2020. 1. 24. 15:54ㆍ카테고리 없음
SSH, the secure shell, is often used to access remote Linux systems. But its authentication mechanism, where a private local key is paired with a public remote key, is used to secure all kinds of online services, from and to Linux running on cloud. By following this post you will be able to generate SSH keys on Windows 10 using Ubuntu on Windows and PuTTy. Generating these keys from Linux is easy, and thanks to, you can follow the same process from Windows 10. But even without Ubuntu, SSH keys can also be generated with the free and open source Windows application,Over the following few steps, we’ll guide you through the process of generating SSH keys using both Ubuntu on Windows and PuTTY. The puttygen.exe executable fromPassphrase considerationsWhen creating the SSH key pair, as shown in the following steps, you can choose to either lock your private key with a passphrase or use no passphrase at all.Adding a passphrase requires the same passphrase to be entered whenever the key pair is used.
SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair. Copying the public key securely. The OpenSSH tools include the SCP and SFTP utilities to make transferring keys completely secure. In order to properly configure a Windows client for authenticating via SSH keys, the public key (.PUB) file must be transferred to the client device’s.ssh directory and stored in the authorizedkeys text file.
Not adding a passphrase removes this requirement. For this reason, creating a key pair without a passphrase is more convenient and potentially essential for certain scripts and automation tasks. But it’s also less secure.If a third party gains access to a private key without a passphrase they will be able to access all connections and services using the public key.A good compromise between convenience and security is to generate a separate key pair for each service or connection you want to use, adding a passphrase only for critical services.
If you suspect a key has been compromised, simply generate a new pair for that service and remove the less secure key. Generate SSH Keys on Windows 10 with UbuntuLaunch Bash on Ubuntu on Windows from the start menu and make sure SSH is installed by entering following command at the command prompt: sudo apt install sshThe key generation process is identical to the process on a native Linux or Ubuntu installation. With SSH installed, run the SSH key generator by typing the following. Ssh-keygen -t rsaYou will be asked two questions. The first ask where to save the key, and you can press return to accept the default value.
The second question asks for the passphrase. As discussed, entering a passphrase will require you to use the same passphrase whenever the key is accessed.However, the passphrase isn’t a requirement, and pressing return (twice) will generate a key pair without one.
Consequently, you won’t be asked for a passphrase when using your key.When the process has finished, the private key and the public key can be found in the /.ssh directory accessible from the Ubuntu terminal, or the following folder from Windows file manager: C:UsersAppDataLocallxsshome.sshBoth the AppData and lxss directories are hidden from the default view and will need to be entered manually. Generate SSH Keys on Windows 10 with PuTTYTo generate a key pair with the PuTTY key generator, simply run and puttygen.exe click the Generate button in the window that appears.You will be asked to move the mouse and press keys to improve the random number generation at the heart of SSH security. After this, the raw contents of the public key will be displayed alongside its fingerprint and a timestamp comment.Two important fields, Key passphrase and Confirm passphrase, allow you to enter a passphrase to protect the private key.Finally, you will need to export both the private and public keys separately. to export the private key, select Export OpenSSH key from the Conversions menu. to export the public key, click Save public key from the main windowPublic keys typically use the suffix.pub. By convention, the private key is usually called and idrsa the public key, idrsa.pub but this isn’t a requirement. It’s common to have many keys with more descriptive filenames, for instance.
Searching help for generating SSH keys on Windows 10Congratulations! You have just generated an SSH key pair from Windows 10.
You can now add the public key to those services you wish to authenticate.Also Read-If you need some guidance on using SSH keys, take a look at the, and if you get stuck, help is always at hand:.
Update from May 14, 2018: After updating to the Insider Build 17063, you need to run the following commands on the Windows Subsystem for Linux to make the solution work again,: sudo umount /mnt/csudo mount -t drvfs C: /mnt/c -o metadataUpdate from May 29, 2018: It seems that the steps with unmounting are only temporary, as pointed out in the comments. To fix this, you need to modify or create a config file and add a little bit of content to it. There are three slightly different ways proposed in the comments –, and.Update from July 10, 2018:, that using SSH alias with the described solution will fail, and how to solve that.
Windows Generate Ssh Key
GoalI wanted to create an SSH key, which I can use with the Linux subsystem and standard Windows programs. In the best scenario, the key is stored only once on the hard disk. SolutionThe default path for SSH keys on Windows is C:/Users/Florian/.ssh which matches the path /mnt/c/Users/Florian/.ssh on the Linux subsystem. Default SSH path on the subsystem is /.ssh.Previous to this post update, I had a not optimal solution where the keys needed to exist twice. But in the comments there were several folks with better solutions – one of them that you run on the Windows Subsystem for Linux (the /.ssh folder must not exist before running it): ln -s /mnt/c/Users/Florian/.ssh /.sshThat creates a link from /.ssh to /mnt/c/Users/Florian/.ssh.
With that, we only need to store our SSH keys in the Windows path and can use them from the Linux shell, too.After trying it, I noticed that this line was also I linked in the previous version of the post. I have no idea why I did not get it working back thenThe original version of this post was published on March 8, 2017.Published in. Related posts.Post navigation.
↓.VinceOkay, it was easier than I thought.The solution that worked for me was to add a very simple /etc/wsl.conf:automountenabled = trueoptions = 'metadata'I found part of the answer at Stack Exchange's Super User site. But that answer resulted in fixed directory permissions and ignored file permissions for me.I read the referenced MS page. But using that code resulted in not mounting the host drives at all. Using just the enabled and options parts from the page resulted in fixed directory and file permissions, which kinda works, but I'd rather set the permissions myself.Then I remembered that the temporary solution from here only sets the 'metadata' option.
So, that's what I did, and it works like a charm. Just like I have a real operating system with a real filesystem. ↓.Darren SoukupHi,It may be worth noting that if using the ssh configuration file, you may need to do this a slightly different way.Due to strict permissions requirements of the.ssh/config, it requires it be only read/write on that file. Thus it cannot exist on the windows file system. A way around this is to simply use symlinks to each individual key file and known hosts, and let config reside on the linux side.Thus, usingln -s /mnt/c/Users/YourName/.ssh/idrsa.pub /.ssh/idrsa.publn -s /mnt/c/Users/YourName/.ssh/idrsa /.ssh/idrsaln -s /mnt/c/Users/YourName/.ssh/knownhosts /.ssh/knownhostsAnd then leaving the.ssh/config file as-is, not symlinked on the linux side, with permissions 600, allows for usage of the.ssh config file.
Thus, you can have quick alias names in there such as:Host myAliasHostName somewhere.comUser exampleUserAnd can easily connect with:ssh myAliasIf you symlink the entire.ssh folder, and have a config file in there, windows takes over the ACL and you can no longer specify a 600 permission. Thus, trying to connect via the alias will result in a failure due to incorrect permissions. This is what wound up working for me anyhow.
Hopefully it helps someone else out setting this up! ↓.Darren,Your comments about 'strict permissions requirements' of.ssh helped me investigate my password-less ssh login issues with the Windows Subsystem for Linux (WSL). Also, your comments about the permissions and which side controlling the file permissions was helpful.