Generate new ssh keys in Windows 10 / 11 [closed] - windows-10

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
The community is reviewing whether to reopen this question as of yesterday.
Improve this question
I am having a really hard time getting my SSH keys up and running after installing Windows 10. Normal method is create it and throw it in the user's account under .ssh. But this folder does not appear to be available in Windows 10.
I need to have 3 SSH keys for different repos.

Open the windows command line (type "cmd" on the search box and hit enter).
It'll default to your home folder, so you don't need to cd to a different one.
Type ssh-keygen(if not found, check here)
Leave the first parameter empty(default), enter a password if you like, or leave it empty
Your ssh keys should be stored at chosed directory, the default is: /c/Users/YourUserName/.ssh/id_rsa.pub
p.s.: If you installed git with bash integration (like me) open "Git Bash" instead of "cmd" on first step

2019-04-07 UPDATE:
I tested today with a new version of windows 10 (build 1809, "2018 October's update") and not only the open SSH client is no longer in beta, as it is already installed. So, all you need to do is create the key and set your client to use open SSH instead of putty(pagent):
open command prompt (cmd)
enter ssh-keygenand press enter
press enter to all settings. now your key is saved in c:\Users\.ssh\id_rsa.pub
Open your git client and set it to use open SSH
I tested on Git Extensions and Source Tree and it worked with my personal repo in GitHub.
If you are in an earlier windows version or prefer a graphical client for SSH, please read below.
2018-06-04 UDPATE:
On windows 10, starting with version 1709 (win+R and type winver to find the build number), Microsoft is releasing a beta of the OpenSSH client and server.
To be able to create a key, you'll need to install the OpenSSH server. To do this follow these steps:
open the start menu
Type "optional feature"
select "Add an optional feature"
Click "Add a feature"
Install "Open SSH Client"
Restart the computer
Now you can open a prompt and ssh-keygen and the client will be recognized by windows. I have not tested this.
If you do not have windows 10 or do not want to use the beta, follow the instructions below on how to use putty.
ssh-keygen does not come installed with windows. Here's how to create an ssh key with Putty:
Install putty
Open PuttyGen
Check the Type of key and number of bytes to use
Move the mouse over the progress bar
Now you can define a passphrase and save the public and private keys
For openssh keys, a few more steps are required:
copy the text from "Public key for pasting" textbox and save it as "id_rsa.pub"
To save the private key in the openssh format, go to Conversions->Export OpenSSH key ( if you did not define a passkey it will ask you to confirm that you do not want a pass key)
Save it as "id_rsa"
Now that the keys are saved. Start pagent and add the private key there ( the ppk file in Putty's format)
Remember that pagent must be running for the authentication to work

WINDOWS:
If you have git for windows installed go to its folder.
Look in the bin directory. There is a sh.exe file. Run that.
Then type:
ssh-keygen -t rsa -C "your email here"
Follow through instructions and then type:
cat ~/.ssh/id_rsa.pub | clip
It copies the key to your clipboard.
Now you can paste that public key to the server side.

Open the windows command line (type "cmd" on the search box and hit enter).
It'll default to your home folder, so you don't need to cd to a different one.
Type mkdir .ssh

Warning: If you are saving your keys under C:/User/username/.ssh ( the default place), make sure to back up your keys somewhere (eg your password manager).
After the most recent Windows 10 Update (version 1607), my .ssh folder was empty. This is where my keys have always been, but Windows decided to delete them when updating.
Thankfully I had backed up my keys... But... I bet some people will be reverting their PC's today.

I'm running Microsoft Windows 10 Pro, Version 10.0.17763 Build 17763, and I see my .ssh folder easily at C:\Users\jrosario\.ssh without having to edit permissions or anything (though in File Explorer, I did select "Show hidden files, folders and drives"):
The keys are stored in a text file named known_hosts, which looks roughly like this:

I found a notable exception that in Windows 10, using the described route only wrote the files to the folder if the file names where not specified in the ssh-keygen generator.
giving a custom key name caused the files containing the RSA public and private keys not to be written to the folder.
Open the windows command line
Type ssh-keygen
Leave file name blank, just press return,
Set your passphrase
Generate your key files. They will now exist. and be stored in c:/Users/YourUserName/.ssh/
(using Admin Command Line and Windows 10 Pro)

Create private/public key:
Open up terminal (git bash, PowerShell, cmd.exe etc.)
Type in ssh-keygen
Press enter for default file save (~/.ssh/id_rsa)
Press enter for default passphrase (no passphrase)
Press enter again
Look at the output and make sure that the RSA is 3072 or above
You have now created a private/public key pair.
For GIT the key must have a strength of 2048, must be located in the users .ssh directory and be called id_rsa and id_rsa.pub. When pasting the keys anywhere make sure to use a program that does not add new lines like VIM.

Also, you can try (for Windows 10 Pro)
Run Powershell as administrator and type ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
Also, you can try to run ssh-keygen from Git Bash terminal

If you have Windows 10 with the OpenSSH client you may be able to generate the key, but you will have trouble copying it to the target Linux box as the ssh-copy-id command is not part of the client toolset.
Having has this problem I wrote a small PowerShell function to address this, that you add to your profile.
function ssh-copy-id([string]$userAtMachine, [string]$port = 22) {
# Get the generated public key
$key = "$ENV:USERPROFILE" + "/.ssh/id_rsa.pub"
# Verify that it exists
if (!(Test-Path "$key")) {
# Alert user
Write-Error "ERROR: '$key' does not exist!"
}
else {
# Copy the public key across
& cat "$key" | ssh $userAtMachine -p $port "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys || exit 1"
}
}
You can get the gist here
I have a brief write up about it here

All these answers generate default keys that are not secure enough. This answer suggests ONE (1 of MANY) ways to generate SAFE keys. I would rather use my answer over other answers on this page ... by far...
ssh-keygen -t rsa -b 4096

I finally got it to work by running opening command line with "Run a Administrator" even though I was already admin and could create directory manually

Related

OpenSSH SSH-2 private key (old PEM format) on Azure Linux VM

I've been using Puttygen to generate SSH Key pair for Azure Linux VM.
recently i found openssh is available on Windows 10 and i can use "ssh-keygen" command on Windows 10 CMD and generate Private and Public Key.
I've tried this but with unsuccessful attempt.
As per the article click here ask us to use below command and it completes successfully. It exports private and public key in a location. But when i load the private key in putty and connect to my server it throws error
Unable to use key file "C:\publickey\id_rsa.ppk" (OpenSSH SSH-2 private key (old PEM format))
login as:
Below is the command which i used to generate key pairs on windows 10
C:\Users\xxx>ssh-keygen -t rsa -b 2048 -C "azureuser#vm"
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\xxx/.ssh/id_rsa): C:\publickey\id_rsa.ppk
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\publickey\id_rsa.ppk.
Your public key has been saved in C:\publickey\id_rsa.ppk.pub.
The key fingerprint is:
Has anyone tried this method on windows 10 to generate keys?
You've used ssh-keygen to create a private key file called id_rsa.ppk. However this is an OpenSSH-format private key and needs to be converted to Putty's own format to use in Putty.
Your options are:
Use this key with command-line SSH (it's in the correct format). You can either
specify the file on the command line e.g. ssh -i id_rsa.ppk azureuser#vm
make a folder C:\Users\Aquib\.ssh and move it there as C:\Users\Aquib\.ssh\id_rsa (no extension): ssh will now load this file by default to use for all servers that you try to connect to
if you don't want to use this for all servers, or e.g. if you already have a default id_rsa that you use with git, you can set up a C:\Users\Aquib\.ssh\config file that tells SSH where to find the key and tell it which servers it should use it for.
Convert this file into the right format to use with Putty:
In Puttygen, in the 'Conversions' menu choose 'Import' and load id_rsa.ppk
'Save private key' to a different file
Use this new file with Putty, either on the connection properties menu or run Pageant (the Putty key agent) and 'Add key' the new file. (You can e.g. create a shortcut to pageant in your Startup menu and give it the key file name as a commandline parameter so this is loaded automatically for you.)
For Linux (for example Ubuntu) you can install the command line puttygen like this:
# sudo apt install putty-tools
... and generate from your local ssh-key id_rsa to putty version id_rsa.ppk like this:
# puttygen id_rsa -O private -o id_rsa.ppk

Missing files in .ssh directory

I have updated my system with sudo apt-get update.
There was a update of PAM (The Pluggable Authentication Module). I don't remember the message, but there was like a pink screen and I decided to choose no (sorry for that poor explanation).
After that the update continues until something like ssh stop/waiting and then nothing happens. I couldn't cancel this und decided to reboot my Ubuntu Server (14.04 LTS).
After that I cannot connect with a user to this machine with ssh -X user#host. Only the owner can connect. But no other user.
With ssh -v user#host I get the error
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
Then I recognized that there are a lot of missing files in my ~/.ssh/ directory.
There is only the file known_hosts. I think there should be also the files: Readme, authorized_keys, bup, deprec, id_dsa, id_dsa.pub.
Do I have to reinstall ssh?
You do not need to reinstall ssh.
Many of those files are generate as you use ssh and related commands.
The most important files in my experience (which you will generate) are:
authorized_keys: contains public keys which are authorized to connect.
id_dsa and id_dsa.pub (or id_rsa, etc.) are the private key and public key (with .pub suffix) are the keys you offer when attempting a connection. These are generated by executing ssh-keygen.
Also, config is nice to use, but also not necessary. see man ssh_config.
Restoring connections from other machines
It appears you've lost the authorized_keys file you had. If you wish to continue connecting via publickey from other machines, you will need to put the public key from the other machine into your authorized_keys file.
Ensure authorized_keys file exists (if not: touch ~/.ssh/authorized_keys)
Copy the public key (id_rsa.pub for example) from the machine[s] you will be connecting from.
Paste the public key[s] into authorized_keys, one per line.

Using git over ssh won't pick up private key

My main development box uses Linux Mint.
When I am physically at the computer I can do remote operations like git fetch with no problem.
The user I log-in as is "jonbri".
> whoami
jonbri
In ~/.ssh (/home/jonbri/.ssh) is my private key (/home/jonbri/.ssh/jonbri) and public key (/home/jonbri/.ssh/jonbri.pub).
But when I am at another computer, for example another Linux Mint computer, and on the command-line I open a ssh remote shell to my main computer, when I try operations such as git fetch, it looks like the keys in ~/.ssh are not being picked up.
Here's what I see (with pwd being the root of the git repo):
> git fetch
Password:
Then, even no matter which password I enter it doesn't work.
To enable the ability to open a remote ssh shell I used apt-get to install open-ssh-server and open-ssh-client.
Any ideas why my keys aren't being picked up when inside a remote ssh shell.
SSH is likely expecting the standard names of id_dsa for your private key and id_dsa.pub for your public key.
From the github documentation:
Check the directory listing to see if you already have a public SSH key.
The default public key file names are:
id_dsa.pub
id_ecdsa.pub
id_ed25519.pub
id_rsa.pub

connecting to amazon aws linux server by ssh on mac

I created a new keypair and downloaded it to my mac, then set up a new Amazon Linux AMI server with that keypair and my security group. Now I need to put the keypair .pem file that I downloaded in a .ssh file in my users folder? I am unable to create a folder called ".ssh" however because of the name.
Where do I put the keypair on my mac? and what chmods or other commands are then needed to connect to the server from my linux bash? I know "ssh my public DNS" but what other permissions or anything else should I be aware of? Its a newbie question. Thanks.
You'll want to put the keypair in {your home directory}/.ssh . If that folder doesn't exist, create it. Once you put the keypair in there you have to change the permissions on the file so only your user can read it.
Launch the terminal and type
chmod 600 $HOME/.ssh/<your keypair file>
That limits access to the file, and then to limit access to the folder type
chmod 700 $HOME/.ssh
You have to limit the access because the OpenSSH protocol won't let you use a key that other's can view.
Then to log into your instance, from the terminal you would enter
ssh -i <your home directory>/.ssh/<your keypair file> ec2-user#<ec2 hostname>
you can also create a file ~/.ssh/config
chmod it 644
then inside you can add something like this
host mybox-root
Hostname [the IP or dns name]
User root
IdentityFile ~/.ssh/[your keypair here]
then you can just do
$ ssh mybox-root
and you'll login easier.
You can use Java MindTerm to connect to your EC2 server in Macbook pro. It works for me. here are the more details and step by step instruction.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
http://www.openssh.com/ is the suggested one on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-connect-to-instance-linux.html#using-ssh-client (option 3)
Someone was asking on Mac's an easy way to create the ~/.ssh folder would be by running command ssh-keygen, then use following setup ...
A.
macbook-air$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/sam/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/sam/.ssh/id_rsa.
Your public key has been saved in /Users/sam/.ssh/id_rsa.pub.
B. Then create:
touch ~/.ssh/authorized_keys
C. Fix the permissions:
chmod 600 ~/.ssh/authorized_keys
D. Copy AWS Key to that file:
cp AWS_key.text ~sam/.ssh/authorized_keys
#You would have saved this SSH key earlier when creating the EC2 instance
E. Then test the ssh to AWS Linux server - you will see this error:
ssh -i ./authorized_keys root#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
Please login as the user "ec2-user" rather than the user "root".
F. Re-try that and it should work with allowed AWS user "ec2-user":
ssh -i ./authorized_keys ec2-user#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2014.09-release-notes/
9 package(s) needed for security, out of 12 available
Run "sudo yum update" to apply all updates.
Hope this helps, all the best.

Net::SSH2 to ssh from Windows 7 to VMWare Guest CentOS 6.2 not working with Public and Private keys

I am not able to ssh from Windows 7 to VMWare Guest CentOS 6.2
I have Windows 7 64 bit OS on my Laptop. Installed Strawberry Perl 5.16.2 on it. I have also installed VMWare Player and running CentOS 6.2 on it.
Using the articles I found on the net, I have been successfully able to SSH without password from PUTTY to the CentOS 6.2.
I have created user perl514 on CentOS 6.2. Using the script below, if I login using the username and password, everything works.
But it doesn't work with the Public and Private Keys that I created using the SSH KEYGEN Tool that came along with the PUTTY.
Given below is the script:
#!C:\strawberry\perl\bin\perl.exe
use Modern::Perl;
use Net::SSH2;
my $hostname = '192.168.247.128';
my $username = 'perl514';
my $password = 'redhat';
my $ssh2 = Net::SSH2->new();
say "Connecting to $hostname";
$ssh2->connect("$hostname") || die "PROBELM - $!";
#$ssh2->auth_password("$username","$password") || die "Username/Password not #right";#COMMENTED OUT. This Works. Stuff given below does not work.
$ssh2->auth_publickey ("perl514", "C:\\Users\\winuser\\Documents\\perl\\work\\putty_priv.ppk",
"C:\\Users\\winuser\\Documents\\perl\\work\\public.pub") || die "ERROR", $ssh2->error;
my $chan = $ssh2->channel();
$chan->blocking(0);
$chan->exec('ls -la');
while (<$chan>){ print }
I get the following error:
Connecting to 192.168.247.128
ERROR-19LIBSSH2_ERROR_PUBLICKEY_UNVERIFIEDInvalid public key at ssh2.pl line 17.
With the username and password, it works fine. But not with the public and private key.
I am pretty sure I am going wrong somewhere. Kindly help me.
Net::SSH2 expects the key files to be in the OpenSSH format that is different to that used by PuTTY.
You should be able to convert to OpenSSH format using the PuTTY GUI. For instance, see How to convert SSH keypairs generated using PuttyGen(Windows) into key-pairs used by ssh-agent and KeyChain(Linux) .
update:
Detailed conversion steps:
Open PuTTY key generator
Load the private key into it
On the conversions menu, export the private key in OpenSSH format
Select and copy with the mouse the public key for OpenSSH from the box under "Public key for pasting into OpenSSH authorized_keys file" and paste it into a new file with the same name as the one you have given to the private key with ".pub" appended.
Sorry to answer the question rather than commenting, but the comment section doesnt let me put steps one below the other. I checked your link and here is what I understand:
1.Open PuttyGen
2.Click Load
3.Load your private key
4.Go to Conversions->Export OpenSSH and export your private key
The steps above I know are to be run on Windows Box, but what about the steps below? Are they to be run on the CentOS Guest? Not sure if I have to copy the private key created by putty inside the CentOS 6.2 Guest OS. Another problem is the Private Key created by Puttygen has private as well as public key in it.
5.Copy your private key to ~/.ssh/id_dsa (or id_rsa).
6.Create the RFC 4716 version of the public key using ssh-keygen
ssh-keygen -e -f ~/.ssh/id_dsa > ~/.ssh/id_dsa_com.pub
7.Convert the RFC 4716 version of the public key to the OpenSSH format:
ssh-keygen -i -f ~/.ssh/id_dsa_com.pub > ~/.ssh/id_dsa.pub
Reason why I am doing this is, once this test setup works, I will be using similar methods to log into some NAS Arrays (linux based) to run some reports. Hence the questions.
I didn't have ssh server installed on CentOS vm. After installing ssh server it worked.
yum -y install openssh-server openssh-clients

Resources