Results 1 to 5 of 5
I'm having issues with openssh and Putty and private keys. I've tried creating the key in debian and within Putty, but neither work. I don't know if this is the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-20-2013 #1
- Join Date
- Jan 2013
I don't know if this is the right way, but say I created the key files in Putty and there names are key.ppk and key.pub, what would be the steps I take from there?
So far, I've tried copying those key files to /root/.ssh/ and adding the line AuthorizedKeysFile %h/.ssh/key.ppk, but it doesn't work. I always get server refused our key.
If someone could be so kind as to walk me through the proper steps of using a public/private key pair to log in to my ssh server, it would be much appreciated. Please don't like to other tutorials. I've been all over the web searching for an answer, but nothing has helped.
- 01-20-2013 #2
The first step in setting up SSH keys is to generate the keys themselves. This can be done withCode:
ssh-keygen -b 4096 -t rsa
So now we have a key pair: one public key and one private key. The idea of the key pair is that you put the public key onto the machine you want to SSH into, and keep the private key on your personal machine. If the machine you SSH into were ever compromised, that person would not be able to do anything with the information as the public key alone is useless. We need to get the public key on to the target machine and we'll use scp for this task
bash-4.2$ scp id_rsa.pub 172.24.10.2: firstname.lastname@example.org's password: id_rsa.pub 100% 749 0.7KB/s 00:00
bash-4.2$ ssh 172.24.10.2 email@example.com's password: krendoshazin@webserver:~$ ls httpd-2.4.3/ id_rsa.pub
krendoshazin@webserver:~$ cd .ssh krendoshazin@webserver:~/.ssh$ mv ../id_rsa.pub . krendoshazin@webserver:~/.ssh$ ls id_rsa.pub krendoshazin@webserver:~/.ssh$ cat id_rsa.pub >> authorized_keys
bash-4.2$ ssh 172.24.10.2 Last login: Sun Jan 20 10:48:43 2013 from darkstar.corp.enterprise.local Linux 184.108.40.206-smp. krendoshazin@webserver:~$
If you use different accounts on different machines, follow this same process for that account and then add your users to ~/.ssh/config as follows:
Host testserver User testuser Host 172.24.10.2 User anotheruser
Finally if you want to be really secure, you can disable password authentication in /etc/ssh/sshd_config (location may vary) and set PasswordAuthentication to no.
I hope that helps.
- 01-20-2013 #3
To add to Krendoshazin´s information:
Between linux machines, you can copy your public key via "ssh-copy-id".
This is more comfortable than copying and creating dirs/files yourself.
Also: putty uses a different format than openssh.
So if you want to connect from your windows/putty box to a linux machine,
then you need to convert the openssh private key to a ppk with PuTTYgen.
Other than that, it is good practice to have a strong passphrase on your private key, regardless if it is in openssh or ppk format.You must always face the curtain with a bow.
- 01-20-2013 #4
- Join Date
- Jan 2013
Got it Working
What I had to do to get Putty working with openssh on my Debian box was to create a key pair in Puttygen. Then I copied the public key to Debian, edited it by removing the ---- BEGIN SSH2 PUBLIC KEY ----, the next Comment: "" line, the last ---- END SSH2 PUBLIC KEY ----. Then I added ssh-rsa to the beginning, made the entire file one line, and added firstname.lastname@example.org at the end. It wasn't really email@example.com, but my username and my domain name. Now it works! Yay! I even followed this one site's suggestions for securing it and it still works! Yay!
- 01-21-2013 #5
- Join Date
- Jan 2013
Now I'm getting another annoying error. Oh how SSH hates me and my lack of knowledge about it. I used these steps to take my Putty made key and convert it to OpenSSH format.Open PuttyGen
Load your private key
Go to Conversions->Export OpenSSH and export your private key
Copy your private key to ~/.ssh/id_dsa (or id_rsa).
Create the RFC 4716 version of the public key using ssh-keygen
ssh-keygen -e -f ~/.ssh/id_dsa > ~/.ssh/id_dsa_com.pub
Convert the RFC 4716 version of the public key to the OpenSSH format:
ssh-keygen -i -f ~/.ssh/id_dsa_com.pub > ~/.ssh/id_dsa.pubSSH public key authentication failed: Public key file doesn't exit
EDIT: I can ssh through the command line using ssh -i id_rsa me@server, but not through this Remote Desktop Client tool. Maybe command line is good enough.
Last edited by rannday; 01-21-2013 at 08:50 PM.