AWS outputs this key line 2048 SHA256:2p2o3eIz/XxxX6IIegXx5FkHo3Lap7xR+Ue2qJ0zV4w root#ip-****** (RSA) to the system log. How can I replicate this format for the ssh-rsa key from the command line? I was scraping the logs until I realized that you can't rely on ec2's console-log fetching command because it's buffered and only stores a small amount of the output.
To clarify the ssh-key file in question is a PEM style file with the beginning and ending tags for a base64 encoded ----RSA PRIVATE KEY----
If it's helpful to know the ssh-rsa line value for the public key is base64 encoded.
I've tried...
sudo ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key
2048 MD5:10:b6:fd:21:fb:f4:ca:6b:ef:15:50:15:af:8b:5a:5d root#ip-****** (RSA)
and
sudo ssh-keygen -lf /etc/ssh/ssh_host_rsa_key
2048 SHA256:2p2o3eIz/XxxX6IIegXx5FkHo3Lap7xR+Ue2qJ0zV4w root#ip-****** (RSA)
But neither produce output looking
-----BEGIN SSH HOST KEY KEYS-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+hIGwj+cfT6tLdaVuUewnY/NwoQUdAaLw30auAHQS1B/HAEEJ+f+iLjC7JM2IV00Pgbt1trttRmaApghwkB75h0NXArxrfcHTKKV2FO0d8slO9HwDUMbLOEN+L5H0/T0Xtq9u1vnOz2LyMb5KeIywa0HXZ6bGqt1rYCV3Qi369+FUrtTFw8jo8Y21LmqHVltd/d7Kv40Hb3jzqAOCh3jtZ3bilenMA9pAtXM+XJP54oS6z0NutDJLU2n1DVg2q+5wwjJJqljgYg98t5Xj8VmGlWrtam6FMcaSJ77UwMyxLsSe/Ow7DYGAMrd6PLY5RA1stj4W0WYeB8IOSgyGWPf root#ip-******
-----END SSH HOST KEY KEYS-----
I had an ah-ha moment.
You can just use ssh-keyscan -t rsa localhost to generate the known_hosts key entry for the rsa public key of the server. Since I'm logging into the ec2 instance now instead of trying to scrape the logs I can just trust the results.
Related
I generated a new keypair but it is generating OPENSSH key only. None of the below command generates RSA key.
ssh-keygen
ssh-keygen -t rsa
This just started happening this week. All keys I have generated earlier are RSA keys.
I do not want pem file or Any help?
New keys with OpenSSH private key format can be converted using ssh-keygen utility to the old PEM format.
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
I am developing an application that uses ssh keys (JSch), and it won't accept some ssh keys. I want to make guidelines to users so they know which keys they can use and which one they can't. Hence the question: how can I determine the format of an ssh private key file, going beyond the RSA/etc and the number of bits?
For instance, at the end of this question is a 3072 bit RSA key that was generated using ssh-keygen with no parameters on android/termux. it works in ssh but both JSch and JuiceSSH refuse to even open it. openssl rsa -text -noout -in file says:
unable to load Private Key
1991864336:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
I can fix this by running ssh-keygen -p -m PEM -f file, and this might be a workaround for some users, but it would help to know in advance which formats work and which don't.
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAxeXW062gz3y29H9nni0pz+IDetDpMWxOsyLXAIJuyRrXNqmcsLTz
f2qMP4ua3ENkqjoa+wwv95Ft+X4eb920FoKCL4vzpSWgFH8MfCL8Szs1y0/vgzVEipBMCh
FwIXqtnFaTvVS69vgZKARspIEod9z/Qvh0fsz5xCHlGwL2xy5eiUL2gjLXcfQxJQft5oo8
POBFSjCxWUwuE7MrqiaFbSUk3ULVyBVwTAJdC363oYWD5DV2WlYvxsEFQREbn4yRVjvzfe
1hKeKA/JnzZVYrCLOt5hOBTppY0rSSsiGCvhX+hKNStgG2JMSheBfjytENZ3hx050vfL6Z
5zOib97Gb+5qygbtcVosYsfXK34zOiMdDOBojItw0s0aZ3nSF+D1l+XqBaeHIBeX3+JoyN
kYjH/JPC1/hykrbi0ueOmaYI2xmBrqT8Z7aUX3EyKSOWNOMAWTiPDB2SFpjoQHuznq7nFg
/8zBbAU6/J3u/28sivhKDHXZLcZ7aw8glm3fr5DzAAAFiDYAnjo2AJ46AAAAB3NzaC1yc2
EAAAGBAMXl1tOtoM98tvR/Z54tKc/iA3rQ6TFsTrMi1wCCbska1zapnLC0839qjD+LmtxD
ZKo6GvsML/eRbfl+Hm/dtBaCgi+L86UloBR/DHwi/Es7NctP74M1RIqQTAoRcCF6rZxWk7
1Uuvb4GSgEbKSBKHfc/0L4dH7M+cQh5RsC9scuXolC9oIy13H0MSUH7eaKPDzgRUowsVlM
LhOzK6omhW0lJN1C1cgVcEwCXQt+t6GFg+Q1dlpWL8bBBUERG5+MkVY7833tYSnigPyZ82
VWKwizreYTgU6aWNK0krIhgr4V/oSjUrYBtiTEoXgX48rRDWd4cdOdL3y+meczom/exm/u
asoG7XFaLGLH1yt+MzojHQzgaIyLcNLNGmd50hfg9Zfl6gWnhyAXl9/iaMjZGIx/yTwtf4
cpK24tLnjpmmCNsZga6k/Ge2lF9xMikjljTjAFk4jwwdkhaY6EB7s56u5xYP/MwWwFOvyd
7v9vLIr4Sgx12S3Ge2sPIJZt36+Q8wAAAAMBAAEAAAGAdd2LUq3R3mJAMWUEWOA7S/Yn7m
koymfgg67XcRU+WIak8YiZq2FKuXPDLkG+rTtyZDSRRz6d/wxd/L/R7vyTuuhmE11+crjz
G+IDlJfdvgz44Cuu0m3Scdi5gTGboEUJy9iAy74AUQG5Me1Yq63FZYZ5ffCuqar5g4hQhQ
MB6eXDJmt8mFUhnlw7PPv5BFsGv5cvjZ1ss2u88by/3+prg3Mg/qtE2pNyO8MYmbUSN6Bm
ym/RGsLEV9M0hulik2dLSFfChfywm0//fBfD3L2Gusvr+sh9xq3W3e6qYilmy/QhSNy1XV
brDFGAzqmTISoeblZscmAsA1bKvt3rsU0Lfkxom3NnyXvSGJ7LXy+tzInu873+p2gyCylB
c4KpepodLGI8xLH6RFiyV4g0sFWgFROE9eLSR1mNa8tA54jD6NzEoy6ThlLnwH00DKccb1
6zNK0aNaJyXVEOUd5D0OR3/XkH9DhSl1W0GMHP9Y4JVgxWp1YMFqqYOyQqt9zNGO1JAAAA
wQCb63qWGLJp4RKdCyqkE1gdp4ohcgeofkRZvTPHZ6cepXDYSrefoxbOiFg6AmvWmyJxW+
pqjDaDj1OBvk729JdqBDKI/VyGxp992hIVssllD/MTvJR4omepfj91HsWRmlMSkpeGBAre
2gxI6oRVT/J/6oegUATeQOGOMunZIv6Q1JKcda9/zjPL4Pg9xDzp+VyfoMZpLNKp1F2tzT
VC6SueiDR0INVhWLOtWUSMZCWrvhMQmwz5jreuzkNallEdb/YAAADBAOiPLZbhMvUGCwwu
qodmzHGAQ7TrG1ifF8s/6weENsr2SPAJ7t+nbjmjtwlq+Sb+ye49cRh2jElqFQ3ckJVWfA
3WFkv7T576o2/Duye023i2coPmaZ0V44Qf3jVnV2Dl3663E7bQt4xYCNU4Odaq4EdhBsyy
ey/jIRR13UVfWf3q9zRvOWEk5kaE92bN0L8AEX2CfV6cTSrV8oHxLSG1RAr4706jXXV/34
N4QYwfCap1GW2rcPUu7oX+RMOk8mMgnQAAAMEA2dhG3XHIHbScvSs9m/C5WjIJ+uBKNeP5
YODIoy9cy9oK9AUFWr+RlSRv1rlx2/y2krsojKI0Y/GEW/0aNt85vD400MMDAgKx4Nl99C
uVXXysH9Y0BjSKZ/bqnYN/FL6apWrTxS7s3ZJTkuHgjf1ymo3ySLUyYX4wkJtTx71BJFg5
6FlKmYZKu6JSIoIzDKR6Uaqb8s0HOgj9a9bf7kXBk2CWfYz1BU777NqQdZAJdJtSH52fXg
Rlk/d8DHNpBVrPAAAAEXUwX2ExNzFAbG9jYWxob3N0AQ==
-----END OPENSSH PRIVATE KEY-----
BizTalk sees thumbprint for an internal SFTP test as
ssh-rsa 2048 33:88:f0:ff:63:78:a9:2b:3f:09:cb:05:81:db:59:86
WinSCP shows: ssh-ed25519 256 ff:2e:5e:33:7a:15:de:69:18:cf:82:ae:f0:4e:7b:d2
(when I click "Session", then "Server/Protocol Information")
Is it possible to convert one to the other?
Is it possible to get the ssh-rsa thumbprint from WinSCP, PuTTY or some other tool?
WinSCP uses Ed25519 host key. It's a different key, than the RSA host key used by BizTalk. You cannot convert one to another.
WinSCP defaults to Ed25519 hostkey as that's preferred over RSA. You can only make WinSCP use RSA using raw session settings HostKey.
Alternativelly, if you can connect with SSH terminal (e.g. PuTTY) to the server, use ssh-keygen to display a fingerprint of the RSA host key:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
(this assumes common *nix server with OpenSSH)
Note that this makes sense only, if you had verified the host key, that the SSH terminal uses, upfront.
See WinSCP FAQ on Where do I get SSH host key fingerprint to authorize the server?, which covers all this.
ssh-rsa 2048 33:88:f0:ff:63:78:a9:2b:3f:09:cb:05:81:db:59:86
and
ssh-ed25519 256 ff:2e:5e:33:7a:15:de:69:18:cf:82:ae:f0:4e:7b:d2
Are same fingerprint types, but different key types (one is RSA and the other ED25519 -- elliptic curve). There is no way one to the other, because they are fingerprints of different keys.
I have a Proxmox hypervisor with 6 LXCs (servers) I have SFTP with chrooted user enabled on 4 of 6 LXCs with a custom port per LXC. Now I want the key authentication in FileZilla exactly like Amazon Web Services EC2 instances (a key.pem compatible with FileZilla and a authorized_keys file on my server in /home/user/.ssh/)
How to generate a key to .pem format who contents ? :
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
I know it's a noob question but I think it's first time I don't find what I want on Google or here on Stack Overflow
Thanks,
(Sorry for my English I'm a French baguette)
How to generate a key to .pem format who contents ? :
Using ssh-keygen -t rsa -f rsa.pem. Without any arguments, you will get the default location and configuration.
Other possibility is to use OpenSSL, that should do the same:
openssl genrsa -out private.pem 2048
I'm trying to access my friend's AWS server via ssh. He's given me the host name as well as a pem file. I'm relatively new to this and am trying to use putty to connect to the login. For him on Windows, he uses the PuttyGen to convert his pem files into ppk files. But on Ubuntu I couldn't find a GUI version for puttygen and tried looking up on converting the pem file to a ppk file but with no luck. Tried converting it using
puttygen myFile.pem -o newFile.ppk
but get an error
puttygen: unable to load file `myFile.pem': not a private key
I've tried the same command with the -O private option at the end but with no luck either. Even if I try to use ssh with the -i option with the pem file itself, it asks me for a passphrase which I don't know and my friend says there is no passphrase.
My friend gave me his ppk file which I tried to use with Putty but it didn't work.
You can tell if the private key is encrypted or not by printing the public key
encrypted key:
$ ssh-keygen -y -f ~/.ssh/test_key_with_passphrase
Enter passphrase:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5kB+0TPMDH/OQ6t/ps67DDJvZzAFF4QyqTYFS3K86bmEz5DeIBtB8kgi3a7ecft6/ooeq+WnuyGvInwNY9GqrO3WDbP4joAqAc6waolEIcs8Nb6iNK+Zhv3O0BfAeXnb5aAztGFfzoBKz6MFGw6Haod3BkZiC40/owG11rjwvb7p4mlHsGrjPpBOGMZ66zPBPuEoFDcCDUnpgh9tNww4Wrzcp+jgZM1MP5ylRCiQE/ssgu3G0zZ3H+5YwRN/XNChomXW74W/yBnp5gAqJZNhiuxTaZBDANXAyiqwrysfzYFgzvTDfyf03aysPAMWkWucmMHxnHz5C649ikSLAOK+h
unencrypted key:
$ ssh-keygen -y -f ~/.ssh/test_key_in_the_clear.pem
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxNX8DHatQQYw05PHcEvwHwKaqDvZUQWG23uUxQSxEiq1crf2j9dPCfzigKcPxIYarTIJ6yvdP6Kl/ONb+OKM7j6dd8ljO5LOs7dsgA5Tr2gaWyjrjmg767VCN2PB6BJZ9xz+p3SGTdFWtUXYtaEPAGocRx09N9kofpecRbRMlnbfHotyK8canGYzzRfimzk/uDAC/CcpeG3YLphj7zhpRaXhgdu/FKcdiTryqgktlZreJEbefeq3CEBM9kmxvr2uDc+QSVnhbcdutTJ4u4DEop0ZuTREZ2tH2HoAVruiJQ7Nd/VP8jz3SD5ySFBzPGiPcNMQ2mOP0cffm55+3CTwT
Once you've worked that out, then ssh with -i to get on to the server, if you are using ubuntu there's no need to bother with putty.
EDIT
Here's what a pem file would normally look like:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,0E109A1A0F7582B0D8B5AAAFDAB18C2A
wzvkuSuXTFTSyKvkmU7bytC6xhNGybkcc9FKH6oCFL802ZnJIUWnqIV7x4vXuDxg
zQFggRxnEqJIPv+gNUCdBMqlKal9XqAVAXw6I2bDKJIymg/UB0ODVzqzxhD1w+fD
a1nArpapqfO2Vgfeb0ABv3yNHXNcsLGpv21wR6JY/SskQQflt59MJ3pdc5nFQ3nE
O0AMiI9YH6dLPOtk5HMGR1s55b6SgHkfiaDoIAqRJd8J9Zrg7qDV0oncQmxYT+A/
ye+5OmXVoRP1SskhhmMFbb84GZ5YSpeIXqFCVaH+Uvifzhxc0La53sZEdJw1QUf/
f1ZIgg+Kysir+HX3Cul6LPz60tzjkZrlhGzPBmwcrM1zM1ehzQqU5dKzp3uAjtP0
NUHMAg5TG8dLv7eaKQAPis6f2vYebjzd538sA5O0EpMuNuWk1/CrchrKxS7ii8Sj
LkD/3hIrpXC4UO1AVJq1+OmbXh3LOCiTh2i+hKhFBS2q8V4cCaW5VbQfup8gyn5K
jOstbx+oCH3OsfoG3Tcr75+TKl1m4jXZmFACzEIQeuiWTA58nbFQDDSQJo9AdC6n
eMnT2vLvZQo2Og1fKfaaHSsh/sfqIqDxQhqCZCT7QB4SAB+CtD5QnzaWkHAqMNHv
RjW9rDdM3/oQxXba0eiCa2XBcI+W9ZU1ItjyqfbP7PJIge4rICTA0EmgZiK8uEjl
opckNqCfCVuAJlFDPJKFA/hh1cA1q+HHNY+YsKu0nj3uWtQb1ihaXTvUbIZk/rub
rNwHT9pxf59lFaIQ6/bTTxEN29m4ocPLmbzLUsAILl5vGKKwqnORypvcQZFPxC8y
xdsSsFwV43EQUpKPlewFa2tj+KDCOtWtFzj7SJrISi5j3/85g2i61eYVSJb28Cl5
cxbKDuDNok9JbA4XUS10zSpJc5y674XBt3VsZB3O4Oap4SpyuobcrvTd9jnhs7eS
KMm+qgtMhzvNs9b5RZAsGyRCThOJX0LNI8AINaF75eThmtqCcW7/Xrij/ZWt0Fs+
p74fqh6YBCfyRe5rwtNEQ+clYivdbkkUqep/6suV8KU/e6SzcmjbMHrrwtgcjji1
1IS8f858IsDoSWtij/gyWcNI945GmN7DbqjwpwajyidGrY0iYm3lzJOG3lR61LCU
hVgt017BZQc5El67RYifMBFgHRUL5W5FgBbOlLBrdYSvvCoTfSvpH1KccY6GcqYJ
mWQd0bfhAkb7s4KSndNUakVNo6FXO2f9o9uRJfLcgyW6WQkxGSpXYySOjY0SpRUS
ep7Zv2/fdjtcXMR9kFV1Hj/qGal9HQ+DE9j9aO9TZ7a3PotMwglPpAgi01EwqVlz
6wLmrWAXc9zdEjk/xCxWfgaFtRYzyVX+2aPsKoMCnVggEsk2z2jSJx8dh3tFsRl7
s2cgtFaAQdatTj3xOyNOP/8q8XBGXEu27QLqjdJOxT8Ngl+OjXt02d+rFVQwWvyn
sXpNz7VQJM4Irh2/ZOs4ySfLmzu46yDp75h3WaAasKVV5PzEQad4Sr8CziKF9WQu
KnJA3jJ0Nu746xDMMHhFibNZ/Day95LRrAi97c4nNPgk8JV6mEHKBRcWFyRmpFo2
-----END RSA PRIVATE KEY-----
If the file doesn't look like that then you dont have a pem file.