecting to the remote server:

ssh username@remote_host

If your SSH key is set up correctly, you should be able to log in without entering a password (unless you set a passphrase for your key, in which case you'd need to enter that).

For our lab environment, we can test by trying to SSH to localhost:

ssh labex@localhost

If you get a prompt asking you to confirm the connection (because localhost is not in your known hosts file), type yes.

You might see a message like:

The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:abcdefghijklmnopqrstuvwxyz1234567890ABCD.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

If you're asked for a password, it means the SSH key authentication is not working yet. But if you successfully login without entering a password, your SSH key authentication is working correctly.

Common SSH Key Authentication Issues and Solutions

If you're still having issues with SSH key authentication, here are some common problems and solutions:

SSH Server Configuration: The SSH server must be configured to allow public key authentication. This is usually enabled by default, but you can check by examining the /etc/ssh/sshd_config file on the remote server:
```
grep PubkeyAuthentication /etc/ssh/sshd_config
```
It should show PubkeyAuthentication yes.
File Ownership: Your home directory and .ssh directory must be owned by you:
```
ls -ld ~ ~/.ssh
```
Both should show your username as the owner.
Debug SSH Connection: You can use the verbose flag to debug SSH connections:
```
ssh -v labex@localhost
```
This will show detailed information about the authentication process, which can help identify the issue.

SSH Key Management Best Practices

Here are some best practices for managing SSH keys:

Use a passphrase: When generating your SSH key, consider using a passphrase for added security.
Different keys for different servers: For enhanced security, consider using different keys for different servers or purposes.
Backup your keys: Keep backups of your SSH keys in a secure location.
Regularly rotate keys: For sensitive environments, consider rotating your SSH keys periodically.

By following these steps and best practices, you can ensure that SSH key authentication works reliably and securely.

Summary

In this lab, you have learned how to troubleshoot and resolve the "no identities found" error when using the SSH copy-id command. We covered:

Understanding SSH key authentication and how the ssh-copy-id command works
Generating SSH key pairs with the ssh-keygen command
Checking and fixing SSH key permissions
Using ssh-copy-id correctly to copy your public key to a remote server
Testing and verifying SSH key authentication
Common issues and best practices for SSH key management

With these skills, you can now set up secure, password-less SSH connections between systems, which is essential for efficient system administration and automation. SSH key authentication not only provides better security than password authentication but also simplifies the login process for legitimate users.

Remember that properly securing your SSH keys is crucial, as they provide direct access to your systems. Always keep your private keys secure and consider using passphrases for additional protection.