I want to switch from Putty to OpenSSH for SSH connections in windows to our servers. I want to use OpenSSH only as client and I have a private key with additional passphrase.
I tried to connect to my server and OpenSSH loads the keyfile, but everytime I enter the passphrase, it seems that it isn't correct.
C:\Users\user>ssh -i D:\folder\.ssh\private_key user#host
Enter passphrase for key 'D:\folder\.ssh\private_key':
Enter passphrase for key 'D:\folder\.ssh\private_key':
Enter passphrase for key 'D:\folder\.ssh\private_key':
user#host's password:
You can see, my keyfiles are not located in the standard folder. I don't think that this is the problem, so only fyi.
What is the problem? I installed OpenSSH with the standard configuration and changed nothing.
Edit:
I also tried a different keyfile on an other server which has also a passphrase: this also doesn't work. Is that maybe a problem in configuration?
I'm sorry.
I discovered that I load a very old version. I think I get it from sourceforge and the executables are very outdated (year 2003 to 2004).
You can get a actual version from github: https://github.com/PowerShell/Win32-OpenSSH/releases/. I don't know if this is the official release. It's a bit confusing.
Related
Problem:
I am trying to use OpenSSH Agent in Windows 10 Pro. It is loading the keys but not forwarding to the host.
Goal:
I am attempting to get ssh-agent to work in Windows so I don't have to keep entering my passphrase for my private key (with the ultimate goal of getting this to work with VS Code Remote-SSH Extension as well as on the command line).
What I've Tried:
I am using Windows 10 Pro 21H2 build 19044.1865. I have OpenSSH installed. In Powershell (admin mode), I use ssh-add to add my private key and confirm by doing ssh-add -L which shows the key is loaded (X'd out in example):
ssh-add -L
ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (redacted)
I then attempt ssh -A username#serverip and it prompts me for my passphrase. The expected behavior is that it would not prompt me for my passphrase, it would simply obtain the key from the ssh-agent service. I have tried both rsa and ed25519 keys formatted as OpenSSH keys with the same result.
If I enter my passphrase I immediately connect. I have tried all the suggestions I could find online including:
killing all ssh-agent processes shown in task manager and restarting
starting and restarting the OpenSSH Authentication Agent
fixing the permissions on my keys so only I as owner have access
It appears that the ssh-agent has loaded the key but is simply not passing it on to my server for some reason. Using the -v (verbose) option shows no attempt to use ssh-agent forwarding. I have used putty/pageant successfully and have even tried wsl-ssh-pageant which seems to work, loading my key from pageant (the Pageant keys viewable as loaded after doing ssh-add -L) but they are ignored when I attempt a connection (again nothing in the verbose output shows attempt to use the ssh-agent). The OpenSSH agent is clearly running in Windows services.
Any suggestions or help ? Thank you.
I need to ssh Unix server for reading a file from server from windows application built on Powerbuilder.. I hav a private key in local and added to pub key in server. Please suggest some idea with freeware but not with paid shareware.
I have not realized it but you could try it with putty in its command line mode, I hope it helps:
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
http://kb.site5.com/shell-access-ssh/putty/putty-how-to-start-a-ssh-session-from-the-command-line/
I keep most of my personal projects on BitBucket by Atlassian. As a natural choice, I use SourceTree app (their product) as git GUI client on Windows, and I'm happy with it. For projects where ssh git is available, I prefer ssh over https. SourceTree plays very well with projects hosted on BitBucket. Although it offers both of ssh agents: OpenSSH or PuTTY, its default selection is PuTTY/Plink (perhaps because PuTTY is more Windows-familiar).
Recently my establishment requested to host some projects on its own server. At first look it's a git server using GitLab opensource. I can use SourceTree with project hosted here using https just fine, however when it comes to ssh, the only choice of SSH agent is OpenSSH. The only key pair it would use (unless specified in config) is ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa (located in %USERPROFILE%\.ssh\
I've tried to:
Load ~/.ssh/id_rsa into PuTTY Key Generator
Convert it to PuTTY format (.ppk) file
Load the .ppk into Pageant (PuTTY authentication agent).
Despite the key being loaded and kept in the memory by Pageant, the connection with the server failed all the time, e.g. git: fatal: Could not read from remote repository. The only way to make it work is to start ssh-agent and ssh-add (go with OpenSSH).
Since I have Pageant running usually in the background, I find it more convenient to use (e.g. the keyphrase to open the private key is long/complex, and I don't remember it, and it can be copy-pasted from KeePass, while in the case of OpenSSH, cmd console does not allow me to paste it, too bad).
Is there anyway to make the ssh authentication to GitLab done via PuTTY instead of OpenSSH?
Did you connect to the SSH server using PuTTY before using plink? If not a reason could be that plink is refusing to connect to the server, because the ssh hostkey isn't verified yet. Another reason could be that the SSH server requires ciphers which are not supported by PuTTY. You can only find out if you connect with PuTTY with the same version as plink.
Use TortoiseGitPlink (from TortoiseGit) to circumvent this issue, as it will popup a messagebox asking whether to accept the hostkey or not.
I'm on a Windows 7 machine and have installed PuTTY. I'm trying to connect, but the authentication fails because of an incorrect password. But, the VM I'm connecting to doesn't have a password?
Here are the creds I'm trying to use:
Host: 127.0.0.1
Port: 2222
Username: vagrant
Private key: c:/users/<username>/.vagrant.d/insecure_private_key
When I open PuTTY, I put in the above credentials and click open, at which point it ask for the username and I enter 'vagrant', then it asks for the password, but there isn't a password, so I get access denied?
Not sure how to get around this?
Thanks.
The "---Begin RSA PRIVATE KEY ...." key is not of a format that PuTTY uses.
Use the program puttygen.exe (same place where the putty.exe program
is) to "Load" the private key.
Select "All Files (.)" from the filter to see the file c:/users/.../.vagrant.d/insecure_private_key
and open it. It will say that it has successfully imported foreign
key....
Then use "Save private key" option to save the loaded key
into a *.ppk file.
Then use that ppk file as the key file for "SSH |
Auth" in PuTTY
That should work.
I had experienced the opposite: using the putty proprietary .ppk format to configure the "config.ssh.private_key_path" which expects the SSH format.
You can also you the puttygen to convert from .ppk format to SSH format.
I have connected to a server via SFTP using FileZilla and accepted adding the server's SSH key to the key cache in FileZilla.
How can I extract this cached key to a keyfile so that may use it through other SFTP applications that require a keyfile be made available?
I have not been able to find anything in the FileZilla documentation related to this.
If you use the standard openssh console client (cygwin or from linux), host keys are stored, one-per-line, in ~/.ssh/known_hosts. From there, it's a simple matter of figuring out which bit of that host key is needed for your library.
Putty also stores host keys, but it appears to encode them in hex. Those can be found at HKCUR\Software\SimonTatham\PuTTY\SshHostKeys
Thomas was correct. FileZilla piggybacks on PuTTY's PSFTP program and stores the saved keys encoded in a hex format at the registry key he listed (HKCUR\Software\SimonTatham\PuTTY\SshHostKeys). I needed the key in known_hosts format, so I has able to install a windows version of openssh at his recommendation and used the ssh-keyscan tool to hit the server and save the key info out in the correct format:
ssh-keyscan -t rsa <my_ftp_ip_address> > c:\known_hosts
ssh-keyscan -t dsa <my_ftp_ip_address> > c:\known_hosts
Thank you Thomas and SO!
If you'd rather use a GUI, you can snag the host key from the log window or the first-time connection popup using WinSCP FTP client: https://winscp.net/eng/docs/ssh_verifying_the_host_key
Thanks Dougman for the tip!
To further help any newcomers reading your answer.
Prior to running the ssh-keyscan, assuming the openssh is install by default, there is a few commands that needs to be run (read the quickstart/readme install for details).
Here are my commands which allow me to obtain the host key.
C:\Program Files\OpenSSH\bin>mkgroup -l >> ..\etc\group
C:\Program Files\OpenSSH\bin>mkpasswd -l >> ..\etc\passwd
C:\Program Files\OpenSSH\bin>net start opensshd
The OpenSSH Server service is starting.
The OpenSSH Server service was started successfully.
C:\Program Files\OpenSSH\bin>ssh-keyscan -t rsa vivo.sg.m.com > c:\known_hosts
vivo.sg.m.com SSH-2.0-Sun_SSH_1.1
Unless I am misunderstanding you: you don't need to.
If you connect to the server with another application (ie: PuTTY) and it has not seen the server before then you will be prompted to accept the key.
I see why you might want to do this, but each application could have it's own way to store keys.