Remotely Login to Linux Using New-Sshsession in Powershell (With a Private Key) Fails with "Invalid Private Key File"

Remotely login to Linux using New-SshSession in PowerShell (with a private key) fails with Invalid private key file

The manual states that New-SshSession accepts an OpenSSH key file for initiating and authenticating SSH connections. If you have been given a text file, you can make it into a compatible key file via PuttyGen.exe (link grabbed from page), then you load the .ppk into PuttyGen, then copy&paste generated data. If you've received a HEX2BIN string (the one that has only 0213456789ABCDEF in it), you have to convert that into a Base64 string. (use https://www.base64decode.com/ or a similar service for that.)

If you'd fail to create a compatible file, request a text file starting with ssh-rsa from the issuer, probably linking this manual to him.

How to connect to linux server using ssh with private key from PowerShell?

New-SSHSession doesn't recognize PuTTY's key format (unfortunately neither the Gallery nor the project page mention this, but I found it in a PowerShellMagazine article). You need the private key in the OpenSSH format. You can convert the private key with PuTTYgen:

1. Click File → Load private key.
2. Enter the passphrase if the key is password-protected.
3. Click Conversions → Export OpenSSH key.
4. Enter the filename for the exported key (do NOT overwrite the PPK file) and click Save.
5. Exit PuTTYgen.

Run New-SSHSession with the new key file:

$computer = 'neon.localdomain'
$username = 'foo'
$keyfile  = 'C:\path\to\priv_openssh.key'

$sess = New-SSHSession -Computer $computer -Credential $username -Keyfile $keyfile

Keep SSH session alive

The ssh daemon (sshd), which runs server-side, closes the connection from the server-side if the client goes silent (i.e., does not send information). To prevent connection loss, instruct the ssh client to send a sign-of-life signal to the server once in a while.

The configuration for this is in the file $HOME/.ssh/config, create the file if it does not exist (the config file must not be world-readable, so run chmod 600 ~/.ssh/config after creating the file). To send the signal every e.g. four minutes (240 seconds) to the remote host, put the following in that configuration file:

Host remotehost
    HostName remotehost.com
    ServerAliveInterval 240

To enable sending a keep-alive signal for all hosts, place the following contents in the configuration file:

Host *
    ServerAliveInterval 240

Openssh Private Key to RSA Private Key

You have an OpenSSH format key and want a PEM format key. It is not intuitive to me, but the suggested way to convert is by changing the password for the key and writing it in a different format at the same time.

The command looks like this:

ssh-keygen -p -N "" -m pem -f /path/to/key

It will change the file in place, so make a backup of your current key just in case. -N "" will set the passphrase as none. I haven't tested this with a passphrase.

The public key should be fine as is.

For full explanation of the above command, see the -m option here: https://man.openbsd.org/ssh-keygen#m

How can I force ssh to accept a new host fingerprint from the command line?

Here's how to tell your client to trust the key. A better approach is to give it the key in advance, which I've described in the second paragraph. This is for an OpenSSH client on Unix, so I hope it's relevant to your situation.

You can set the StrictHostKeyChecking parameter. It has options yes, no, and ask. The default is ask. To set it system wide, edit /etc/ssh/ssh_config; to set it just for you, edit ~/.ssh/config; and to set it for a single command, give the option on the command line, e.g.

ssh -o "StrictHostKeyChecking no" hostname

An alternative approach if you have access to the host keys for the remote system is to add them to your known_hosts file in advance, so that SSH knows about them and won't ask the question. If this is possible, it's better from a security point of view. After all, the warning might be right and you really might be subject to a man-in-the-middle attack.

For instance, here's a script that will retrieve the key and add it to your known_hosts file:

ssh -o 'StrictHostKeyChecking no' hostname cat /etc/ssh/ssh_host_dsa_key.pub >>~/.ssh/known_hosts

Excute Shell Script remotely to Azure Linux VM

Updating Posh-SSH worked for me with this code :

to install Posh-SSH :

Install-Module -Name Posh-SSH -RequiredVersion 2.1

The Script:

$Command = "fetch $scripturl; sh script.sh"
$secpasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($User, $secpasswd)
$ComputerName = Get-AzPublicIpAddress -ResourceGroupName $RG -Name $IPName | Select-Object -ExpandProperty ipAddress
echo 'ip is : '
echo $ComputerName
echo 'logging...'
$SessionID = New-SSHSession -ComputerName $ComputerName -AcceptKey -Credential $Credentials 
echo 'Exucuting...'
$Query = (Invoke-SshCommand -SSHSession $SessionID  -Command $Command).Output
echo $Query
Remove-SSHSession -Name $SessionID | Out-Null

Jenkins Publish over ssh authentification failed with private key

Looks like you're using keyfile authentication, so you'll get this error from Jenkins if you haven't set the permissions correctly on your .ssh folder and/or ~/.ssh/authorized_keys file.

• the .ssh folder should have drwx------ permissions (read/write/execute owner only)
• the authorized_keys file should have -rw------- permissions (read/write owner only)

To fix it:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

---

Related Topics