Using Openssh



Installing and Using the OpenSSH Utilities. Installation of the OpenSSH utilities can only be performed by your Unix systems administrator, and is. So I am past the point of getting OpenSSH server to run. I have disabled password ssh login and only use keys. Using OpenSSH with Kerberos Some initial setup is required to use OpenSSH with Kerberos. The following steps provide information on the initial setup that is required in order to use OpenSSH with Kerberos: On your OpenSSH clients and servers, the /etc/krb5.conf file must exist. SSH Pivoting using Meterpreter August 14, 2017 February 12, 2021 by Raj Chandel If you are aware of SSH tunneling then you can easily understand SSH pivoting, if not then don’t worry read SSH tunneling from here. OpenSSH is a freely available collection of client/server utilities that enable secure remote login, remote file transfer, and public/private key pair management. As part of the OpenBSD project, the Secure Shell (SSH) protocol family of tools were developed and has been used for many years across the BSD, Linux, macOS, and Unix ecosystems.

Sponsored By
Mint

In working on getting Remote debugging with VS Code on Windows to a Raspberry Pi using .NET Core on ARM in my last post, I was looking for optimizations and realized that I was using plink/putty for my SSH tunnel. Putty is one of those tools that we (as developers) often take for granted, but ideally I could do stuff like this without installing yet another tool. Being able to use out of the box tools has a lot of value.

A friend pointed out this part where I'm using plink.exe to ssh into the remote Linux machine to launch the VS Debugger:

I could use Linux/bash that's built into Windows 10 for years now. As you may know, Windows 10 can run many Linuxes out of the box. If I have a Linux distro configured, I can call Linux commands locally from CMD or PowerShell. For example, here you see I have three Linuxes and one is the default. I can call 'wsl' and any command line is passed in.

So theoretically I could 'wsl ssh' and use that Linux's ssh, but again, requires setup and it's a little silly. Windows 10 now supports OpenSSL already!

Open an admin PowerShell to see if you have it installed. Here I have the client software installed but not the server.

You can then add the client (or server) with this one-time command:

You'll get all the standard OpenSSH stuff that one would want.

Let's say now that I want to be able to ssh (shoosh!) into a remote Linux machine using PGP keys rather than with a password. It's much more convenient and secure. I'll be ssh'ing with my Windows SSH into a remote Linux machine. You can see where ssh is installed:

Level set - What are we doing and what are we trying to accomplish?

I want to be able to type 'ssh pi@crowpi' from my Windows machine and automatically be logged in.

I will

  • Make a key on my Window machine. The FROM. I want to ssh FROM here TO the Linux machine.
  • Tell the Linux machine (by transferring it over) about the public piece of my key and add it to a specific user's allowed_keys.
  • PROFIT

Here's what I did. Note you can do this is several ways. You can gen the key on the Linux side and scp it over, you can use a custom key and give it a filename, you can use a password as you like. Just get the essence right.

Below, note that when the command line is C: I'm on Windows and when it's $ I'm on the remote Linux machine/Raspberry Pi.

  • gen the key on Windows with ssh-keygen
  • I ssh'ed over to Linux and note I'm prompted for a password, as expected.
  • I 'ls' to see that I have a .ssh/ folder. Cool. You can see authorized_keys is in there, you may or may no have this file or folder. Make the ~/.ssh folder if you don't.
  • Exit out. I'm in Windows now.
  • Look closely here. I'm 'scott' on Windows so my public key is in c:usersscott.sshid_rsa.pub. Yours could be in a file you named earlier, be conscious.
    • I'm type'ing (cat on Linux is type on Windows) that text file out and piping it into SSH where I login that remote machine with the user pi and I then cat (on the Linux side now) and append >> that text to the .ssh/authorized_keys folder. The ~ folder is implied but could be added if you like.
  • Now when I ssh pi@crowpi I should NOT be prompted for a password.

Here's the whole thing.

Fab. At this point I could go BACK to my Windows' Visual Studio Code launch.json and simplify it to NOT use Plink/Putty and just use ssh and the ssh key management that's included with Windows.

Cool!

NOTE: In my previous blog post some folks noted I am logging in as 'root.' That's an artifact of the way that .NET Core is accessing the GPIO pins. That won't be like that forever.

Openssh Source

Using

Thoughts? I hope this helps someone.

Sponsor: Your code is bad, but that’s ok thanks to Sentry’s full stack error monitoring that enables you to track and fix application errors in real time. Stop garbage code from becoming garbage fires.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.


Using Openssh Windows 10

AboutNewsletter