I have a Windows Server 2019 that runs an OpenSSH server. I need to change the OpenSSH default host key type from ECDSA to RSA.
I tried to do:
Generated a new RSA key.
ssh-keygen -t rsa
Copy the id_rsa to authorized_keys
Get-Content "C:\Users\user.ssh\id_rsa.pub" | Out-File $env:USERPROFILE.ssh\authorized_keys -Encoding ascii
Restart the service
Restart-Service sshd
But it doesn't work. I appreciate some help :)
Related
(I am using MAC)
My id_rsa starts with
-----BEGIN OPENSSH PRIVATE KEY-----
but I expect it to starts with
-----BEGIN RSA PRIVATE KEY-----
I have send my id_rsa.pub to server administrator to get the access to server, so I don't want to generate a new key.
Is there any way that I can transfer my id_rsa which is a openssh private key to a RSA private key? (command please.)
If I can transfer, do I also need to transfer id_rsa.pub? (command please.) It seems id_rsa.pub doesn't have a header like id_rsa, so I am not sure if I should also transfer this.
You have an OpenSSH format key and want a PEM format key. It is not intuitive to me, but the suggested way to convert is by changing the password for the key and writing it in a different format at the same time.
The command looks like this:
ssh-keygen -p -N "" -m pem -f /path/to/key
It will change the file in place, so make a backup of your current key just in case. -N "" will set the passphrase as none. I haven't tested this with a passphrase.
The public key should be fine as is.
For full explanation of the above command, see the -m option here: https://man.openbsd.org/ssh-keygen#m
Here's what worked for me for an in-place conversion of a key with a passphrase:
ssh-keygen -p -P "old passphrase" -N "new passphrase" -m pem -f path/to/key
Install and open puttygen
Click on "Load an existing private key file"
Click on menu item "Conversions" -> "Export OpenSSH key"
Save file
You can achieve this easily if you can get your hands on a linux system. I am using ubuntu 18.04 and did the following:
update packages: sudo apt update
install putty: sudo apt install putty
install puttygen: sudo apt install putty-tools
convert the private key to the intermediate format SSHv2: puttygen yourkey -O private-sshcom -o newkey
convert it back to RSA/PEM: ssh-keygen -i -f newkey > newkey_in_right_format
And you are good to go
Some of the answers above didn't work and I actually ran into yet another problem when trying to create a RSA private key from the OpenSSH private key using ssh-keygen command: unsupported cipher 3des-cbc. A helpful gist for that problem can be found here: https://gist.github.com/twelve17/0449491d86158960fdb630160799ff23.
The following command worked for me to create a valid and working RSA private key from a (Putty on Windows generated) OpenSSH key using:
$ sudo apt install putty-tools
$ puttygen existing_key.ppk -o id_rsa -O private-openssh
# enter passphrase if needed
I generated my key pair on a new computer that I'm setting up for my development environment. I am already using my id_rsa.pub key in several places and don't wish to change it. When generating the key, I entered a passphrase and confirmed it. I believe this means that I must enter the passphrase every time my key is used or accessed, such as during ssh into a server or doing a git push to GitHub. I forgot that I could have just hit the enter key and skipped entering a password during generation.
What I want to know is if I can remove the passphrase so that it is as if I had just used the enter key when I was generating it or so that I can use the same key pair without having to use a passphrase. Thanks!
I found what I needed here:
http://www.thinkplexx.com/learn/howto/security/ssl/remove-passphrase-password-from-private-rsa-key
SSH into a host that has your public key: ssh my_user#myhost
At the password prompt, openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa_new
Enter old passphrase
Back up and replace private ssh key:
cp ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
rm ~/.ssh/id_rsa
cp ~/.ssh/id_rsa_new ~/.ssh/id_rsa
Set key permissions: chmod 400 ~/.ssh/id_rsa
Test it by logging in to the remote again.
ssh localhost
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
i followed all above steps in my teminal for disable the password to start the hadoop services ($start-all.sh) but it is still asking for password please anyone help me to disable password..
Please refer the below link to setup password less ssh it has a best example to get more clarity on ssh setup
https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/
Hope this Helps!!!..
I had a world of problems with permissions and the .ssh directory.
I think the permissions had to be 600 too but I can't remember exactly.
Good luck
If you are doing a multi-node setup, all the nodes must be able to communicate with one another without password. On each node, you generate SSH keys. For example using this command :
ssh-keygen -t rsa -b 4096 -C someemail#.example.com
Then you replicate the keys to all the nodes :
ssh-copy-id hadoop#master
ssh-copy-id hadoop#slave-01
ssh-copy-id hadoop#slave-02
etc.
This needs to be done on each node (every node should have all the keys).
Hope this help !
It worked for me.
Use ssh-keygen on local server to generate public and private keys.
$ssh-keygenEnter passphrase (empty for no passphrase):
Enter same passphrase again:
the ssh-copy-id copies public key to the remote host
ssh-copy-id copies public key to remote host
Use ssh-copy-id, to copy the public key to the remote host
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.200.10
Perform rsync/SCP over ssh without password**
Now, you should be able to ssh to the remote host without entering the password.
ssh 192.168.200.10
Perform the rsync again, it should not ask you to enter any password this time
rsync -avz -e ssh /home/Sangita/ sangita#192.168.200.10:/backup/Sangita/
or
scp /home/Sangita/ sangita#192.168.200.10:/backup/Sangita
I have generated my keys using PuttyGen but need to be able to specify exactly the email address used with the following command but this doesn't work as I get an 'is not recognized as an internal or external command error'
ssh-keygen -t rsa -C "joebloggs#mycompany.com"
Can anyone assist in running this command on Windows 10?
You can use PuTTYgen to generate a key with those settings.
For the key type -t rsa you have to select SSH-2 RSA
and for the email / comment -C "joebloggs#mycompany.com" you have to set the Key comment field to joebloggs#mycompany.com
After clicking Generate your can get your public key from the Public key for pasting into OpenSSH authorized_keys file field (this is the same as id_rsa.pub when generated with ssh-keygen)
If you also need the private key to be saved in OpenSSH format just go to Conversions > Export OpenSSH key (this is the same as id_rsa when generated with ssh-keygen)
I have a .ppk file. I put it to the .ssh folder, but when I try to clone, the server prompts for a password.
I did it on OS X. I convert .ppk to .pem. The result was the same. After that I generate key on my machine. Public key was added to the server. Nothing has changed.
I used command: hg clone ssh://user#hostname localpackage
~/.ssh/config:
Host shortname
Hostname hostname
User username
IdentityFile ~/.ssh/keyname
You need to convert the key into the openSSH format to work with ssh. The PKK format is format for PuTTY.
Use PuTTYgen to convert to openSSH format:
puttygen ~/.ssh/keyname -O private-openssh -o ~/.ssh/id_rsa
You need to install putty before:
sudo port install putty
Source Ubuntu | Source SO