SFTP RSA authentication in Azure VM - linux

Requirement- Connecting SFTP server from local windows machines using WinSCP with keys
Technical- I have Azure VM(Windows 2012 server R2) in which Cygwin64 is installed for SFTP.
I want to connect SFTP server using RSA authentication i.e using keys.
I have edited the sshd_config file for RSA authentication. In cygwin64 folder I have also created .ssh folder and under that Authorized_keys file.
From local machine using putty I have generated Public and private keys and this public key I have entered in Authorized keys file but when I am trying to connect with that Private key it is saying "Server refused our key"

I have entered in Authorized keys file but when I am trying to connect
with that Private key it is saying "Server refused our key"
If you see this type of message, the first thing you should do is check your server configuration carefully. Common errors include having the wrong permissions or ownership set on the public key or the user’s home directory on the server.
Maybe you can follow those steps to setup CYGWIN authenticate with private key:
1.Install GYCWIN (OpenSSH and cygrunsrv)
2.configure sshd use this command ssh-host-config -y
3.Start SSHD service with this command cygrunsrv --start sshd
4.Add your public key to authorized_keys(we can copy public Key to this file):
jason#jasonvm ~/.ssh
$ ls -a
. .. authorized_keys id_rsa id_rsa.pub id_rsa1 known_hosts
$ cat authorized_keys
ssh-rsa AAAAB3Nxxx.......xxxxzaAVbeVFw==
jason#jasonvm ~/.ssh
$ pwd
/home/jason/.ssh
By the way, if you can't find this directory, you can use ssh-keygen.exe command to create this directory /home/user/.ssh, if you can't find this file authorized_keys, we should create it, and run this command chmod 600 authorized_keys
Afther that, we can use other Linux VM to SSH or SFTP this VM(we should open port 22 on Azure NSG inbound rules).
If you want to use winscp to login this VM, we should convert private key to .ppk. In this way, we can use this key to login this SFTP.
Note:
we can use winscp to convert .key to .ppk.
For test, you may try to use Putty to login azure vm with your private key, to make sure you are using the right private key and public key.
Update:
We can add open ssh and sftp like this:

Related

Permission denied lost connection

I have created a simple VM in azure in which I will have to host a very simple server written in C.
To send the folder hosted on my computer containing the server to the virtual machine, I use the command from powershell:
scp -r <path_to_key.pem> <path_to_folder_on_my_pc> <azureuser#ip:/home/azureuser/>
The result of this command is
azureuser#ip: Permission denied (publickey).
lost connection
Would anyone who has had this problem have a solution ?
You need to copy your private key to the ~/.ssh/ directory on the host from which you want to transfer the file. Once you have done that, you can use the following command:
scp -i ~/.ssh/<name of your key>.pem <path of file to transfer> user#azureip:<target directory>
So for example you want to transfer file.txt to your Azure VM (IP of 10.10.10.10) with the private key named key.pem
scp -i ~/.ssh/key.pem file.txt user#10.10.10.10:/home/user/
To pull a file from your Azure VM to your local host, you reverse the order of the file to get and user#azureip.
scp -i ~/.ssh/key.pem user#10.10.10.10:/home/user/file.txt /home/user/
This problem may cause in your public key. please Ensure that the public key is also present in your home directory when you create the Azure Virtual machine with a public key. Meaning The public key was kept on your both local computer and virtual machine Then, with the permission accept from your local workstation, you can use ssh into your Azure Virtual Machine using the public key.
Reference: linux - Can't scp to Azure's VM - by ale93p
Suppose if you want to use the private key in the SCP then you will have to use the below command to copy files from the local system to the Azure VM
sudo scp -i ~/.ssh/id_rsa /path/cert.pem azureuser#ip.xxx.xxx.xxx:/home/file/user/local
Make sure that the Azure VM's incoming NSG rule has port 22 opened and by default VM'S page is reachable through port 80/443 over public IP address.
For more information in detail, please refer this link:
Use SSH keys to connect to Linux VMs - Azure Virtual Machines | Microsoft Docs
Use SCP to move files to and from a VM - Azure Virtual Machines | Microsoft Docs

Allowing users to SSH into EC2 Linux Instance with key pairs

I created a new EC2 Amazon Linux instance. I want to allow a developer to SSH into the EC2 instance. To test this, I'm trying it from my windows computer. I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating.
I'm following the instructions here as reference
and here
After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions.
[ec2-user ~]$ sudo adduser newuser
[ec2-user ~]$ sudo su - newuser
[newuser ~]$ mkdir .ssh
[newuser ~]$ touch .ssh/authorized_keys
[newuser ~]$ chmod 600 .ssh/authorized_keys
[newuser ~]$ vim .ssh/authorized_keys
Then I paste a public key into authorized_keys using vim. I will explain where I get the public key in the next step.
ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....
To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key"
I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". Then I pasted that into the .ssh/authorized_keys file on my EC2 instance in the newuser directory.
I log out of the SSH client on EC2. Then I try to login with Putty using the newly created private key on my windows machine. I use the newuser login name. I get this error in Putty: server refused our key. There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey)
What am I doing wrong in these steps?
I did two things different and it works now. It's probably the number of bits that made it work.
I generated a new key pair using PuttyGen but I specified SSH-2 RSA with 1024 bits instead of the default that PuttyGen was putting in which was like 2048.
When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim.
Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. It the import works, then it is good, otherwise, regen a compliance keypair. If you simply copy a keypair that is not compliance , you will run into trouble.
Here is the document for import key pair
OpenSSH public key format (the format in ~/.ssh/authorized_keys)
Base64 encoded DER format SSH public key file format as specified in
RFC4716 DSA keys are not supported. Make sure your key generator is
set up to create RSA keys.
Supported lengths: 1024, 2048, and 4096.

Define a set keyfile for Ubuntu to use when SSHing into a server

I have two Amazon EC2 Ubuntu instances. When I connect to one of them, I can do
ssh ubuntu#54.123.4.56
and the shell uses the correct keyfile from my ~/.ssh directory.
I just set up a new instance, and I'm trying to figure out how to replicate that behavior for this new one. It's a minor thing, just driving me nuts. When I log in with:
ssh -i ~/.ssh/mykey.pem ubuntu#54.987.6.54
it works fine, but with just
ssh ubuntu#54.987.6.54
I get:
Permission denied (publickey).
I have no idea how I managed to get it to work this way for the first server, but I'd like to be able to run ssh into the second server without the "-i abc.pem" argument. Permissions are 600:
-r-------- 1 mdexter mdexter 1692 Nov 11 20:40 abc.pem
What I have tried: I copied the public key from authorized_keys on the remote server and pasted it to authorized_keys on the local server, with mdexter#172.12.34.56 (private key) because I thought that might be what created the association in the shell between that key and that server for the shell.
The only difference I can recall between how I set up the two servers is that with the first, I created a .ppk key in PuTTy so that I could connect through FileZilla for SFTP. But I think SSH is still utilizing the .pem given by Amazon.
How can I tell the shell to just know to always use my .pem key for that server when SSHing into that particular IP? It's trivial, but I'm trying to strengthen my (rudimentary) understanding of public/private keys and I'm wondering if this plays into that.
You could solve this in 3 ways:
By placing the contents of your ~/.ssh/mykey.pem into ~/.ssh/id_rsa on the machine where you are ssh'ing into 2nd instance. Make sure you also change the permissions of ~/.ssh/id_rsa to 600.
Using ssh-agent (ssh-agent will manage the keys for you)
Start ssh-agent
eval `ssh-agent -s`
Add the key to ssh-agent using ssh-add
ssh-add mykey.pem
Using ssh-config file:
You could use ssh config file. From the machine where you are trying to ssh, keep the following contents in the ~/.ssh/config file (make sure to give this file 600 permissions):
Host host2
HostName 54.987.6.54
Port 22
User ubuntu
IdentityFile ~/.ssh/mykey.pem
Once you do that now you could access do the ssh like this:
ssh host2
After performing any of the above steps you should be able to ssh into your second instance with out specifying the key path.
Note: The second option requires you to add the key using ssh-add every time you logout and log back in so to make that a permanent injection see this SO question.

Using git over ssh won't pick up private key

My main development box uses Linux Mint.
When I am physically at the computer I can do remote operations like git fetch with no problem.
The user I log-in as is "jonbri".
> whoami
jonbri
In ~/.ssh (/home/jonbri/.ssh) is my private key (/home/jonbri/.ssh/jonbri) and public key (/home/jonbri/.ssh/jonbri.pub).
But when I am at another computer, for example another Linux Mint computer, and on the command-line I open a ssh remote shell to my main computer, when I try operations such as git fetch, it looks like the keys in ~/.ssh are not being picked up.
Here's what I see (with pwd being the root of the git repo):
> git fetch
Password:
Then, even no matter which password I enter it doesn't work.
To enable the ability to open a remote ssh shell I used apt-get to install open-ssh-server and open-ssh-client.
Any ideas why my keys aren't being picked up when inside a remote ssh shell.
SSH is likely expecting the standard names of id_dsa for your private key and id_dsa.pub for your public key.
From the github documentation:
Check the directory listing to see if you already have a public SSH key.
The default public key file names are:
id_dsa.pub
id_ecdsa.pub
id_ed25519.pub
id_rsa.pub

connecting to amazon aws linux server by ssh on mac

I created a new keypair and downloaded it to my mac, then set up a new Amazon Linux AMI server with that keypair and my security group. Now I need to put the keypair .pem file that I downloaded in a .ssh file in my users folder? I am unable to create a folder called ".ssh" however because of the name.
Where do I put the keypair on my mac? and what chmods or other commands are then needed to connect to the server from my linux bash? I know "ssh my public DNS" but what other permissions or anything else should I be aware of? Its a newbie question. Thanks.
You'll want to put the keypair in {your home directory}/.ssh . If that folder doesn't exist, create it. Once you put the keypair in there you have to change the permissions on the file so only your user can read it.
Launch the terminal and type
chmod 600 $HOME/.ssh/<your keypair file>
That limits access to the file, and then to limit access to the folder type
chmod 700 $HOME/.ssh
You have to limit the access because the OpenSSH protocol won't let you use a key that other's can view.
Then to log into your instance, from the terminal you would enter
ssh -i <your home directory>/.ssh/<your keypair file> ec2-user#<ec2 hostname>
you can also create a file ~/.ssh/config
chmod it 644
then inside you can add something like this
host mybox-root
Hostname [the IP or dns name]
User root
IdentityFile ~/.ssh/[your keypair here]
then you can just do
$ ssh mybox-root
and you'll login easier.
You can use Java MindTerm to connect to your EC2 server in Macbook pro. It works for me. here are the more details and step by step instruction.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
http://www.openssh.com/ is the suggested one on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-connect-to-instance-linux.html#using-ssh-client (option 3)
Someone was asking on Mac's an easy way to create the ~/.ssh folder would be by running command ssh-keygen, then use following setup ...
A.
macbook-air$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/sam/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/sam/.ssh/id_rsa.
Your public key has been saved in /Users/sam/.ssh/id_rsa.pub.
B. Then create:
touch ~/.ssh/authorized_keys
C. Fix the permissions:
chmod 600 ~/.ssh/authorized_keys
D. Copy AWS Key to that file:
cp AWS_key.text ~sam/.ssh/authorized_keys
#You would have saved this SSH key earlier when creating the EC2 instance
E. Then test the ssh to AWS Linux server - you will see this error:
ssh -i ./authorized_keys root#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
Please login as the user "ec2-user" rather than the user "root".
F. Re-try that and it should work with allowed AWS user "ec2-user":
ssh -i ./authorized_keys ec2-user#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2014.09-release-notes/
9 package(s) needed for security, out of 12 available
Run "sudo yum update" to apply all updates.
Hope this helps, all the best.

Resources