Windows Terminal SSH Public Key Authentication
ฝัง
- เผยแพร่เมื่อ 10 ก.ย. 2024
- How to setup a public/private key pair in Windows Terminal for secure shell.
Also see related videos:
Install and configure Windows Terminal: • Windows Terminal Insta...
Windows SSH Server Public Key Authentication: • SSH To Windows Using P...
Commands to copy and paste:
-------------------
Linux:
-------------------
mkdir .ssh
chmod 700 .ssh
chmod 700 authorized_keys
rm id_rsa.pub
sudo nano /etc/ssh/sshd_config
sudo systemctl restart ssh
-------------------
Windows:
-------------------
ssh-keygen -b 4096
( update below with your [user folder], [user], and [host] )
scp C:\Users\[user folder]\.ssh\id_rsa.pub [user]@[host]:~/.ssh
I couldn't find anything close to how good this explanation is. Many Thanks to you.
Very nice. Thank you.
I was about to pull my hair out because I couldn't figure it out why my key wasn't working from windows to linux and I wasn't able to understand what was going wrong. I still don't, but this allows me to be more secure as I figure it out. Can't believe the lack of a simple ssh-copy-id function in windows gave me this much of a headache. Anyway thank you so much for this tutorial Mr. Campbell! Much appreciated. Enjoy your coffee
I hope you get it figured out. Post any questions that come up, and I'll try to help.
Great informative video. Thank you SIR!
You're welcome, and thanks for watching. I hope it helps. I have more admin related videos coming soon.
@@wc7 It does. I just started to learn and play with ubuntu. Thank you!
Your explanation was unbeatable. Very helpful and clear.
Thank you! I appreciate your positive feedback. Keeps me making more.
That was greatly explained and really helpful, thank you!
You're welcome. And thanks for the positive feedback. I appreciate it.
Thanks for your clear explanation, everyone assumes that we have the ssh directory in our linux computer, but it's not
The directory '.ssh' is created in the user's home directory (or /root, for root user) when using SSH for the first time. At a minimum, the directory contains the file 'known_hosts", created on first attempt to connect to another machine using SSH. Note that '.ssh' is a hidden directory (it begins with a period), so it doesn't appear normally when using directory list command unless adding the 'show all files' switch, -a. If for any reason you need the directory before using SSH for the first time, simply create it. From the user (or root) directory, enter command mkdir .ssh
You're a legend! Thank you very much!
Very kind of you to say. Thank you.
Nice work, really clear explanation and worked right away!
Great! Thank you.
These were superb instructions sir. Thank you.
Thank you. I'm glad you liked it.
thank you from a linux newbie
You're welcome. I'm glad it helps.
This is just a saviour, thank you so much
You're very welcome!
at the 8:36, where does the "william:william" come from? I can't find what is mine
Look up "chown command" for specifics of change ownership command. In my case "william:william" is the user name and group name on the Linux system. When logged in to the Linux system, it is typical that you land in your home directory. List with switches -al as directed in the video, and the user name and group name is included in the list. Just as you see in the video, when I'm entering the chown and chmod commands, the list above has a column for user, and after it a column for group. In my case, both william, my user name, and my group name. List your home directory, and you'll see your values for user name and group name.
@@wc7 Thank you so much for help!
Thank you so very much! Our family wants to setup our own Minecraft server on an old pc. I know zip about Ubuntu, nada about what the heck I'm doing and even less on how to do it, but that's not stopping me! Your video helped me check off one of my many to-dos!
One question: do you recommend setting up the Root password or leave it disabled? The server I'm setting up will (eventually) be accessed remotely by my eldest and I just want to ensure the pc/server is secure.
Videos on creating secure connections will be greatly appreciated!! 🤓
The general advice is never to use root in normal situations. But I do in certain cases only because it's more convenient for me, like for accessing Webmin and PhpMyAdmin. However, I do this ONLY for a server physically in my office that the ports (which I've changed to obscure) for these services are strictly on my local network and are blocked from Internet access. For a public facing server, do not use the root user for any services open to the Internet. Certainly do not use root for SSH on a public server. Make another user in the sudo group so it can do what you need. And make sure there is a strong firewall between the server and Internet. I use pfSense (free), using pfBlocker, and running on old HP dc5800 hardware (under $100) with additional network card. Does Gig speed just great (other solutions like small fanless "firewall" appliances do not). Also use non-standard port numbers when possible. Not always possible, for example a mail server can't use other than port 25 or you'll never get mail. But many services can be changed to obscure port numbers, say 12476 (just an example). I do similar with my IMAP port and block the normal port number in the firewall. This cuts down on a vast amount of intruders knocking at the door. I'm not familiar with ports for Minecraft servers, but if the users who will access are a private group that you can tell them a different port number, and set that at your server, that blocks out everyone else, unless the intruders are lucky enough to guess the port number you've chosen. Odds are slim of that. Those are just a few steps to help security. Avoiding root is always a good choice.
@@wc7 thank you again! Please keep posting vids 🤓
Great work!!! Thank you. Subed.👍
Very kind of you. Thanks for watching. Suggestions for other topics are always welcome.
Great video. Thanks for sharing.
Thank you.
So how exactly do you let the command know which key to use when trying to connect? imagine you have a whole range of different keys in your user\.ssh folder on windoze - somehow you gotta inform the command which key to use, right?
I am using git bash and puttygen generated keys (.ppk files) and I can't get this to work. yet.
The "i" option. Have you searched the web? Try "ssh specify private key to use". Here is one example result. There are many. superuser.com/questions/772660/howto-force-ssh-to-use-a-specific-private-key
Is this the same as installing SSH KEys from GIt Bash, or is this an entirely different process? I know nothing yet I'm sorry still learning
I don't know for sure, because I don't use Git Bash, but it looks similar. However, because it creates a key file of a different name, I suspect each method produces a different result, and each method should co-exist without messing up the other. It's possible you could use the Git Bash key file in place of "id_rsa.pub," as I explain in the video. Both are in the .ssh folder. But I haven't tested this, so please be careful if trying it.
Thank you!
You're welcome!
ssh: connect to host port 22: Connection refused
The host you're trying to connect to either doesn't have SSH server running, or a firewall is blocking port 22.
helpful!
Thanks
what about if i use a yubikey to store the private key, how could i direct that so every time i want to ssh, i just plug it in
I have no idea what a "yubikey" is. So I don't know the answer.
👍
Thanks
Thank you for your video. This is what I was looking for. I have a doubt, if I already have the keys generated with PUTTY, how can I use them with cmd or windows terminal? Thank you for your attention.
It's been a while since I used PUTTY. I assume it works similar. Files "id_rsa" and "id_rsa_pub" are created when a key is generated. The question is where does PUTTY store the files? If the standard default location, the folder //.ssh then follow the steps in the video except for key generation. Skip that step because keys already exist. If PUTTY stores the keys in a different folder, either copy them to .ssh or adjust the commands used to point to the folder where the public key ("id_rsa.pub") is stored.
@@wc7 Thank you for your answer. Yes, that's what I thought. But no.It does not work, it does not allow to establish the connection because the public key does not match. Any idea. Thanks again.
@@iro0t626 I don't know. You may have to generate a new key. There must be a difference in how PUTTY stores keys.
PuTTY stores keys generated by its own PuTTYgen program tn the drectory specified by the user in the save (or generate or export) dialog. PuTTY saves its keys as *.ppk files. It gives the option of loading and then exporting (Conversions tab) an existing .ppk key as an openSSH compatible private key, as well as presenting the corresponding public key in a window that can be copied and pasted into an openSSH authorized_keys file on a desired host.
It's a little bit of work, but you can navigate from PuTTY into openSSH without being forced to create yet another key pair (to maintain). I don't know why there is a difference between the formats and when those differences might be merged and made transparent to us users.
@@rldel99 Thank you for the explanation. It's been a while for me since using PuTTY, and back that long ago when I did, it was without any key files. So I didn't really know the answer, but suspected something like you've described. Good to know now. Thank you.
followed all the steps but it still prompts me for my password :/
From afar I can't really help. Perhaps try it again, all steps. I don't know what else to do.
I can do this with bitcoin and ethereum ?
The video is about Windows Terminal connecting to SSH servers.
@Brian Campbell The steps in the video relate to SSH (Secure Shell). The technology involved is shared with others that use cryptographic keys. The primary tool is "openssl" command to generate keys. But what to do with the keys is a completely different subject. Understand that "openssl" is the thing to know about (SSL=Secure Sockets Layer, the encryption used in HTTPS; "open" simply means it's not proprietary). Do a Google search for "openssl key generation for cyptocurrency". This will point you in the right direction.
Hi Campbell, I hope you doing well
I am well. Keeping busy that's for sure. Thanks.
Dear Campbell is there any greping in InDesign remove any specific xml tag with any attribute e.g. different types of values as tag attributes
@@wc7 Nice😊
@@rcdabral7494 The subject isn't relevant to SSH and Windows Terminal. Better to ask in comments for a video about InDesign and GREP: th-cam.com/video/D_79JuIeu9k/w-d-xo.html
Regardless, the answer is I don't have a script that does find/replace on XML inside InDesign docs. It can be done, I just haven't yet. Haven't had a need. Would it help to update InDesign text after XML is imported? My GREP script could do that. Again, continue this conversation where the topic is relevant: th-cam.com/video/D_79JuIeu9k/w-d-xo.html
@@wc7 sorry my apology
Please upload vice versa..
I don't understand what you mean. Could you elaborate?
Please upload ssh passwordless from linux to Windows.. From linux how can we ssh windows server, without password?
@@psd4582 OK, I understand. I will add to my list of videos to make. I've looked into it. Not much different except for one command. Do the same process just reverse Windows and Linux hosts, but at Windows instead of "cat id_rsa.pub >> authorized_keys" use "type id_rsa.pub > authorized_keys". Not sure yet where the Windows configuration for SSH is located but I'll study more and get it figured out for the video. Might be a while, I have a few videos ahead of it still.
Thanks william, in my organization, there is one passwordless requirement.. We have configured all the things but still passwordless authentication is not working.. It would be helpful if you upload video on it.. Thanks
Had a typo in my last reply. Should be "type id_rsa.pub >> authorized_keys". Two right angle brackets, not one. One will replace file. Two to append. However, there is more to it besides, now that I've tried it in action today. I have it just about figured out and will make a video as soon as possible.