Find the answer to your Linux question:
Results 1 to 5 of 5
I'm having issues with openssh and Putty and private keys. I've tried creating the key in debian and within Putty, but neither work. I don't know if this is the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2013
    Posts
    3

    SSH Help


    I'm having issues with openssh and Putty and private keys. I've tried creating the key in debian and within Putty, but neither work.

    I don't know if this is the right way, but say I created the key files in Putty and there names are key.ppk and key.pub, what would be the steps I take from there?

    So far, I've tried copying those key files to /root/.ssh/ and adding the line AuthorizedKeysFile %h/.ssh/key.ppk, but it doesn't work. I always get server refused our key.

    If someone could be so kind as to walk me through the proper steps of using a public/private key pair to log in to my ssh server, it would be much appreciated. Please don't like to other tutorials. I've been all over the web searching for an answer, but nothing has helped.

  2. #2
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    The first step in setting up SSH keys is to generate the keys themselves. This can be done with
    Code:
    ssh-keygen -b 4096 -t rsa
    -b tells it how many bits you want -- otherwise known as the strength of the key -- and -t tells it what type of encryption you want. In this case it's RSA. This process will create two keys in ~/.ssh. In this case these keys are id_rsa and id_rsa.pub. The key generation process will tell you the names of the files it is going to create.

    So now we have a key pair: one public key and one private key. The idea of the key pair is that you put the public key onto the machine you want to SSH into, and keep the private key on your personal machine. If the machine you SSH into were ever compromised, that person would not be able to do anything with the information as the public key alone is useless. We need to get the public key on to the target machine and we'll use scp for this task
    Code:
    bash-4.2$ scp id_rsa.pub 172.24.10.2:
    krendoshazin@172.24.10.2's password: 
    id_rsa.pub                                    100%  749     0.7KB/s   00:00
    id_rsa.pub will now be in the home directory of krendoshazin on the target machine.
    Code:
    bash-4.2$ ssh 172.24.10.2
    krendoshazin@172.24.10.2's password: 
    krendoshazin@webserver:~$ ls
    httpd-2.4.3/  id_rsa.pub
    If .ssh does not exist in the user's home directory, then create it and copy the file over. The public key then needs to be added to authorized_keys
    Code:
    krendoshazin@webserver:~$ cd .ssh
    krendoshazin@webserver:~/.ssh$ mv ../id_rsa.pub .
    krendoshazin@webserver:~/.ssh$ ls
    id_rsa.pub
    krendoshazin@webserver:~/.ssh$ cat id_rsa.pub >> authorized_keys
    Your key should now be authorized for passwordless logins. Log out of the account and log back in again
    Code:
    bash-4.2$ ssh 172.24.10.2
    Last login: Sun Jan 20 10:48:43 2013 from darkstar.corp.enterprise.local
    Linux 2.6.37.6-smp.
    krendoshazin@webserver:~$
    As you can see, no password prompt was presented and I have been granted access straight into the machine.

    If you use different accounts on different machines, follow this same process for that account and then add your users to ~/.ssh/config as follows:
    Code:
    Host testserver
    User testuser
    
    Host 172.24.10.2
    User anotheruser
    SSH by default uses the name of the account you're currently using. This will allow you to ssh just using the machine name and go straight in to that account.

    Finally if you want to be really secure, you can disable password authentication in /etc/ssh/sshd_config (location may vary) and set PasswordAuthentication to no.

    I hope that helps.

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,346
    To add to Krendoshazin´s information:
    Between linux machines, you can copy your public key via "ssh-copy-id".
    This is more comfortable than copying and creating dirs/files yourself.

    Also: putty uses a different format than openssh.
    So if you want to connect from your windows/putty box to a linux machine,
    then you need to convert the openssh private key to a ppk with PuTTYgen.

    Other than that, it is good practice to have a strong passphrase on your private key, regardless if it is in openssh or ppk format.
    You must always face the curtain with a bow.

  4. #4
    Just Joined!
    Join Date
    Jan 2013
    Posts
    3

    Talking Got it Working

    What I had to do to get Putty working with openssh on my Debian box was to create a key pair in Puttygen. Then I copied the public key to Debian, edited it by removing the ---- BEGIN SSH2 PUBLIC KEY ----, the next Comment: "" line, the last ---- END SSH2 PUBLIC KEY ----. Then I added ssh-rsa to the beginning, made the entire file one line, and added me@mydomain.com at the end. It wasn't really me@mydomain.com, but my username and my domain name. Now it works! Yay! I even followed this one site's suggestions for securing it and it still works! Yay!

  5. #5
    Just Joined!
    Join Date
    Jan 2013
    Posts
    3

    Angry Another Question

    Now I'm getting another annoying error. Oh how SSH hates me and my lack of knowledge about it. I used these steps to take my Putty made key and convert it to OpenSSH format.
    Open PuttyGen
    Click Load
    Load your private key
    Go to Conversions->Export OpenSSH and export your private key
    Copy your private key to ~/.ssh/id_dsa (or id_rsa).
    Create the RFC 4716 version of the public key using ssh-keygen

    ssh-keygen -e -f ~/.ssh/id_dsa > ~/.ssh/id_dsa_com.pub

    Convert the RFC 4716 version of the public key to the OpenSSH format:

    ssh-keygen -i -f ~/.ssh/id_dsa_com.pub > ~/.ssh/id_dsa.pub
    So now in /home/me/.ssh/ I have id_rsa_com.pub id_rsa_old.pub id_rsa.pub. I open Remote Desktop Client and edit a new SSH connection. For my "Identity File" I select my id_rsa.pub, type the server address, and try to connect, but it gives me this error.
    SSH public key authentication failed: Public key file doesn't exit
    Not really even sure if it means it doesn't exist on my server or on my client. I can connect through Putty within Windows.

    EDIT: I can ssh through the command line using ssh -i id_rsa me@server, but not through this Remote Desktop Client tool. Maybe command line is good enough.
    Last edited by rannday; 01-21-2013 at 08:50 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •