ssh config in windows ?

Hello :wink:

i’m trying to use ssh between 2 pcs, one is openSUSE 13.1, the 2d one is windows 8.
So far i can’t reach the windows pc from linux .

WHat shall i use for ssh in windows ? i tried the following : freesshd, putty, mobaxterm.
Where are the configuration files in windows ? I need to copy the public key in each machine but so far i can’t : permission is denied for the user i just created for test purpose in windows :sarcastic:

Thanks :wink:




# ssh-copy-id -i ~/.ssh/id_rsa.pub fabrice@192.168.0.10
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
Enter passphrase for key '/root/.ssh/id_rsa': 
Enter passphrase for key '/root/.ssh/id_rsa': 
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Enter passphrase for key '/root/.ssh/id_rsa': 
fabrice@192.168.0.10's password: 
Permission denied, please try again.
fabrice@192.168.0.10's password: 
Permission denied, please try again.
fabrice@192.168.0.10's password: 
Received disconnect from 192.168.0.10: 2: Too many attempts.


linux-opensuse131:~ # scp .ssh/id_rsa.pub fabrice@192.168.0.10:.ssh/authorized_keys
Enter passphrase for key '/root/.ssh/id_rsa': 
fabrice@192.168.0.10's password: 
Permission denied, please try again.
fabrice@192.168.0.10's password: 
Permission denied, please try again.
fabrice@192.168.0.10's password: 
Received disconnect from 192.168.0.10: 2: Too many attempts.
lost connection

Hi
Are you talking about a client on the windows machine to connect to the openSUSE system. Or running an ssh server on the windows machine to connect to it from openSUSE?

If wanting to connect from windows to openSUSE for command line access, then look at putty, if just wanting to transfer files to/from the windows machine, then look at winscp.

:wink:

in fact i 'd like both working.

I have set sshd_config in opensuse and i’m now trying to copy the public key in windows, i can’t figure out why the user’s password is denied.

i guess linux and windows both need the public key of the other machine for in windows the putty session is closed with a message saying ‘public key’

On Sat 09 Aug 2014 01:36:01 PM CDT, manchette fr wrote:

:wink:

in fact i 'd like both working.

I have set sshd_config in opensuse and i’m now trying to copy the public
key in windows, i can’t figure out why the user’s password is denied.

i guess linux and windows both need the public key of the other machine
for in windows the putty session is closed with a message saying ‘public
key’

Hi
So what ssh server/daemon is running on the windows system?


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-17-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

whatever is comfy to use, mobaxterm i was told. What shall i do with it ? launch it ? set it ?

On Sat 09 Aug 2014 05:06:01 PM CDT, manchette fr wrote:

whatever is comfy to use, mobaxterm i was told. What shall i do with it
? launch it ? set it ?

Hi
I use PuTTY…

Files are down in C:\Program Files (x86)\PuTTY if you used the
installer…

Run puttygen.exe

Create your ssh2-rsa file and save the public key somewhere (I called
mine id_rsa.pub)

Save the private key somewhere safe, you will need this for PuTTY
client to use.

Fire up PuTTY and create and enter the host to connect to, enter a name
in Saved Sessions and save.

In the category window, browse to Connection->SSH-Auth and in the
‘Private key file for authentication’ browse to the ppk file you saved
from PuTTY gen.

Now in in the category window Connection->Data, add your Auto-login
username for the linux host.

Now browse back up to Session in the PuTTY category and save.

Open the id_rsa.pub file you saved earlier in notepad (I used the one
already in the PuTTY Key Generator) and then press open.

Let it add the server host key if required and enter the user login
password in the terminal session.

You should now be logged into the linux host.

I then used vi to add the public key via;

vi .ssh/authorized_keys

Then press o to open a new line, insert the public key text and save
(press esc key :wq)

then exit your linux host

Fire up PuTTY again, load your saved session and press open and it
should automatically log you into the linux host.

Note, I would strongly suggest you log into the linux host as your
user! If you need to be root, then just su - into root.

Now if your wanting to use winscp to transfer files to your linux host
from the windows host, you can use the same ppk file as used for putty.

Just researching ssh server options to go from linux->windows.


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-17-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

On Sat 09 Aug 2014 05:06:01 PM CDT, manchette fr wrote:

whatever is comfy to use, mobaxterm i was told. What shall i do with it
? launch it ? set it ?

Hi
For the ssh server on the windows machine I used freeSSHd, install it
and allow it through the firewall. Configure your username and access.

Then copy the user id_rsa.pub file from the linux host to the freeSSHD
authorized keys system directory (default to C:\Program Files
(x86)\freeSSHd) and rename the file to your login name on the windows
system.

You should then be able to login from your linux host to the windows
host via ssh and/or sftp (if you configured freeSSHd for sftp).


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-17-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

hi,

thank you . i upgraded windows to 8.1 so i’ll need to reinstall and test as mentioned above, right now putty.org is not reacting ok , i’ll look more into this asap.

freesshd gave me an error 1st time i tried, i’ll see if now it gets better.

Thanks :wink:

On 2014-08-09 19:06, manchette fr wrote:
>
> whatever is comfy to use, mobaxterm i was told. What shall i do with it
> ? launch it ? set it ?

Notice that mobaxterm and putty are Windows ssh CLIENTS. You need a
Windows ssh SERVER, in order to connect to the Windows machine from Linux.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

hi,
are you suggesting an ssh server in particular ? Somthing else than freesshd ?

hi,

is this line ok ?

linux-opensuse131:/home/fabrice # ssh-copy-id -i ~/.ssh/id_rsa.pub user@192.168.0.10:C:\'Program Files'\freeSSHd
> 
> 

what does the > mean ? is the rsa public key copied in windows ? i can’t see the file in windows

Hi
No I would use scp to copy over to your user home directory first on the windows machine, then on the windows machine copy it to the freeSSHd directory. Copy your user name on the fly, eg if your user name was fred;


scp ~/.ssh/id_rsa.pub fred@192.168.0.10:fred

The file will then be named as fred (your user name) on the windows box, copy this to the freeSSHD directory and you should be good to go with using the key to login without the password.

do you know how to quit the > prompt i had above properly ?

ok, with scp it does try something but then warns me and is thus ko, how do i add the right fingerprint to know_hosts ? (i guess this is due to the fact i upgraded windows to 8.1, or maybe dhcp which is changing the ip ?)



# scp ~/.ssh/id_rsa.pub joe@192.168.0.10:joe


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
****
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
You can use following command to remove all keys for this IP:
ssh-keygen -R 192.168.0.10 -f /root/.ssh/known_hosts
RSA host key for 192.168.0.10 has changed and you have requested strict checking.
Host key verification failed.
lost connection

On Mon 11 Aug 2014 05:26:01 PM CDT, manchette fr wrote:

do you know how to quit the > prompt i had above properly ?

ok, with scp it does try something but then warns me and is thus ko, how
do i add the right fingerprint to know_hosts ? (i guess this is due to
the fact i upgraded windows to 8.1, or maybe dhcp which is changing the
ip ?)

Code:

scp ~/.ssh/id_rsa.pub joe@192.168.0.10:joe

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)! It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is


Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this
message. Offending RSA key in /root/.ssh/known_hosts:1
You can use following command to remove all keys for this IP:
ssh-keygen -R 192.168.0.10 -f /root/.ssh/known_hosts
RSA host key for 192.168.0.10 has changed and you have requested
strict checking. Host key verification failed.
lost connection


Hi
So delete the first line as it show you… known_hosts:1<-(:1 is line 1
in your know hosts file), you should be doing all this as your user not
root, then su - to root… Once you have it working then duplicate for
your root user if you wish.


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-17-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

hi,

ok, i erased the RSA key with

# ssh-keygen -R 192.168.0.10 -f /root/.ssh/known_hosts
# Host 192.168.0.10 found: line 1 type RSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

From windows client (putty) i have access to opensuse linux server but the 1st message is “server refused our key” .
What does it mean ? the linux server seems to impede the windows client to use it’s private key, am i right ?

From linux client i try to copy the public key to windows to be able to add it to the freeSSHd server files but i can’t : permission is denied :


 linux-opensuse131:~ # scp ~/.ssh/id_rsa.pub user@192.168.0.10:user
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
RSA key fingerprint is eb:ca:ab:f5:2a:99:0d:da:9d:c0:55:19:32:6e:9c:bb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.
Enter passphrase for key '/root/.ssh/id_rsa': 
Permission denied (publickey).
lost connection

On Wed 13 Aug 2014 01:46:01 PM CDT, manchette fr wrote:

hi,

ok, i erased the RSA key with

Code:

ssh-keygen -R 192.168.0.10 -f /root/.ssh/known_hosts

Host 192.168.0.10 found: line 1 type RSA

/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

From windows client (putty) i have access to opensuse linux server but
the 1st message is “server refused our key” .
What does it mean ? the linux server seems to impede the windows client
to use it’s private key, am i right ?

From linux client i try to copy the public key to windows to be able to
add it to the freeSSHd server files but i can’t : permission is denied :

Code:

linux-opensuse131:~ # scp ~/.ssh/id_rsa.pub user@192.168.0.10:user
The authenticity of host ‘192.168.0.10 (192.168.0.10)’ can’t be
established. RSA key fingerprint is
eb:ca:ab:f5:2a:99:0d:da:9d:c0:55:19:32:6e:9c:bb. Are you sure you want
to continue connecting (yes/no)? yes Warning: Permanently added
‘192.168.0.10’ (RSA) to the list of known hosts. Enter passphrase for
key ‘/root/.ssh/id_rsa’: Permission denied (publickey).
lost connection


Hi
No, unless you (as indicated earlier you have modified sshd_config
file) changed something. In my examples I have changed no configuration
files on either the windows system or the linux system. Only produced
the rsa keys via ssh-keygen and puttygen.exe.

In your example is ‘user’ your username on the windows system? Else just
copy it to a usb device and manually transfer to the windows machine…


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-17-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

hi,

-When trying to connect with putty client to opensuse server i have a ‘server refused our key’ msg and then i can use keyboard_interactive authentification (password) and then log in.
yes i 've modified sshd_config in opensuse , here’s a part of it , do you see something wrong ? :


RSAAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys


PasswordAuthentication no
PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes


  • Then to access windows server from linux client i had to copy the public key in freeSSHd files by myself.
    after connection i have a ‘X11 forwarding request failed on channel 0’ message. What is this used for ? Where can i set up this ?

Another question : using putty it sends a private key to the server in linux.
How does opensuse sends it’s private key to freeSSHd ?

THanks :wink:

Hi
The config file hasn’t been changed as such, removing the # doesn’t do anything as those are the defaults.

So did you add the public key created in puttygen.exe into your user .ssh/authorized_keys file on the linux machine?

Check in the putty config to see the status of X11 forwarding, else if you look at the last lines of the /etc/ssh/sshd_config you can set it off for that user by following the example shown in the file.

If from the openSUSE system add the -vv option (that’s two v’s) to turn up the debug, you will see what it’s doing and how it negotiates keys between the hosts, all part of ssh… :wink:

Hi,

Yes i copied the key provided by puttygen (public key) and copied it with vi in /root/.ssh/authorized_keys in openSUSE.

i also copied the public key from openSUSE (id_rsa.pub) on a usb key and pasted it in freeSSHd files (C:\Program Files\freeSSHd)

despite this i still need password in both directions.

for example see the debug from opensuse client to freeSSHd server : at the bottom of the output you’ll see when it fails to use the key and fails to use X11 forwarding (i did not find how to set this in freeSSHd).

> ssh -vv user@192.168.0.10
OpenSSH_6.2p2, OpenSSL 1.0.1g-fips 7 Apr 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *                                                                                                                                                                                  
debug2: ssh_connect: needpriv 0                                                                                                                                                                                                              
debug1: Connecting to 192.168.0.10 [192.168.0.10] port 22.                                                                                                                                                                                   
debug1: Connection established.                                                                                                                                                                                                              
debug1: identity file /home/fabrice/.ssh/id_rsa type -1                                                                                                                                                                                      
debug1: identity file /home/fabrice/.ssh/id_rsa-cert type -1                                                                                                                                                                                 
debug1: Enabling compatibility mode for protocol 2.0                                                                                                                                                                                         
debug1: Local version string SSH-2.0-OpenSSH_6.2                                                                                                                                                                                             
debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.1.3                                                                                                                                                                  
debug1: no match: WeOnlyDo 2.1.3                                                                                                                                                                                                             
debug2: fd 3 setting O_NONBLOCK                                                                                                                                                                                                              
debug1: SSH2_MSG_KEXINIT sent                                                                                                                                                                                                                
debug1: SSH2_MSG_KEXINIT received                                                                                                                                                                                                            
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1                           
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss                                                                                                                                     
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se       
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se       
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96                                             
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96                                             
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib                                                                                                                                                                                        
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib                                                                                                                                                                                        
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,none
Microsoft Windows [version 6.3.9600],hmac-sha1-96,hmac-md5,none
(c) 2013 Microsoft Corporation. Tous droits r�serv�s.
debug2: kex_parse_kexinit: zlib,none
C:\Windows\System32>xinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 1034/2048
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA eb:ca:ab:f5:2a:99:0d:da:9d:c0:55:19:32:6e:9c:bb
debug1: Host '192.168.0.10' is known and matches the RSA host key.
debug1: Found key in /home/fabrice/.ssh/known_hosts:4
debug2: bits set: 1051/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/fabrice/.ssh/id_rsa ((nil)),

debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/fabrice/.ssh/id_rsa
debug2: we did not send a packet, disable method

debug1: Next authentication method: password
user@192.168.0.10's password: 
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).

Authenticated to 192.168.0.10 ([192.168.0.10]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth  list :0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 131072 rmax 98304
debug2: channel_input_status_confirm: type 100 id 0

X11 forwarding request failed on channel 0

debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: channel 0: rcvd adjust 0

On 2014-08-17 15:06, manchette fr wrote:
>
> Hi,
>
> Yes i copied the key provided by puttygen (public key) and copied it
> with vi in /root/.ssh/authorized_keys in openSUSE.

‘root’.

> Code:
> --------------------
> > ssh -vv user@192.168.0.10

> debug1: identity file /home/fabrice/.ssh/id_rsa type -1
> debug1: identity file /home/fabrice/.ssh/id_rsa-cert type -1

> --------------------

‘fabrice’.

Do you see some problem there? :slight_smile:


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)