SSH to EC2 linux instance from Windows - windows

I'm setting up a "data analysis on the cloud" class and most of the students will probably be using Windows.
The students will have to set up EC2 Ubuntu instances and connect to them.
What is the easiest way to set up SSH for Windows XP-7?
I've tried PuTTY but Puttygen can only convert the public key to putty format if I manually add newlines in a text editor. This is too involved for the class of 80.
I've tried OpenSSH but I can't seem to find the correct permissions for the public key file. On Mac OS/Linux it's just chmod 600.
Is there a decent SSH client that supports Amazon's key format that I can set up easily?

The .pem file Amazon Web Services gives you is supported by the openssh client implementations, but for a Windows-based client that works directly with the .pem file without converting it with puttygen.exe, look into Bitvise Tunnelier.

If anybody's looking for windows 10 solution.
In Windows 10, you can use powershell.
Use below command.
ssh -i \..\location-to-pem-file.pem ubuntu#X.X.XXX.XXX
If ssh is not supported in your windows 10 machine, follow this url for installation.
I used it and suggested the same.

Another possible solution is to use PuTTY but follow Amazon's guide for doing so. I found some other guide's that weren't as clear in the steps but I was able to get PuTTYgen to work correctly when I used their guide.
Install PuTTY.
Follow Amazon's guide for converting your PEM file to the PuTTY PPK format.
Connect to your server!
As for newlines, maybe you need to run unix2dos or some other program that will fix that for you?

Step1: Download the keypair
The download will create a .pem file on your local system. It contains a private key that you can use to connect to the EC2 instance via SSH
Step 2: Launch your linux instance
Copy the public ip address for the future use to connect the linux instance
Step 3: Download puttyGen from https://the.earth.li/~sgtatham/putty/latest/w32/puttygen.exe
Step 4: Execute the PuttyGen exe and load the private key(the pem file you have downloaded while launching the instance)
Step 5: Save the private key, it will give the .ppk file which will be used to connect the linux instance
Step 6: Download and install the Putty software, open the putty, and paste the public ip address which you copied from the linux instance
Step 7: Now load the .PPK file which we have saved
Step 8: Choose yes from the alert window
Step 9: Login as ec-user

I borrowed the method giving in this video. https://youtu.be/P1erVo5X3Bs
Open power shell and run below commands. You can open power shell at any location by print powershell in the nevigation bar and press enter.
enter image description here
1.reset premission:
icals.exe key.pem /reset
2.check the current user id
whoami
3.add permision to specific user id
icacls.exe key.pem /grant:r "YOUR USER ID GIVEN BY WHOAMI"
4.remove permission of other user
icacls.exe .\ec2.pem /inheritance:r
Now it should work.

If anybody's looking for windows 10 solution.
icacls.exe .\Desktop\xxxx.pem /reset
icacls.exe .\Desktop\xxxx.pem /grant:r "$($env:USERNAME):(r)"
icacls.exe .\Desktop\xxxx.pem /inheritance:r
ssh -i .\Desktop\xxxx.pem ec2-user#54.229.xxx.x

Related

How to use svn+ssh in IntelliJ Windows?

Our SVN server allows ssh connections only. How can I configure IntelliJ on Windows to connect to SVN server using svn+ssh?
In order to connect to SVN using ssh on a Windows machine, you will need to
Generate your ssh private key and upload it to your user allowed keys on the server.
Create a saved PuTTy session to use the private key file.
Download TortoiseSVN Plink to be used as SSH tunnel.
Configure IntelliJ to use TortoiseSVN to connect to your SVN server.
Here are the details of these steps.
1. Generate your private key.
You can use PUTTYGEN to generate the private key.
Then save the key in the .ssh folder in the user home directory.
If you have Windows 10, you can use Bash on Ubuntu on Windows to generate and load your private keys.
ssh-keygen -t rsa
This will generate the file ~/.ssh/id_rsa
Then load the key to the server
ssh-copy-id amr#example.com
The final step is to move the generated file from the Ubuntu subsystem path to your home directory in windows.
cp ~/.ssh/id_rsa /mnt/c/Users/amr/.ssh/
You still need to convert the key from OpenSSH to PPK format using the PUTTYGEN tool. From the tool load the file and then save the private key again in the PPK format.
2. Create a saved PuTTy session and configure it to use your private key.
Create a new session in PuTTY for login into the SVN server and change the setting of SSH/Auth to point to the private key file
3. Use Tortoise SVN Plink as the ssh tunnel
Download and install Tortoise SVN. It has a command line tool named TortoisePlink which is based on puTTY. We will use plink as the SSH tunnel for SVN.
4. Configure IntelliJ to use this SSH tunnel for Subversion.
Go to File/Settings/Version Control/Subversion then select SSH settings tab.
Select Subversion config
make sure SSH tunnel is set to $SVN_SSH ssh -q
then add the path to TortoisPlink as in the picture. Make sure to skip backslashes.
Then, you are good to go.

Calling ssh from powerbuilder with ssh private key

I need to ssh Unix server for reading a file from server from windows application built on Powerbuilder.. I hav a private key in local and added to pub key in server. Please suggest some idea with freeware but not with paid shareware.
I have not realized it but you could try it with putty in its command line mode, I hope it helps:
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
http://kb.site5.com/shell-access-ssh/putty/putty-how-to-start-a-ssh-session-from-the-command-line/

PuTTY fatal error: "No supported authentication methods available"

PuTTY fatal error:
No supported authentication methods available
When I tried to login into the production server, I am getting above error. Could anyone help me to fix this?
Edit file
sudo vi /etc/ssh/sshd_config
Set PasswordAuthentication yes
Then restart server
sudo service ssh restart
sudo service sshd restart
It worked for me after I did the following steps :
1- Download Puttygen (https://www.puttygen.com/download-putty)
2- Open PUttyGen and then Load the private key from :
C:\Users[username]\Chapter6.vagrant\machines\default\virtualbox
3- save the new private key with a new name.
4- Open Putty, go to Connection > SSH > Auth > and add the new private key
5- Connect now using 127.0.0.1 and 2222
I think your private key file format is not compatible with putty for putty uses its' native format instead.
Detail:http://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter10.html#errors-no-auth
If you are using cloud service and trying to connect server using ssh then Don't login the user name as ec2-user, the default user name is ubuntu forubuntu server.
This error can also be seen if you haven’t selected the .ppk file for the session in Putty: Connection > SSH > Auth
You’re done if you’ve employed PuttyGen to generate the keys. Else import the private key to your .ppk file as others have instructed.
Note on Linux as opposed to Windows, puttygen is accessed only via the command line. Here’s some resources for that:
https://the.earth.li/~sgtatham/putty/0.76/htmldoc/Chapter8.html#pubkey
http://manpages.ubuntu.com/manpages/bionic/man1/puttygen.1.html
https://www.ssh.com/academy/ssh/putty/linux/puttygen
In my case, I updated the Putty application to the latest and issue was solved.
Do you still have access to the server (maybe an open shell?) Check /var/log/messages for more details. This could have something to do with your PAM configuration.
Did you change folder permissions? i met this question in this week, so i find the error that is cause to me change the folder(name is ec2-user) permission.
1.Edit the /etc/ssh/sshd_config file.
2.Change PasswordAuthentication and ChallengeResponseAuthentication to yes.
3a. Restart ssh /etc/init.d/ssh restart.
OR
3b. better you use service sshd restart
If you've saved your public key on an external drive and it's not connected, putty will throw this error when connecting to your remote server.
Solved via Puttygen
I was on a windows system and it doesnt support direct shell access like linux or macOS.
Download Puttygen.
Load the .pem key to puttygen
Save as Private key
Use this key to login to ec2 instance
P.S : Also if the SSH ask for login/username - enter ubuntu or admin
Download Puttygen
Load the .pem key to puttygen
convert .pem file to .ppk
Save as Private key
Install/Open Putty >> puTTY Configuration >> Auth >> Browse >> path to .ppk file
Use this key to login to ec2 instance (check that IP of remote server is allowed in security group config of EC2 instance)
Username
The usual user names are ec2-user, ubuntu, centos, root, or admin
If that server is in the cloud like AWS, the rookie mistake I did was not realizing that a new Public IPv4 DNS gets used when the instance was off for some time. So, check the new DNS
Today I faced the same problem. So in putty you have to use "user name" of your EC2 instance
to get your "user name" of your EC2 instance
Select EC2 instance
select Connect
Now go to putty use ec2_name#public address
To see your public address
select EC2
under details you will be able to see your public address.
Now try loading your "ppk" file you will be able to log in.
For Digital Ocean, we should enable password authentication first.
The complete instruction is here: https://docs.digitalocean.com/support/i-lost-the-ssh-key-for-my-droplet/#enable-password-authentication
Log in to the Droplet via the Recovery Console
Even though you have a root password for the Droplet, if you try to log in via SSH using that password immediately, you’ll receive a Permission denied (publickey) error. This is because password authentication is still disabled on the Droplet. To fix this, you need to log in via the Recovery Console and update its SSH configuration.
There are detailed instructions on how to connect to Droplets with the
Recovery Console for a more explicit walkthrough, but here’s a brief
summary:
On the Droplet’s detail page, in the same Access tab, click the Launch
Console button.
At the login prompt, enter root as the username.
At the subsequent password prompt, enter the root password you were
sent via email. Most distributions prompt you to enter the password
twice, but some (like Fedora 27) do not.
Enter a new root password to replace the one that was emailed to you,
then enter that same new password again.
You will now be logged in as root in the Recovery Console, which gives
you access to the Droplet’s SSH configuration.
Enable Password Authentication To enable password authentication on
your Droplet, you need to modify a line in its SSH config file, which
is /etc/ssh/sshd_config.
Open /etc/ssh/sshd_config using your preferred text editor, like nano
or vim. Find the line that reads PasswordAuthentication no line and
change it to PasswordAuthentication yes, then save and exit the file.
Because the SSH daemon only reads its configuration files when it’s
first starting, you need to restart it for these changes to take
effect. The command to do this depends on your operating system:
Operating System SSH Restart Command
Ubuntu 14.x service ssh restart
Ubuntu 15.4 and up systemctl restart ssh
Debian systemctl restart ssh
CentOS 6 service sshd restart
CentOS 7 systemctl restart sshd
Fedora systemctl restart sshd\

Git Setup on Windows

So on my friends local Windows machine we are trying to setup GIT.
Basically, we've been following this guide which has been great. The problem we are facing is as follows:
All works until we get to Using Gitosis
When we use the command
git clone
git#INSERT_IP_HERE:gitosis-admin.git
We keep getting
Initialized empty Git repository in
/home/Thomas/gitosis-admin/.git
Connection closed by IP_HERE fatal:
The remote end hung up unexpectedly
When we try simply
ssh git#IP_HERE
We get "Connection closed by IP_HERE"
If we login as
runas /user:git C:/cygwin/cygwin.bat
And run > ssh git#IP_HERE
We at least get asked for a password then
Last Login: Connection to IP_HERE
closed.
Would anyone be able to help ?
The error does indeed indicate that authentication is failing.
Firstly, open gitosis.conf on the server and check that you are a member of the group containing gitosis-admin repository. It should show something like.
[gitosis]
[group gitosis-admin]
writable = gitosis-admin
members = user1 user2
The member name must match with a public key in /keydir before access can be made.
Secondly, you do not say how you are connecting from the Windows machines. If you are using Git under Cygwin, make sure you are correctly loading the private key. If you are using MsysGit with Putty, be sure to load the private key before connecting as well.
There is a small gotcha if PuttyGen is used to generate key pairs, and that is the default format is different from OpenSSH which you are probably using. Copy and paste from the top window, or alternatively edit the multiline public key file to read like this.
ssh-rsa AAAABB...KEYBODY...ONLkQ== user1
Lastly, make sure port 22 is open in any firewalls if that is indeed the port you are using.
A more comprehensive description of how to set up a Git server with Gitosis on Windows, can be found at here
I recommend the use of MsysGit from windows, as it gives better integration into the Windows environment. TortoiseGit and GitExtensions both use MsysGit as the backend, and provide nice Gui's and explorer shell extensions. GitExtensions full installer will provide the windows user with everything they need.
Did you get past runnig the gitosis-init < /tmp/id_rsa.pub command?
That error indicates to me that the public key isn't set up properly. The command above initializes gitosis with the first key.

How To Extract SFTP SSH Key From Key Cache in FileZilla FTP Client

I have connected to a server via SFTP using FileZilla and accepted adding the server's SSH key to the key cache in FileZilla.
How can I extract this cached key to a keyfile so that may use it through other SFTP applications that require a keyfile be made available?
I have not been able to find anything in the FileZilla documentation related to this.
If you use the standard openssh console client (cygwin or from linux), host keys are stored, one-per-line, in ~/.ssh/known_hosts. From there, it's a simple matter of figuring out which bit of that host key is needed for your library.
Putty also stores host keys, but it appears to encode them in hex. Those can be found at HKCUR\Software\SimonTatham\PuTTY\SshHostKeys
Thomas was correct. FileZilla piggybacks on PuTTY's PSFTP program and stores the saved keys encoded in a hex format at the registry key he listed (HKCUR\Software\SimonTatham\PuTTY\SshHostKeys). I needed the key in known_hosts format, so I has able to install a windows version of openssh at his recommendation and used the ssh-keyscan tool to hit the server and save the key info out in the correct format:
ssh-keyscan -t rsa <my_ftp_ip_address> > c:\known_hosts
ssh-keyscan -t dsa <my_ftp_ip_address> > c:\known_hosts
Thank you Thomas and SO!
If you'd rather use a GUI, you can snag the host key from the log window or the first-time connection popup using WinSCP FTP client: https://winscp.net/eng/docs/ssh_verifying_the_host_key
Thanks Dougman for the tip!
To further help any newcomers reading your answer.
Prior to running the ssh-keyscan, assuming the openssh is install by default, there is a few commands that needs to be run (read the quickstart/readme install for details).
Here are my commands which allow me to obtain the host key.
C:\Program Files\OpenSSH\bin>mkgroup -l >> ..\etc\group
C:\Program Files\OpenSSH\bin>mkpasswd -l >> ..\etc\passwd
C:\Program Files\OpenSSH\bin>net start opensshd
The OpenSSH Server service is starting.
The OpenSSH Server service was started successfully.
C:\Program Files\OpenSSH\bin>ssh-keyscan -t rsa vivo.sg.m.com > c:\known_hosts
vivo.sg.m.com SSH-2.0-Sun_SSH_1.1
Unless I am misunderstanding you: you don't need to.
If you connect to the server with another application (ie: PuTTY) and it has not seen the server before then you will be prompted to accept the key.
I see why you might want to do this, but each application could have it's own way to store keys.

Resources