How to PowerShell ssh to Linux with RSA key

PowerShell ssh to Linux with RSA key

PowerShell ssh to Linux with RSA key – Most Windows settings employ username-password pairs for authentication, which works well for systems that are part of the same domain. It becomes vulnerable to brute force intrusions when operating between domains, such as between on-premises and cloud-hosted systems.

Linux environments, in contrast, frequently use public-key/private-key pairs to support authentication that does not call for easily guessed passwords. Tools are provided by OpenSSH to support key-based authentication.

Why do public key authentication?

Working with public key authentication is one benefit of PowerShell remoting via SSH over WinRM-based remoting. This facilitates and enhances the security of remote management of Windows computers outside of an Active Directory domain.

Working with WinRM in an environment without Active Directory can be quite complex and difficult if security is important to you. The HTTP protocol must be changed to HTTPS, SSL/TLS certificates must be fiddled with, and trusted hosts must be managed.

Major drawback

To use an SSH-based PowerShell remote, Public key authentication is not always required. The biggest drawback is that every time you connect to a distant workstation, your Windows password must be entered. If you want to run your scripts remotely using Invoke-Command, it might not be appropriate, however, it might be acceptable for interactive sessions using Enter-PSsession.

Public key authentication further increases security because it operates easily without the need for passwords. To set up PowerShell remoting for public key authentication, it makes sense to spend a bit more time.

Here, I’m assuming you installed OpenSSH. Here, we need to make a distinction between local machine setup and remote host configuration.

Local configuration

The ssh-keygen tool can be used to quickly produce the private and public keys, which is the first thing you must accomplish. The command by default saves the key pair—id_rsa is the private key and id_rsa.pub is the public key—in the.ssh folder in your user profile.

Just press Enter twice if you want to work without a passphrase. However, I advise using a passphrase because failing to do so will leave all of your remote workstations vulnerable if your private key is compromised.

When connecting to a remote workstation, the ssh-agent removes the requirement for you to enter the passphrase each time. The ssh-agent securely keeps your private key while running as a service. The following is how to launch the ssh-agent from a PowerShell console:

Start-Service ssh-agent

You can use the following command to have the service launch automatically after a restart:

Set-Service ssh-agent -StartupType Automatic

You must type the following command to add your private key to the ssh-agent:

ssh-add <path to private key>

You only need to enter your password once. You can then extract your private key from the .ssh folder and store it elsewhere.

How to PowerShell ssh to Linux with RSA key

You can then extract the ssh-agent‘s private key with the command:

ssh-add -d ida_rsa

Keep in mind that you must supply the SSH key to do this. You can delete every private key from the ssh-agent in case you misplaced it:

ssh-add -D

Remote configuration

The public key file’s contents, id_rsa.pub, must then be copied to the remote computer. The public key appears as follows: AAAAB3NzaC1yc2EAAAADAQABAAABA, ssh-rsa Just copy and paste it into your user name’s.ssh file under C:Users.

In OpenSSH, public key authentication is turned on by default. But for security reasons, I advise turning off password authentication. Even without your private key and passphrase, an attacker can access the remote computer if your Windows password is stolen.

Open Notepad with administrative privileges and click Run as administrator to enable password authentication. Then, open sshd_config under C:ProgramDatassh. The file should now have “PasswordAuthentication no” added to it. To make the modifications effective, you must restart the ssh service. At a PowerShell console with admin permissions, you can perform the following:

Restart-Service sshd

Connecting with public key authentication

Having returned to your local host, you can test your connection.

Simply type the following command into a PowerShell 6 console:

Enter-PSession -HostName <remote host> -UserName <user name on the remote computer>

The HostName option assures that PowerShell will connect via SSH rather than WinRM, as I indicated in my earlier post. It should be noted that if you utilize the UserName argument, your user name on the remote machine need not match. If you don’t select this option, PowerShell will utilize the local computer’s current login.

You should note that no Windows password or special password is required.

The operation of Invoke-Command is the same as this:

Invoke-Command -HostName <remote hosts> -UserName <user name on the remote computer> -ScriptBlock {get-process}

Additionally, you can connect with any SSH client. Using the command prompt, you may start the straightforward SSH client that comes with OpenSSH:

ssh <user name on the remote computer>@<remote host>

Just to be clear, public key authentication can still be used even if your private key wasn’t saved in the ssh-agent. OpenSSH will detect the private key automatically if it is stored in the.ssh folder of your user profile. The private key must be passed if you keep the key somewhere else.

The -i argument can be used with the ssh client:

ssh -i <path to private key>id_rsa <user name on the remote host>@<remote host>

The -IdentityFilePath argument is available for Enter-PSsession and Invoke-Command for this reason:

Enter-PSession -HostName <remote host> -UserName <user name on the remote host> -IdentityFilePath <path to private key>id_rsa

As previously stated, since doing things this way necessitates keeping your private key on your local computer in clear text, I do not advise doing it. Even if you use a password, using ssh-guard is safer because you are protected from keyloggers and other password-stealing methods.

Final Thoughts

In summary, using PowerShell ssh to Linux with RSA key provides a more secure and efficient way of authentication. It combines the capabilities of PowerShell with the flexibility of SSH for managing and automating tasks on remote Linux systems.

Keep in mind that the specific commands and steps might vary depending on the version of PowerShell, the OpenSSH module, and the Linux distribution you’re working with. Always consult the documentation and resources specific to your environment for accurate instructions.