I have connected to a server via SFTP using FileZilla and accepted adding the server's SSH key to the key cache in FileZilla.
How can I extract this cached key to a keyfile so that may use it through other SFTP applications that require a keyfile be made available?
I have not been able to find anything in the FileZilla documentation related to this.
If you use the standard openssh console client (cygwin or from linux), host keys are stored, one-per-line, in ~/.ssh/known_hosts. From there, it's a simple matter of figuring out which bit of that host key is needed for your library.
Putty also stores host keys, but it appears to encode them in hex. Those can be found at HKCUR\Software\SimonTatham\PuTTY\SshHostKeys
Thomas was correct. FileZilla piggybacks on PuTTY's PSFTP program and stores the saved keys encoded in a hex format at the registry key he listed (HKCUR\Software\SimonTatham\PuTTY\SshHostKeys). I needed the key in known_hosts format, so I has able to install a windows version of openssh at his recommendation and used the ssh-keyscan tool to hit the server and save the key info out in the correct format:
ssh-keyscan -t rsa <my_ftp_ip_address> > c:\known_hosts
ssh-keyscan -t dsa <my_ftp_ip_address> > c:\known_hosts
Thank you Thomas and SO!
If you'd rather use a GUI, you can snag the host key from the log window or the first-time connection popup using WinSCP FTP client: https://winscp.net/eng/docs/ssh_verifying_the_host_key
Thanks Dougman for the tip!
To further help any newcomers reading your answer.
Prior to running the ssh-keyscan, assuming the openssh is install by default, there is a few commands that needs to be run (read the quickstart/readme install for details).
Here are my commands which allow me to obtain the host key.
C:\Program Files\OpenSSH\bin>mkgroup -l >> ..\etc\group
C:\Program Files\OpenSSH\bin>mkpasswd -l >> ..\etc\passwd
C:\Program Files\OpenSSH\bin>net start opensshd
The OpenSSH Server service is starting.
The OpenSSH Server service was started successfully.
C:\Program Files\OpenSSH\bin>ssh-keyscan -t rsa vivo.sg.m.com > c:\known_hosts
vivo.sg.m.com SSH-2.0-Sun_SSH_1.1
Unless I am misunderstanding you: you don't need to.
If you connect to the server with another application (ie: PuTTY) and it has not seen the server before then you will be prompted to accept the key.
I see why you might want to do this, but each application could have it's own way to store keys.
Related
I need to ssh Unix server for reading a file from server from windows application built on Powerbuilder.. I hav a private key in local and added to pub key in server. Please suggest some idea with freeware but not with paid shareware.
I have not realized it but you could try it with putty in its command line mode, I hope it helps:
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
http://kb.site5.com/shell-access-ssh/putty/putty-how-to-start-a-ssh-session-from-the-command-line/
I keep most of my personal projects on BitBucket by Atlassian. As a natural choice, I use SourceTree app (their product) as git GUI client on Windows, and I'm happy with it. For projects where ssh git is available, I prefer ssh over https. SourceTree plays very well with projects hosted on BitBucket. Although it offers both of ssh agents: OpenSSH or PuTTY, its default selection is PuTTY/Plink (perhaps because PuTTY is more Windows-familiar).
Recently my establishment requested to host some projects on its own server. At first look it's a git server using GitLab opensource. I can use SourceTree with project hosted here using https just fine, however when it comes to ssh, the only choice of SSH agent is OpenSSH. The only key pair it would use (unless specified in config) is ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa (located in %USERPROFILE%\.ssh\
I've tried to:
Load ~/.ssh/id_rsa into PuTTY Key Generator
Convert it to PuTTY format (.ppk) file
Load the .ppk into Pageant (PuTTY authentication agent).
Despite the key being loaded and kept in the memory by Pageant, the connection with the server failed all the time, e.g. git: fatal: Could not read from remote repository. The only way to make it work is to start ssh-agent and ssh-add (go with OpenSSH).
Since I have Pageant running usually in the background, I find it more convenient to use (e.g. the keyphrase to open the private key is long/complex, and I don't remember it, and it can be copy-pasted from KeePass, while in the case of OpenSSH, cmd console does not allow me to paste it, too bad).
Is there anyway to make the ssh authentication to GitLab done via PuTTY instead of OpenSSH?
Did you connect to the SSH server using PuTTY before using plink? If not a reason could be that plink is refusing to connect to the server, because the ssh hostkey isn't verified yet. Another reason could be that the SSH server requires ciphers which are not supported by PuTTY. You can only find out if you connect with PuTTY with the same version as plink.
Use TortoiseGitPlink (from TortoiseGit) to circumvent this issue, as it will popup a messagebox asking whether to accept the hostkey or not.
I want to switch from Putty to OpenSSH for SSH connections in windows to our servers. I want to use OpenSSH only as client and I have a private key with additional passphrase.
I tried to connect to my server and OpenSSH loads the keyfile, but everytime I enter the passphrase, it seems that it isn't correct.
C:\Users\user>ssh -i D:\folder\.ssh\private_key user#host
Enter passphrase for key 'D:\folder\.ssh\private_key':
Enter passphrase for key 'D:\folder\.ssh\private_key':
Enter passphrase for key 'D:\folder\.ssh\private_key':
user#host's password:
You can see, my keyfiles are not located in the standard folder. I don't think that this is the problem, so only fyi.
What is the problem? I installed OpenSSH with the standard configuration and changed nothing.
Edit:
I also tried a different keyfile on an other server which has also a passphrase: this also doesn't work. Is that maybe a problem in configuration?
I'm sorry.
I discovered that I load a very old version. I think I get it from sourceforge and the executables are very outdated (year 2003 to 2004).
You can get a actual version from github: https://github.com/PowerShell/Win32-OpenSSH/releases/. I don't know if this is the official release. It's a bit confusing.
I have trouble getting the official Windows ADT 21.1.0 distribution to connect to a git repository. No matter what I tried(details below) it complains about host key not present in the registry and shows me no option to accept the host key. The remote server is running Gitlab and is under my control. There's no problem with connectivity or firewalls.
What I tried so far:
connecting without giving a password, with user git
connecting while giving a password, with another user
adding manually the host key in the known_hosts file that is found in the ssh home directory(Preferences->General->Network Connections->SSH2->SSH2 home).
The message is always:
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx...
Connection abandoned.
RSE works without any problems, only egit gives me problems.
You could workaround the problem by not using the ssh protocol with the git server, but instead the git or http protocol.
One reason for the above message can be using a folder called "ssh" instead of ".ssh" (note the dot). Some colleague of mine experienced that, and this can easily happen when using Windows explorer, as it will silently remove the dot, when creating a folder called ".ssh". You have to use the command line instead.
I'm setting up a "data analysis on the cloud" class and most of the students will probably be using Windows.
The students will have to set up EC2 Ubuntu instances and connect to them.
What is the easiest way to set up SSH for Windows XP-7?
I've tried PuTTY but Puttygen can only convert the public key to putty format if I manually add newlines in a text editor. This is too involved for the class of 80.
I've tried OpenSSH but I can't seem to find the correct permissions for the public key file. On Mac OS/Linux it's just chmod 600.
Is there a decent SSH client that supports Amazon's key format that I can set up easily?
The .pem file Amazon Web Services gives you is supported by the openssh client implementations, but for a Windows-based client that works directly with the .pem file without converting it with puttygen.exe, look into Bitvise Tunnelier.
If anybody's looking for windows 10 solution.
In Windows 10, you can use powershell.
Use below command.
ssh -i \..\location-to-pem-file.pem ubuntu#X.X.XXX.XXX
If ssh is not supported in your windows 10 machine, follow this url for installation.
I used it and suggested the same.
Another possible solution is to use PuTTY but follow Amazon's guide for doing so. I found some other guide's that weren't as clear in the steps but I was able to get PuTTYgen to work correctly when I used their guide.
Install PuTTY.
Follow Amazon's guide for converting your PEM file to the PuTTY PPK format.
Connect to your server!
As for newlines, maybe you need to run unix2dos or some other program that will fix that for you?
Step1: Download the keypair
The download will create a .pem file on your local system. It contains a private key that you can use to connect to the EC2 instance via SSH
Step 2: Launch your linux instance
Copy the public ip address for the future use to connect the linux instance
Step 3: Download puttyGen from https://the.earth.li/~sgtatham/putty/latest/w32/puttygen.exe
Step 4: Execute the PuttyGen exe and load the private key(the pem file you have downloaded while launching the instance)
Step 5: Save the private key, it will give the .ppk file which will be used to connect the linux instance
Step 6: Download and install the Putty software, open the putty, and paste the public ip address which you copied from the linux instance
Step 7: Now load the .PPK file which we have saved
Step 8: Choose yes from the alert window
Step 9: Login as ec-user
I borrowed the method giving in this video. https://youtu.be/P1erVo5X3Bs
Open power shell and run below commands. You can open power shell at any location by print powershell in the nevigation bar and press enter.
enter image description here
1.reset premission:
icals.exe key.pem /reset
2.check the current user id
whoami
3.add permision to specific user id
icacls.exe key.pem /grant:r "YOUR USER ID GIVEN BY WHOAMI"
4.remove permission of other user
icacls.exe .\ec2.pem /inheritance:r
Now it should work.
If anybody's looking for windows 10 solution.
icacls.exe .\Desktop\xxxx.pem /reset
icacls.exe .\Desktop\xxxx.pem /grant:r "$($env:USERNAME):(r)"
icacls.exe .\Desktop\xxxx.pem /inheritance:r
ssh -i .\Desktop\xxxx.pem ec2-user#54.229.xxx.x