OpenSSH SSH-2 private key (old PEM format)

Posted on May 8, 2024 by Angel

Taken from here: https://stackoverflow.com/questions/60884217/openssh-ssh-2-private-key-old-pem-format-on-azure-linux-vm

You’ve used ssh-keygen to create a private key file called id_rsa.ppk. However this is an OpenSSH-format private key and needs to be converted to Putty’s own format to use in Putty.

Your options are:

Use this key with command-line SSH (it’s in the correct format). You can either
1. specify the file on the command line e.g. ssh -i id_rsa.ppk azureuser@vm
2. make a folder C:\Users\Aquib\.ssh and move it there as C:\Users\Aquib\.ssh\id_rsa (no extension): ssh will now load this file by default to use for all servers that you try to connect to
3. if you don’t want to use this for all servers, or e.g. if you already have a default id_rsa that you use with git, you can set up a C:\Users\Aquib\.ssh\config file that tells SSH where to find the key and tell it which servers it should use it for.
Convert this file into the right format to use with Putty:
1. In Puttygen, in the ‘Conversions’ menu choose ‘Import’ and load id_rsa.ppk
2. ‘Save private key’ to a different file
3. Use this new file with Putty, either on the connection properties menu or run Pageant (the Putty key agent) and ‘Add key’ the new file. (You can e.g. create a shortcut to pageant in your Startup menu and give it the key file name as a commandline parameter so this is loaded automatically for you.)

Remote Development with VSCode (SSH)

Posted on October 20, 2023 by Angel

Adding SSH Key to SSH Agent

Posted on June 2, 2023 by Angel

Check if SSH Agent is running

eval "$(ssh-agent -s)"

Add the Keys to SSH Agent

ssh-add ~/.ssh/nameofkey

Verify Keys Added to SSH Agent

ssh-add -l

Copy Key to Remote Server

ssh-copy-id user@remote.server.location

Copy Server Key to Host

ssh-copy-id user@host.local

If you see a warning “Permission 0664 for ‘key_id’ are too open”, do this:

chmod og-rw key_id

Originally posted here:

https://www.linkedin.com/pulse/adding-ssh-key-agent-eduardo-robles/

How to Enable SSH in Kali Linux

Posted on February 4, 2023 by Angel

https://linuxhint.com/enable_ssh_kali_linux/

Guacamole cannot connect via SSH – FIX

Posted on February 4, 2023 by Angel

If you get “SSH handshake failed” when trying to use Guacamole to connect to Ubuntu via SSH, you need to use a workaround:

In the meantime a workaround is adding “HostKeyAlgorithms +ssh-rsa” to the end of /etc/ssh/sshd_config on the Ubuntu machine and restart sshd. Note: I don’t have an understanding of the security implications of this, so use at your own risk

The solution was posted here:
https://www.reddit.com/r/linuxquestions/comments/ued2vq/comment/i736why/?utm_source=share&utm_medium=web2x&context=3

How do I set up an email alert when a ssh login is successful?

Posted on January 28, 2019 by Angel

Original: https://askubuntu.com/questions/179889/how-do-i-set-up-an-email-alert-when-a-ssh-login-is-successful

Since the sshrc method doesn’t work if the user has their own ~/.ssh/rc file, I’ll explain how to do this with pam_exec as @adosaiguas suggested. The good thing is that this can also be easily adapted to login types other than ssh (such as local logins or even all logins) by hooking into a different file in /etc/pam.d/.

First you need to be able to send mail from the command line. There are other questions about this. On a mail server it’s probably easiest to install mailx (which is probably already installed anyway).

Then you need an executable script file login-notify.sh (I put it in /etc/ssh/ for example) with the following content. You can change the variables to change the subject and content of the e-mail notification. Don’t forget to execute chmod +x login-notify.sh to make it executable.

#!/bin/sh

# Change these two lines:
sender="sender-address@example.com"
recepient="notify-address@example.org"

if [ "$PAM_TYPE" != "close_session" ]; then
    host="`hostname`"
    subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
    # Message to send, e.g. the current environment variables.
    message="`env`"
    echo "$message" | mailx -r "$sender" -s "$subject" "$recepient"
fi

Once you have that, you can add the following line to /etc/pam.d/sshd:

session optional pam_exec.so seteuid /path/to/login-notify.sh

For testing purposes, the module is included as optional, so that you can still log in if the execution fails. After you made sure that it works, you can change optional to required. Then login won’t be possible unless the execution of your hook script is successful (if that is what you want).

For those of you in need of an explanation of what PAM is and how it works, here is a very good one.

Just make sure you have UsePAM set to yes in your sshd_config

And this is how to use Pushover API for alerts instead of email:

#!/bin/sh

# This script monitors /var/log/auth.log for SSH logins
# and sends a notification via Pushover when one is
# detected.

# Need to wait a bit before actually starting this script
sleep 90 # sleeps for 90 seconds

# Pushover
PUSHOVER_TITLE="FreeNAS SSH Login" # This is the title for each message.
APITOKEN=******
USERKEY=******

# Log
LOG=/mnt/Tank/sshNotify.log
/bin/date > $LOG
echo "PID: $$" >> $LOG

# Priority:   -2 to generate no notification/alert
#             -1 to always send as a quiet notification
#              0 to use the default priority
#              1 to display as high-priority and bypass the user's quiet hours
#              2 to also require confirmation from the user.
#                Note: For priority 2, the retry and expire parameters
#                      must also be supplied.

# Monitoring loop

echo "Script running." >> $LOG
/usr/bin/tail -Fn0 /var/log/auth.log | \
while read line ; do
    echo "$line" | grep -q " Accepted publickey for "
    if [ $? = 0 ] ; then
        TS=$(date +%s)
        USER=$(echo "$line" | cut -d':' -f4 | cut -d' ' -f5)
        IP=$(echo "$line" | cut -d':' -f4 | cut -d' ' -f7)
        /usr/local/bin/curl https://api.pushover.net/1/messages.json -d "token=${APITOKEN}&user=${USERKEY}&title=${PUSHOVER_TITLE}&message=User: ${USER}   IP: ${IP}&timestamp=${TS}&priority=-1"
    fi
done

echo "Script finished, will now exit." >> $LOG
/bin/date >> $LOG
exit 0

If using this with FreeNAS run the script by creating an entry under Tasks –> Init/Shutdown Scripts. The fields are:

Type: Command
Command: /bin/sh /mnt/Tank/sshNotify.sh &
When: postinit

Check log file for interactive SSH logins

Posted on November 19, 2016 by Angel


# failed attempt

grep sshd.\*Failed /var/log/auth.log | less
# successful attempts

grep sshd.\*Accepted /var/log/auth.log | less

VMware ESXi

Posted on September 28, 2010 by Angel

Step 1. Connect to ESXi console and press the Alt+F1 key combination.

Step 2. Type unsupported and then press . Note that nothing will appear on the screen whilst you type this.

Step 3. When prompted enter in the Root password and press.

Step 4. You will now be presented with a prompt on the console. From this prompt type vi /etc/inetd.conf

Step 5. vi (the file editor) has now opened the inetd.conf file. Using the direction arrows scroll through the lines until you reach the line that has #ssh and remove the hash (ie: #). This is effectively un-commenting this line so that the ssh service can be started.

Step 6. Now that you have made this minor file you want to save this change and exit out of the editor (vi). To do this press the ESC key (to put vi back into Command Mode) and then type :wq *Note: If you want to exit without saving any changes to the file then just press the ESC key (Command Mode) and then type :q!.

Step 7. With the SSH service now un-commented from this file we want to restart the

blog.anichin.com

A place where you can find a little of everything.

Tag Archives: SSH