I want to make an aws lambda function which connects to a server via ssh and private key authentication.
I am using the simple-ssh node module which uses the ssh2 module as base. I tried using OpenSSH and RSA format for generating a key pair but none of them worked.
The error message which is shown is always
Error: Cannot parse privateKey: Unsupported key format
Does anyone know the valid parameters for a ssh-keygen command which is compatible to the ssh2 node module?
Thanks in advance :)
Okay I have found the issue I had. I was saving the private key inside of an environment variable. The problem was that there were no line breaks and it seems like the parser needed this line breaks to understand the key. When I saved the key into a file and read it with require('fs').readFileSync it worked.
The command I needed to get the key was the following:
ssh-keygen -m PEM -t rsa -b 2048
Related
I've been using Puttygen to generate SSH Key pair for Azure Linux VM.
recently i found openssh is available on Windows 10 and i can use "ssh-keygen" command on Windows 10 CMD and generate Private and Public Key.
I've tried this but with unsuccessful attempt.
As per the article click here ask us to use below command and it completes successfully. It exports private and public key in a location. But when i load the private key in putty and connect to my server it throws error
Unable to use key file "C:\publickey\id_rsa.ppk" (OpenSSH SSH-2 private key (old PEM format))
login as:
Below is the command which i used to generate key pairs on windows 10
C:\Users\xxx>ssh-keygen -t rsa -b 2048 -C "azureuser#vm"
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\xxx/.ssh/id_rsa): C:\publickey\id_rsa.ppk
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\publickey\id_rsa.ppk.
Your public key has been saved in C:\publickey\id_rsa.ppk.pub.
The key fingerprint is:
Has anyone tried this method on windows 10 to generate keys?
You've used ssh-keygen to create a private key file called id_rsa.ppk. However this is an OpenSSH-format private key and needs to be converted to Putty's own format to use in Putty.
Your options are:
Use this key with command-line SSH (it's in the correct format). You can either
specify the file on the command line e.g. ssh -i id_rsa.ppk azureuser#vm
make a folder C:\Users\Aquib\.ssh and move it there as C:\Users\Aquib\.ssh\id_rsa (no extension): ssh will now load this file by default to use for all servers that you try to connect to
if you don't want to use this for all servers, or e.g. if you already have a default id_rsa that you use with git, you can set up a C:\Users\Aquib\.ssh\config file that tells SSH where to find the key and tell it which servers it should use it for.
Convert this file into the right format to use with Putty:
In Puttygen, in the 'Conversions' menu choose 'Import' and load id_rsa.ppk
'Save private key' to a different file
Use this new file with Putty, either on the connection properties menu or run Pageant (the Putty key agent) and 'Add key' the new file. (You can e.g. create a shortcut to pageant in your Startup menu and give it the key file name as a commandline parameter so this is loaded automatically for you.)
For Linux (for example Ubuntu) you can install the command line puttygen like this:
# sudo apt install putty-tools
... and generate from your local ssh-key id_rsa to putty version id_rsa.ppk like this:
# puttygen id_rsa -O private -o id_rsa.ppk
In my Mac book pro with OS Majave, I used SSH-KEYGEN generate a new SSH key for node.js module SSH2. However, I got error message: Cannot parse privateKey: Unsupported key format
I validated the key with ssh command, it just works fine. But not with the node.js module SSH2.
In the private key file, the header is
-----BEGIN OPENSSH PRIVATE KEY----- while the end is -----END OPENSSH PRIVATE KEY-----.
I checked module ssh2-streams keyParser.js. The regexp pattern RE_HEADER_OPENSSH_PRIV does not include my header. Can anyone help?
Had the same problem, found the solution here.
basically use the PEM option when you create your key:
ssh-keygen -m PEM -t rsa
You could also convert your existing key, rather than create a new one (make sure you back it up before you run the following command as it will overwrite your original one):
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
(Original answer from https://serverfault.com/a/950686)
I created a new EC2 Amazon Linux instance. I want to allow a developer to SSH into the EC2 instance. To test this, I'm trying it from my windows computer. I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating.
I'm following the instructions here as reference
and here
After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions.
[ec2-user ~]$ sudo adduser newuser
[ec2-user ~]$ sudo su - newuser
[newuser ~]$ mkdir .ssh
[newuser ~]$ touch .ssh/authorized_keys
[newuser ~]$ chmod 600 .ssh/authorized_keys
[newuser ~]$ vim .ssh/authorized_keys
Then I paste a public key into authorized_keys using vim. I will explain where I get the public key in the next step.
ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....
To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key"
I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". Then I pasted that into the .ssh/authorized_keys file on my EC2 instance in the newuser directory.
I log out of the SSH client on EC2. Then I try to login with Putty using the newly created private key on my windows machine. I use the newuser login name. I get this error in Putty: server refused our key. There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey)
What am I doing wrong in these steps?
I did two things different and it works now. It's probably the number of bits that made it work.
I generated a new key pair using PuttyGen but I specified SSH-2 RSA with 1024 bits instead of the default that PuttyGen was putting in which was like 2048.
When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim.
Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. It the import works, then it is good, otherwise, regen a compliance keypair. If you simply copy a keypair that is not compliance , you will run into trouble.
Here is the document for import key pair
OpenSSH public key format (the format in ~/.ssh/authorized_keys)
Base64 encoded DER format SSH public key file format as specified in
RFC4716 DSA keys are not supported. Make sure your key generator is
set up to create RSA keys.
Supported lengths: 1024, 2048, and 4096.
I try to use ssh to login in the Openstack server built for the class. I download the .pem key from server. By putty, I login successfully with .ppk key (generate .ppk key by .pem using putty keygen). But it's not work on ssh. Is there something I missed?
My command
ssh -l ubuntu -i ~/.ssh/xxx.pem xxx.edu -p 18922
Error msg
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
(xxx).
Please contact your system administrator.
Add correct host key in /Users/xxx/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/xxx/.ssh/known_hosts:2
RSA host key for [xxx.edu]:18922 has changed and you have requested strict checking.
Host key verification failed.
Thanks for Anil Vishnoi's comment!
Remove
/Users/xxx/.ssh/known_hosts
and use my original command by passing pem key
ssh -l ubuntu -i ~/.ssh/xxx.pem xxx.edu -p 18922
I can ssh to Openstack server directly.
I'm connecting to a server whos cert is signed by my own CA, the ca's cert had installed into system's keychain.
connecting with openssl s_client -connect some.where says Verify return code: 0 (ok)
but i cant connect with nodejs's tls/https module, which fails with
Error: SELF_SIGNED_CERT_IN_CHAIN
but connecting to a normal server (i.e google.com:443) works fine.
seems that nodejs's openssl is not sharing same keychain with system's openssl.
but I cannt find where is it. i tried overide with SSL_CERT_DIR but not seemed working.
BTW: i can bypass the server verifying by setting NODE_TLS_REJECT_UNAUTHORIZED=0 , but that's not pretty enough ;)
Im using OSX 10.8.3 with OpenSSL 0.9.8r, node v0.9.8
The default root certificates are static and compiled into the node binary.
https://github.com/nodejs/node/blob/v4.2.0/src/node_root_certs.h
You can make node use the system's OpenSSL certificates. This is done by starting node via:
node --use-openssl-ca
See the docs for further information.
See this answer on how system certificates are extended for Debian and Ubuntu
If you're using the tls module (and it seems like you are) with tls.connect you can pass a ca param in the options that is an array of strings or buffers of certificates you want to trust.