publics key between windows 2012 server and aix system - openssh

I am have problem with my keys generated in both system Windows server 2012 and Aix version 7.20
The sftp or ssh from windows to aix is working (no password require to connect) but the same sftp or ssh from Aix to Windows prompt me for password. When i ssh_add id_rsa.pub I have this message
Permissions for 'id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
thanks

Related

Using VS Code with native Windows OpenSSH client

I'm trying to pass from Putty/Pagent/plink to Windows OpenSSH native client.
I already managed to do this in TortoiseGit, but with the main problem with VSCode seem to be I can't set which ssh agent to use.
I enabled the OpenSSH agent service on Windows to start automatically and added my open ssh key with ssh-add.
Every time i try to push from VSCode all i got is an error message with
Git: FATAL ERROR: Disconnected: No supported authentication methods available (server sent: public key)
When trying to push from terminal I got also
Please make sure you have the correct access rights and the repository exists.
As already said, with TortoiseGit I have no problem at all, and the only differences are that in TortoiseGit I set the ssh-agent.
you might need to confirm your System environment variable GIT_SSH points to the ssh within Git: C:\Program Files\Git\usr\bin\ssh.exe
You may need to update your Windows OpenSSH. If you run ssh -V from a PowerShell window and see OpenSSH_for_Windows_7.7p1, this is probably the case. The instructions for upgrading are available in the Install Win32 OpenSSH Wiki.
General
VS Code uses the Windows version of OpenSSH.
The config file that you change in VS Code is located in /Users/<username>/.ssh/config
The default location/name of a key is at /Users/<username>/.ssh/id_rsa.
Example
Local: Windows 10 machine with VS Code and the very awesome Remote - SSH extension installed
Remote: Ubuntu, where I use git for development and need my private key available
Since the remote is shared, I want to use SSH agent forwarding and keep my private key(s) on my local machine
Config file:
Host mybox
HostName actual.ip.or.name.of.mybox.com
User myusername
IdentityFile ~/.ssh/id_rsa
ForwardAgent yes
PowerShell Commands (Run as Administrator)
Start-Service ssh-agent
ssh-add C:\Users\<username>\.ssh\id_rsa # private key to add
ssh-add -L # list keys added
Set-Service ssh-agent -StartupType Automatic # optional

How to use svn+ssh in IntelliJ Windows?

Our SVN server allows ssh connections only. How can I configure IntelliJ on Windows to connect to SVN server using svn+ssh?
In order to connect to SVN using ssh on a Windows machine, you will need to
Generate your ssh private key and upload it to your user allowed keys on the server.
Create a saved PuTTy session to use the private key file.
Download TortoiseSVN Plink to be used as SSH tunnel.
Configure IntelliJ to use TortoiseSVN to connect to your SVN server.
Here are the details of these steps.
1. Generate your private key.
You can use PUTTYGEN to generate the private key.
Then save the key in the .ssh folder in the user home directory.
If you have Windows 10, you can use Bash on Ubuntu on Windows to generate and load your private keys.
ssh-keygen -t rsa
This will generate the file ~/.ssh/id_rsa
Then load the key to the server
ssh-copy-id amr#example.com
The final step is to move the generated file from the Ubuntu subsystem path to your home directory in windows.
cp ~/.ssh/id_rsa /mnt/c/Users/amr/.ssh/
You still need to convert the key from OpenSSH to PPK format using the PUTTYGEN tool. From the tool load the file and then save the private key again in the PPK format.
2. Create a saved PuTTy session and configure it to use your private key.
Create a new session in PuTTY for login into the SVN server and change the setting of SSH/Auth to point to the private key file
3. Use Tortoise SVN Plink as the ssh tunnel
Download and install Tortoise SVN. It has a command line tool named TortoisePlink which is based on puTTY. We will use plink as the SSH tunnel for SVN.
4. Configure IntelliJ to use this SSH tunnel for Subversion.
Go to File/Settings/Version Control/Subversion then select SSH settings tab.
Select Subversion config
make sure SSH tunnel is set to $SVN_SSH ssh -q
then add the path to TortoisPlink as in the picture. Make sure to skip backslashes.
Then, you are good to go.

Running psexec on Windows Server 2008 R2 from Windows 7

I'm trying to successfully run a batch file located on a server pc (Windows Server 2008 R2) from my Windows 7 client PC. But its not working and the command prompt shows the following error information message.
When I run
psexec \\199.219.21.141 -u admin /c "C:\Compile.bat"
I'm prompted for password, and when I enter the password and press I get
Make sure that the default admin$ share is enabled on 199.219.21.141
(which is my machine ipaddress)
The user admin is part of the Local administrators on the server machine
Things I tried,
Turning off the UAC Turning OFF the Windows Firewall
Setting the LocalAccountTokenFilterPolicy DWORD to 1 in, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Caching the user credentials using
cmdkey.exe /add:MACHINE_NAME_HERE /user:199.219.21.141\admin /pass:PASSWORD_HERE
psexec.exe \199.219.21.141 -i notepad
cmdkey.exe /delete:199.219.21.141
After trying to connect for some time, it again displays
Make sure that the default admin$ share is enabled on 199.219.21.141
Any ideas what am I doing wrong?

Is Eclipse SSH Remote System Explorer broken on Windows?

I have the following setup on Windows 7 Ultimate x64:
Eclipse Indigo 2.7.2 (Build: M20120208-0800)
Remote System Explorer 3.3.2 (see screenshot)
(Oracle/Sun) Java 1.6 Update 31 (x86)
Despite all my best efforts I am unable to connect to a remote system (a Centos 5.6 server on my local LAN) using a Remote System Explorer SSH connection - I've tried both password authentication and using my SSH private key.
Here is a screenshot of both the Eclipse error dialogue and what is logged in my /var/log/secure log file:
/var/log/secure:
Apr 1 12:00:21 nagios sshd[6176]: Received disconnect from 172.16.3.88: 3: com.jcraft.jsch.JSchException: Auth fail
When I connect for the first time I do get prompted to verify the authenticity of the remote host and the RSA key fingerprint. But that's as far as things go.
Performing the same operation with the same credentials on my Fedora Core 16 box (also running the same version of Eclipse and Java) to the same server (and other servers) is successful.
This leads me to believe that RSE SSH support on Windows is either broken or there's some piece of the SSH-on-Windows puzzle I'm missing. Is this the case?
It works on Windows 7 64bit - i am using it. Maybe there is a problem with 3.3.2? I have check my version and i am using 3.3.1
You should upgrade your eclipse. Indigo is deprecated.

How To Extract SFTP SSH Key From Key Cache in FileZilla FTP Client

I have connected to a server via SFTP using FileZilla and accepted adding the server's SSH key to the key cache in FileZilla.
How can I extract this cached key to a keyfile so that may use it through other SFTP applications that require a keyfile be made available?
I have not been able to find anything in the FileZilla documentation related to this.
If you use the standard openssh console client (cygwin or from linux), host keys are stored, one-per-line, in ~/.ssh/known_hosts. From there, it's a simple matter of figuring out which bit of that host key is needed for your library.
Putty also stores host keys, but it appears to encode them in hex. Those can be found at HKCUR\Software\SimonTatham\PuTTY\SshHostKeys
Thomas was correct. FileZilla piggybacks on PuTTY's PSFTP program and stores the saved keys encoded in a hex format at the registry key he listed (HKCUR\Software\SimonTatham\PuTTY\SshHostKeys). I needed the key in known_hosts format, so I has able to install a windows version of openssh at his recommendation and used the ssh-keyscan tool to hit the server and save the key info out in the correct format:
ssh-keyscan -t rsa <my_ftp_ip_address> > c:\known_hosts
ssh-keyscan -t dsa <my_ftp_ip_address> > c:\known_hosts
Thank you Thomas and SO!
If you'd rather use a GUI, you can snag the host key from the log window or the first-time connection popup using WinSCP FTP client: https://winscp.net/eng/docs/ssh_verifying_the_host_key
Thanks Dougman for the tip!
To further help any newcomers reading your answer.
Prior to running the ssh-keyscan, assuming the openssh is install by default, there is a few commands that needs to be run (read the quickstart/readme install for details).
Here are my commands which allow me to obtain the host key.
C:\Program Files\OpenSSH\bin>mkgroup -l >> ..\etc\group
C:\Program Files\OpenSSH\bin>mkpasswd -l >> ..\etc\passwd
C:\Program Files\OpenSSH\bin>net start opensshd
The OpenSSH Server service is starting.
The OpenSSH Server service was started successfully.
C:\Program Files\OpenSSH\bin>ssh-keyscan -t rsa vivo.sg.m.com > c:\known_hosts
vivo.sg.m.com SSH-2.0-Sun_SSH_1.1
Unless I am misunderstanding you: you don't need to.
If you connect to the server with another application (ie: PuTTY) and it has not seen the server before then you will be prompted to accept the key.
I see why you might want to do this, but each application could have it's own way to store keys.

Resources