I've been using Puttygen to generate SSH Key pair for Azure Linux VM.
recently i found openssh is available on Windows 10 and i can use "ssh-keygen" command on Windows 10 CMD and generate Private and Public Key.
I've tried this but with unsuccessful attempt.
As per the article click here ask us to use below command and it completes successfully. It exports private and public key in a location. But when i load the private key in putty and connect to my server it throws error
Unable to use key file "C:\publickey\id_rsa.ppk" (OpenSSH SSH-2 private key (old PEM format))
login as:
Below is the command which i used to generate key pairs on windows 10
C:\Users\xxx>ssh-keygen -t rsa -b 2048 -C "azureuser#vm"
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\xxx/.ssh/id_rsa): C:\publickey\id_rsa.ppk
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\publickey\id_rsa.ppk.
Your public key has been saved in C:\publickey\id_rsa.ppk.pub.
The key fingerprint is:
Has anyone tried this method on windows 10 to generate keys?
You've used ssh-keygen to create a private key file called id_rsa.ppk. However this is an OpenSSH-format private key and needs to be converted to Putty's own format to use in Putty.
Your options are:
Use this key with command-line SSH (it's in the correct format). You can either
specify the file on the command line e.g. ssh -i id_rsa.ppk azureuser#vm
make a folder C:\Users\Aquib\.ssh and move it there as C:\Users\Aquib\.ssh\id_rsa (no extension): ssh will now load this file by default to use for all servers that you try to connect to
if you don't want to use this for all servers, or e.g. if you already have a default id_rsa that you use with git, you can set up a C:\Users\Aquib\.ssh\config file that tells SSH where to find the key and tell it which servers it should use it for.
Convert this file into the right format to use with Putty:
In Puttygen, in the 'Conversions' menu choose 'Import' and load id_rsa.ppk
'Save private key' to a different file
Use this new file with Putty, either on the connection properties menu or run Pageant (the Putty key agent) and 'Add key' the new file. (You can e.g. create a shortcut to pageant in your Startup menu and give it the key file name as a commandline parameter so this is loaded automatically for you.)
For Linux (for example Ubuntu) you can install the command line puttygen like this:
# sudo apt install putty-tools
... and generate from your local ssh-key id_rsa to putty version id_rsa.ppk like this:
# puttygen id_rsa -O private -o id_rsa.ppk
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
The community is reviewing whether to reopen this question as of yesterday.
Improve this question
I am having a really hard time getting my SSH keys up and running after installing Windows 10. Normal method is create it and throw it in the user's account under .ssh. But this folder does not appear to be available in Windows 10.
I need to have 3 SSH keys for different repos.
Open the windows command line (type "cmd" on the search box and hit enter).
It'll default to your home folder, so you don't need to cd to a different one.
Type ssh-keygen(if not found, check here)
Leave the first parameter empty(default), enter a password if you like, or leave it empty
Your ssh keys should be stored at chosed directory, the default is: /c/Users/YourUserName/.ssh/id_rsa.pub
p.s.: If you installed git with bash integration (like me) open "Git Bash" instead of "cmd" on first step
2019-04-07 UPDATE:
I tested today with a new version of windows 10 (build 1809, "2018 October's update") and not only the open SSH client is no longer in beta, as it is already installed. So, all you need to do is create the key and set your client to use open SSH instead of putty(pagent):
open command prompt (cmd)
enter ssh-keygenand press enter
press enter to all settings. now your key is saved in c:\Users\.ssh\id_rsa.pub
Open your git client and set it to use open SSH
I tested on Git Extensions and Source Tree and it worked with my personal repo in GitHub.
If you are in an earlier windows version or prefer a graphical client for SSH, please read below.
2018-06-04 UDPATE:
On windows 10, starting with version 1709 (win+R and type winver to find the build number), Microsoft is releasing a beta of the OpenSSH client and server.
To be able to create a key, you'll need to install the OpenSSH server. To do this follow these steps:
open the start menu
Type "optional feature"
select "Add an optional feature"
Click "Add a feature"
Install "Open SSH Client"
Restart the computer
Now you can open a prompt and ssh-keygen and the client will be recognized by windows. I have not tested this.
If you do not have windows 10 or do not want to use the beta, follow the instructions below on how to use putty.
ssh-keygen does not come installed with windows. Here's how to create an ssh key with Putty:
Install putty
Open PuttyGen
Check the Type of key and number of bytes to use
Move the mouse over the progress bar
Now you can define a passphrase and save the public and private keys
For openssh keys, a few more steps are required:
copy the text from "Public key for pasting" textbox and save it as "id_rsa.pub"
To save the private key in the openssh format, go to Conversions->Export OpenSSH key ( if you did not define a passkey it will ask you to confirm that you do not want a pass key)
Save it as "id_rsa"
Now that the keys are saved. Start pagent and add the private key there ( the ppk file in Putty's format)
Remember that pagent must be running for the authentication to work
WINDOWS:
If you have git for windows installed go to its folder.
Look in the bin directory. There is a sh.exe file. Run that.
Then type:
ssh-keygen -t rsa -C "your email here"
Follow through instructions and then type:
cat ~/.ssh/id_rsa.pub | clip
It copies the key to your clipboard.
Now you can paste that public key to the server side.
Open the windows command line (type "cmd" on the search box and hit enter).
It'll default to your home folder, so you don't need to cd to a different one.
Type mkdir .ssh
Warning: If you are saving your keys under C:/User/username/.ssh ( the default place), make sure to back up your keys somewhere (eg your password manager).
After the most recent Windows 10 Update (version 1607), my .ssh folder was empty. This is where my keys have always been, but Windows decided to delete them when updating.
Thankfully I had backed up my keys... But... I bet some people will be reverting their PC's today.
I'm running Microsoft Windows 10 Pro, Version 10.0.17763 Build 17763, and I see my .ssh folder easily at C:\Users\jrosario\.ssh without having to edit permissions or anything (though in File Explorer, I did select "Show hidden files, folders and drives"):
The keys are stored in a text file named known_hosts, which looks roughly like this:
I found a notable exception that in Windows 10, using the described route only wrote the files to the folder if the file names where not specified in the ssh-keygen generator.
giving a custom key name caused the files containing the RSA public and private keys not to be written to the folder.
Open the windows command line
Type ssh-keygen
Leave file name blank, just press return,
Set your passphrase
Generate your key files. They will now exist. and be stored in c:/Users/YourUserName/.ssh/
(using Admin Command Line and Windows 10 Pro)
Create private/public key:
Open up terminal (git bash, PowerShell, cmd.exe etc.)
Type in ssh-keygen
Press enter for default file save (~/.ssh/id_rsa)
Press enter for default passphrase (no passphrase)
Press enter again
Look at the output and make sure that the RSA is 3072 or above
You have now created a private/public key pair.
For GIT the key must have a strength of 2048, must be located in the users .ssh directory and be called id_rsa and id_rsa.pub. When pasting the keys anywhere make sure to use a program that does not add new lines like VIM.
Also, you can try (for Windows 10 Pro)
Run Powershell as administrator and type ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
Also, you can try to run ssh-keygen from Git Bash terminal
If you have Windows 10 with the OpenSSH client you may be able to generate the key, but you will have trouble copying it to the target Linux box as the ssh-copy-id command is not part of the client toolset.
Having has this problem I wrote a small PowerShell function to address this, that you add to your profile.
function ssh-copy-id([string]$userAtMachine, [string]$port = 22) {
# Get the generated public key
$key = "$ENV:USERPROFILE" + "/.ssh/id_rsa.pub"
# Verify that it exists
if (!(Test-Path "$key")) {
# Alert user
Write-Error "ERROR: '$key' does not exist!"
}
else {
# Copy the public key across
& cat "$key" | ssh $userAtMachine -p $port "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys || exit 1"
}
}
You can get the gist here
I have a brief write up about it here
All these answers generate default keys that are not secure enough. This answer suggests ONE (1 of MANY) ways to generate SAFE keys. I would rather use my answer over other answers on this page ... by far...
ssh-keygen -t rsa -b 4096
I finally got it to work by running opening command line with "Run a Administrator" even though I was already admin and could create directory manually
I created a new EC2 Amazon Linux instance. I want to allow a developer to SSH into the EC2 instance. To test this, I'm trying it from my windows computer. I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating.
I'm following the instructions here as reference
and here
After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions.
[ec2-user ~]$ sudo adduser newuser
[ec2-user ~]$ sudo su - newuser
[newuser ~]$ mkdir .ssh
[newuser ~]$ touch .ssh/authorized_keys
[newuser ~]$ chmod 600 .ssh/authorized_keys
[newuser ~]$ vim .ssh/authorized_keys
Then I paste a public key into authorized_keys using vim. I will explain where I get the public key in the next step.
ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....
To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key"
I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". Then I pasted that into the .ssh/authorized_keys file on my EC2 instance in the newuser directory.
I log out of the SSH client on EC2. Then I try to login with Putty using the newly created private key on my windows machine. I use the newuser login name. I get this error in Putty: server refused our key. There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey)
What am I doing wrong in these steps?
I did two things different and it works now. It's probably the number of bits that made it work.
I generated a new key pair using PuttyGen but I specified SSH-2 RSA with 1024 bits instead of the default that PuttyGen was putting in which was like 2048.
When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim.
Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. It the import works, then it is good, otherwise, regen a compliance keypair. If you simply copy a keypair that is not compliance , you will run into trouble.
Here is the document for import key pair
OpenSSH public key format (the format in ~/.ssh/authorized_keys)
Base64 encoded DER format SSH public key file format as specified in
RFC4716 DSA keys are not supported. Make sure your key generator is
set up to create RSA keys.
Supported lengths: 1024, 2048, and 4096.
My main development box uses Linux Mint.
When I am physically at the computer I can do remote operations like git fetch with no problem.
The user I log-in as is "jonbri".
> whoami
jonbri
In ~/.ssh (/home/jonbri/.ssh) is my private key (/home/jonbri/.ssh/jonbri) and public key (/home/jonbri/.ssh/jonbri.pub).
But when I am at another computer, for example another Linux Mint computer, and on the command-line I open a ssh remote shell to my main computer, when I try operations such as git fetch, it looks like the keys in ~/.ssh are not being picked up.
Here's what I see (with pwd being the root of the git repo):
> git fetch
Password:
Then, even no matter which password I enter it doesn't work.
To enable the ability to open a remote ssh shell I used apt-get to install open-ssh-server and open-ssh-client.
Any ideas why my keys aren't being picked up when inside a remote ssh shell.
SSH is likely expecting the standard names of id_dsa for your private key and id_dsa.pub for your public key.
From the github documentation:
Check the directory listing to see if you already have a public SSH key.
The default public key file names are:
id_dsa.pub
id_ecdsa.pub
id_ed25519.pub
id_rsa.pub
I created a new keypair and downloaded it to my mac, then set up a new Amazon Linux AMI server with that keypair and my security group. Now I need to put the keypair .pem file that I downloaded in a .ssh file in my users folder? I am unable to create a folder called ".ssh" however because of the name.
Where do I put the keypair on my mac? and what chmods or other commands are then needed to connect to the server from my linux bash? I know "ssh my public DNS" but what other permissions or anything else should I be aware of? Its a newbie question. Thanks.
You'll want to put the keypair in {your home directory}/.ssh . If that folder doesn't exist, create it. Once you put the keypair in there you have to change the permissions on the file so only your user can read it.
Launch the terminal and type
chmod 600 $HOME/.ssh/<your keypair file>
That limits access to the file, and then to limit access to the folder type
chmod 700 $HOME/.ssh
You have to limit the access because the OpenSSH protocol won't let you use a key that other's can view.
Then to log into your instance, from the terminal you would enter
ssh -i <your home directory>/.ssh/<your keypair file> ec2-user#<ec2 hostname>
you can also create a file ~/.ssh/config
chmod it 644
then inside you can add something like this
host mybox-root
Hostname [the IP or dns name]
User root
IdentityFile ~/.ssh/[your keypair here]
then you can just do
$ ssh mybox-root
and you'll login easier.
You can use Java MindTerm to connect to your EC2 server in Macbook pro. It works for me. here are the more details and step by step instruction.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
http://www.openssh.com/ is the suggested one on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-connect-to-instance-linux.html#using-ssh-client (option 3)
Someone was asking on Mac's an easy way to create the ~/.ssh folder would be by running command ssh-keygen, then use following setup ...
A.
macbook-air$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/sam/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/sam/.ssh/id_rsa.
Your public key has been saved in /Users/sam/.ssh/id_rsa.pub.
B. Then create:
touch ~/.ssh/authorized_keys
C. Fix the permissions:
chmod 600 ~/.ssh/authorized_keys
D. Copy AWS Key to that file:
cp AWS_key.text ~sam/.ssh/authorized_keys
#You would have saved this SSH key earlier when creating the EC2 instance
E. Then test the ssh to AWS Linux server - you will see this error:
ssh -i ./authorized_keys root#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
Please login as the user "ec2-user" rather than the user "root".
F. Re-try that and it should work with allowed AWS user "ec2-user":
ssh -i ./authorized_keys ec2-user#ec2-54-76-176-29.ap-southeast-2.compute.amazonaws.com
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2014.09-release-notes/
9 package(s) needed for security, out of 12 available
Run "sudo yum update" to apply all updates.
Hope this helps, all the best.