On Ubuntu I generated a key using ssh-keygen -t rsa -b 4096 command.
While trying to convert the generated key to OpenSSH format with
ssh-keygen -i -f id_rsa.pub > id_rsa_openssh.pub, I get error uudecode failed.
Any idea how to resolve this error.
Probably too late but using
ssh-keygen -e -f id_rsa.pub > id_rsa_openssh.pub
worked for me.
Related
I'm constantly setting up passwordless ssh environments. And, while there are many howTos out there, most are rather long. This is going to be very short and without much explanation. Read the load documents for the details. I plan to add screen-shots, but that has to wait until after my wrist heals. I broke it badly just the day before yesterday.
PuTTY doesn't natively support the private key format (.pem)
You must convert your private key into a .ppk file
before you can connect to your instance using PuTTY
ssh-keygen generates 2 files.
- id_rsa: The private key
- id_rsa.pub: The public key
PuTTYgen will genrate the ppk for use with PuTTY.
On Linux (I’m using CentOS 8)
=================================
mkdir -p ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa -C "yourEmailAddr#yahoo.com"
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 400 ~/.ssh/*
cp ~/.ssh/* /VMShare/ssh/ #a common mount between my virtual machines and windows
on Windows
----------
1. open PuTTYgen Click Load and open the private file (normally id_rsa)
2. Click “Save Private Key” and choose a name. I use id_rsa.ppk
3. Open Putty
3.1. Set Connection->Data->Auto-login username as appropriate
3.2. set the Connection->SSH->Auth->”Private key file for authentication” to the ppk file.
To setup 1 way ssh between 2 Linux machines
-------------------------------------------
copy the id_rsa file to ~/.ssh on the second machine
Next: chmod 400 ~/.ssh/id_rsa
Now you can ssh from the second machine to the first
To setup 1 way ssh between 2 Linux machines
-------------------------------------------
Copy the id_rsa and id_rsa.pub file to ~/.ssh on the second machine
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 400 ~/.ssh/authorized_keys ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
To Test the ssh use:
--------------------
ssh -i id_rsa.pub user#host1
<https://help.dreamhost.com/hc/en-us/articles/215464758-How-do-I-set-up-passwordless-login-in-PuTTY->
I have a private key under ~/.ssh/id_rsa. Running ssh-keygen -l -f ~/.ssh/id_rsa confirms that the key is valid.
I'm trying to create another file containing this key. For example,
cp ~/.ssh/id_rsa ~/.ssh/id_rsa.dupe
chmod 0400 ~/.ssh/id_rsa (to make permissions the same for both files)
But when I run ssh-keygen -l -f ~/.ssh/id_rsa.dupe, I get ~/.ssh/id_rsa.dupe is not a key file.
This is expected behavior. ssh-keygen -l refers to a public key file, per its documentation:
-l Show fingerprint of specified public key file.
If you want to generate a private key and generate a public key, you can use -y to do that:
ssh-keygen -y -f ~/.ssh/id_rsa.dupe >~/.ssh/id_rsa.dupe.pub
ssh-keygen -l -f ~/.ssh/id_rsa.dupe.pub
Thanks to maybeg, I've managed to backup my data from home to an external server. (An amazon one)
As i don't want to backup company datas to Amazon, i tried with an internal backup server.
I then used this command. (I have my own key)
docker run -d --name volumerize
-v /MyFolder/Keys/:/MyFolder/Keys/
-v jenkins_volume:/source:ro
-v backup_volume:/backup
-e 'VOLUMERIZE_SOURCE=/source'
-e "VOLUMERIZE_TARGET=scp://myuser#mybackupserver/home/myuser/"
-e 'VOLUMERIZE_DUPLICITY_OPTIONS=--ssh-options "-i /MyFolder/Keys/myuserkey"'
-e 'PASSPHRASE="mypassphrase"' blacklabelops/volumerize
When using duplicity backup command, inside or outside the container, i have the following error
/usr/lib/python2.7/site-packages/paramiko/ecdsakey.py:200: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signature, ec.ECDSA(self.ecdsa_curve.hash_object())
BackendException: ssh connection to myuser#mybackupserver:22 failed: not a valid OPENSSH private key file
Strangely, inside or outside the volumerize container, the following is running properly.
ssh -i /MyFolder/Keys/myuserkey myuser#mybackupserver
key_load_public: invalid format
Enter passphrase for key '/MyFolder/Keys/myuser':
[myuser#mybackupserver ~]$
Editing backup file for example is giving me the following :
#!/bin/bash
set -o errexit
source /etc/volumerize/stopContainers
duplicity $# --allow-source-mismatch --archive-dir=/volumerize-cache --ssh-options "-i /MyFolder/Keys/myuserkey" /source scp://myuser#mybackupserver/home/myuser/
source /etc/volumerize/startContainers
I've tried to check env variables inside the container, please find below what i have : (Note that passphrase has been added as env variable as found here)
HOSTNAME=b68f0e1a2d45
TERM=xterm
BLACKLABELOPS_HOME=/var/blacklabelops
GOOGLE_DRIVE_CREDENTIAL_FILE=/credentials/googledrive.cred
VOLUMERIZE_HOME=/etc/volumerize
VOLUMERIZE_SOURCE=/source
DOCKERIZE_VERSION=v0.5.0
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/etc/volumerize
VOLUMERIZE_TARGET=scp://myuser#mybackupserver/home/myuser/
PWD=/etc/volumerize
VOLUMERIZE_DUPLICITY_OPTIONS=--ssh-options "-i /MyFolder/Keys/myuserkey"
VOLUMERIZE_CACHE=/volumerize-cache
GPG_TTY=/dev/console
SHLVL=1
HOME=/root
no_proxy=*.local, 169.254/16
GOOGLE_DRIVE_SETTINGS=/credentials/cred.file
PASSPHRASE="mypassphrase"
_=/usr/bin/env
Can someone point me in the right direction ?
Regards,
pierre
Edit1 :
I tried to compare both private key file (Amazon and Company) using
openssl rsa -in yourkey.pem -check and both says
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
Edit2 :
1 . Had a look without any success at duplicity-backendexception
For information, Paramiko version is 2.2.1
Connection is successful using the following python script.
import paramiko
import StringIO
f = open('/MyFolder/Keys/myuserkey','r')
s = f.read()
keyfile = StringIO.StringIO(s)
mykey = paramiko.RSAKey.from_private_key(keyfile,password='mypassphrase')
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('mybackupserver',username='mouser',pkey=mykey)
stdin, stdout, stderr = ssh.exec_command('uptime')
stdout.readlines()
[u' 12:35:27 up 3 days, 1:42, 0 users, load average: 1.59, 3.10, 3.00\n']
try the pexpect+scp:// backend (more on available ssh backends can be found in the duplicity manpage http://duplicity.nongnu.org/duplicity.1.html ).
it uses the command line ssh binaries. maybe the error is different or more detailed there?
the error on
ssh -i /MyFolder/Keys/myuserkey myuser#mybackupserver
key_load_public: invalid format
does not seem normal. try to provide the public key in the proper format or not at all.
..ede/duply.net
This question already has answers here:
How to convert SSH keypairs generated using PuTTYgen (Windows) into key-pairs used by ssh-agent and Keychain (Linux)
(10 answers)
Closed 3 years ago.
So there are plenty of tutorials on how to convert a PEM to a PPK using puttyGen. However my issue is that my windows machine had the only PEM copy and I converted it into a PPK and deleted it. Now I need to figure out how to convert a PPK into a PEM so that my mac can ssh into the server. I still have access to the server so I could also just make a new key if I had to, anyone know how to convert PPK to PEM?
Install PuttyTools
apt-get install putty-tools
Generate a pem file form the ppk
puttygen server.ppk -O private-openssh -o server.pem
The file server.pem file will be saved on same location
If you're on a Mac and you've previously installed Homebrew, from Terminal:
$ brew install putty
$ puttygen server.ppk -O private-openssh -o server.pem
The first command was suggested in this comment and the second from Emizen Tech's answer.
Try this to install putty-tools
sudo apt install putty-tools
puttygen key.ppk -O private-openssh -o key.pem
ssh -i ~/key.pem {user}#{ip}
First, install PuTTY for Mac using
brew install putty
Then, use the following command to convert the .ppk format private key to a standard PEM format private key:
puttygen privatekey.ppk -O private-openssh -o privatekey.pem
Make sure permissions on the private key file are set properly. It should only be readable by the user that owns it.
chmod go-rw privatekey.pem
You can now use the key for logins from scripts and command line with:
ssh -i privatekey.pem user#hostname
I need to automate ssh-keygen -t rsa with out a password i.e. enter at the prompt.
How can I do that from a shell script?
To generate a SSH keypair without being prompted for a passphrase you can do the following:
$ ssh-keygen -f id_rsa -t rsa -N ''
If you need to do this from PowerShell in windows use:
ssh-keygen -f $Name -t rsa -N '""'
note you also have to ensure the git bin directory is in your path:
$sshPath = "<path>\git\bin\"
$env:path += ";$sshPath"
Then to use it in PoshGit it's just:
Add-SshKey "<path>\.shh\KeyFilename"
$ ssh-keygen -f $HOME/.ssh/id_rsa -t rsa -N ''
Just a correction to answer 2...
I found out on my OL and RHEL system the file name should be id_rsa not id.rsa.
So on a OL or RHEL system the command would be:
$ ssh-keygen -f id_rsa -t rsa -N ''
What about :
ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ''
As noted in man ssh-keygen :
SYNOPSIS
ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile]
(...)
-q Silence ssh-keygen.
(that is with openssh-client package in Debian 9.4 stretch : OpenSSH_6.7p1 Debian-5+deb8u4)
I needed to automate in a bash script the ssh-keygen command and the final answer which works well to me:
echo -e "\n" | ssh-keygen -N "" &> /dev/null
The echo command with the -e interprets "\n" as an Enter key, but do not work with the passphrase. Then using the option -N "" (empty passphrase) the password will be empty and will not ask for anything.
&> /dev/null will send the 'stdout' and 'stderr' to /dev/null so nothing is printed through the display.
$ printf '\n' | ssh-keygen -N ''
Please Enjoy this script...
Powershell script (e.g. for github)
paste this into your myscript.ps1 file...
param(
[Parameter(Mandatory)]
[string]$keyName=$(throw "keyName - Param must be supplied"),
[Parameter(Mandatory)]
[string]$email=$(throw "email - Param must be supplied"),
$u="git",
$d="github.com",
$c="rsa"
)
$repo="repoName"
$account=":accountName"
$currentDir = Get-Location
Write-Host $HOME/.ssh/$keyName`_$c
mkdir $HOME/.ssh
Set-Location $HOME/.ssh
ssh-keygen -f ./$keyName`_$c -t $c -C $email -N '""'
Add-Content -Path ./config -Value "
Host $keyName
User $u
Hostname $d
PreferredAuthentications publickey
IdentitiesOnly yes
IdentityFile $HOME/.ssh/$keyName`_$c"
Write-Host "`n
Put this key into $d :"
cat $HOME/.ssh/$keyName`_$c.pub
Write-Host "`n
Use this to Clone the $repo repo :
git clone $u#$keyName$account/$repo.git"
cat config
Set-Location $currentDir
above is untested but it is close to what I have working
Command to execute
> myscript.ps1 -keyName yourname -email yourname#yourdomain.com