Remotely login to Linux using New-SshSession in PowerShell (with a private key) fails with Invalid private key file
The manual states that New-SshSession
accepts an OpenSSH key file for initiating and authenticating SSH connections. If you have been given a text file, you can make it into a compatible key file via PuttyGen.exe (link grabbed from page), then you load the .ppk into PuttyGen, then copy&paste generated data. If you've received a HEX2BIN string (the one that has only 0213456789ABCDEF
in it), you have to convert that into a Base64 string. (use https://www.base64decode.com/ or a similar service for that.)
If you'd fail to create a compatible file, request a text file starting with ssh-rsa
from the issuer, probably linking this manual to him.
How to connect to linux server using ssh with private key from PowerShell?
New-SSHSession
doesn't recognize PuTTY's key format (unfortunately neither the Gallery nor the project page mention this, but I found it in a PowerShellMagazine article). You need the private key in the OpenSSH format. You can convert the private key with PuTTYgen:
- Click File → Load private key.
- Enter the passphrase if the key is password-protected.
- Click Conversions → Export OpenSSH key.
- Enter the filename for the exported key (do NOT overwrite the PPK file) and click Save.
- Exit PuTTYgen.
Run New-SSHSession
with the new key file:
$computer = 'neon.localdomain'
$username = 'foo'
$keyfile = 'C:\path\to\priv_openssh.key'
$sess = New-SSHSession -Computer $computer -Credential $username -Keyfile $keyfile
Keep SSH session alive
The ssh daemon (sshd), which runs server-side, closes the connection from the server-side if the client goes silent (i.e., does not send information). To prevent connection loss, instruct the ssh client to send a sign-of-life signal to the server once in a while.
The configuration for this is in the file $HOME/.ssh/config
, create the file if it does not exist (the config file must not be world-readable, so run chmod 600 ~/.ssh/config
after creating the file). To send the signal every e.g. four minutes (240 seconds) to the remote host, put the following in that configuration file:
Host remotehost
HostName remotehost.com
ServerAliveInterval 240
To enable sending a keep-alive signal for all hosts, place the following contents in the configuration file:
Host *
ServerAliveInterval 240
Openssh Private Key to RSA Private Key
You have an OpenSSH format key and want a PEM format key. It is not intuitive to me, but the suggested way to convert is by changing the password for the key and writing it in a different format at the same time.
The command looks like this:
ssh-keygen -p -N "" -m pem -f /path/to/key
It will change the file in place, so make a backup of your current key just in case. -N ""
will set the passphrase as none. I haven't tested this with a passphrase.
The public key should be fine as is.
For full explanation of the above command, see the -m
option here: https://man.openbsd.org/ssh-keygen#m
How can I force ssh to accept a new host fingerprint from the command line?
Here's how to tell your client to trust the key. A better approach is to give it the key in advance, which I've described in the second paragraph. This is for an OpenSSH client on Unix, so I hope it's relevant to your situation.
You can set the StrictHostKeyChecking
parameter. It has options yes
, no
, and ask
. The default is ask
. To set it system wide, edit /etc/ssh/ssh_config
; to set it just for you, edit ~/.ssh/config
; and to set it for a single command, give the option on the command line, e.g.
ssh -o "StrictHostKeyChecking no" hostname
An alternative approach if you have access to the host keys for the remote system is to add them to your known_hosts
file in advance, so that SSH knows about them and won't ask the question. If this is possible, it's better from a security point of view. After all, the warning might be right and you really might be subject to a man-in-the-middle attack.
For instance, here's a script that will retrieve the key and add it to your known_hosts file:
ssh -o 'StrictHostKeyChecking no' hostname cat /etc/ssh/ssh_host_dsa_key.pub >>~/.ssh/known_hosts
Excute Shell Script remotely to Azure Linux VM
Updating Posh-SSH worked for me with this code :
to install Posh-SSH :
Install-Module -Name Posh-SSH -RequiredVersion 2.1
The Script:
$Command = "fetch $scripturl; sh script.sh"
$secpasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($User, $secpasswd)
$ComputerName = Get-AzPublicIpAddress -ResourceGroupName $RG -Name $IPName | Select-Object -ExpandProperty ipAddress
echo 'ip is : '
echo $ComputerName
echo 'logging...'
$SessionID = New-SSHSession -ComputerName $ComputerName -AcceptKey -Credential $Credentials
echo 'Exucuting...'
$Query = (Invoke-SshCommand -SSHSession $SessionID -Command $Command).Output
echo $Query
Remove-SSHSession -Name $SessionID | Out-Null
Jenkins Publish over ssh authentification failed with private key
Looks like you're using keyfile authentication, so you'll get this error from Jenkins if you haven't set the permissions correctly on your .ssh
folder and/or ~/.ssh/authorized_keys
file.
- the
.ssh
folder should havedrwx------
permissions (read/write/execute owner only) - the
authorized_keys
file should have-rw-------
permissions (read/write owner only)
To fix it:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Related Topics
Toolchain to Crosscompile Applications for Bbb
Difference Between "Cpu/Mem-Loads/Pp" and "Cpu/Mem-Loads/"
How to Use Qemu for Learning Arm Linux Kernel Development
Make for Compiling - All *.C Files in Folders & Subfolders in Project
Qemu Simple Backend Tracing Dosen'T Print Anything
Setting Color Brightness on Linux/Xorg
Grunt Karma Testing on Vagrant When Host Changes Sources Grunt/Karma Doesn't Detect It
Linux - Limit Usb Device Bandwidth
Open Website from Within Eclipse's Internal Browser
How to Set Umask Default for an User
Kernel Oops Page Fault Error Codes for Arm
Windows .Crl to .Pem for Nginx
How to Avoid Sigchld Error in Bash Script That Uses Gnu Parallel
Get The Name of The Directory Where a Script Is Executed
How to Include Debug Information with Nasm
Windows <Sys/File.H> Equivalent