Press "Enter" to skip to content

Tag: windows10

Windows 10 OpenSSH – Storing keys using the SSH agent

This article is the second of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation
  2. Storing keys using the SSH Agent < You are here
  3. Importing existing keys
  4. Creating a new public/private key pair
  5. Other useful OpenSSH commands
  6. Configuring Windows Git

To manage the OpenSSH keys, you need to add them to the ssh-agent (think of it as PuTTY’s Paegant). These keys will then be added to the user’s “Windows registry” and encrypted to their user profile (so, even if the key has an individual password on it, if somebody logins into your machine as user and has access to the registry, then they can access your private keys – if they log in as somebody else, your keys should be safe). This sounds like a security weakness, but is how MacOS and Linux handles keys anyway!

  1. Continuing in the Administration Powershell, we’re now going to start the SSH-agent which makes key management much easier:
    Start-Service ssh-agent
    If you get an error such as

    Start-Service : Service 'OpenSSH Authentication Agent (ssh-agent)' cannot be started due to the following error:
    Cannot start service ssh-agent on computer '.'.
    At line:1 char:1
    + Start-Service ssh-agent
    + ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
    ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

    Then the service is probably disabled: check with: Get-Service ssh-agent | Select StartType
    If it is disabled, you’ll see:

    StartType
    ---------
    Disabled

    Enable it with
    Get-Service -Name ssh-agent | Set-Service -StartupType Automatic
    (you might need to then start the service again using
    Start-Service ssh-agent
    Setting the service to “Automatic” means next time Windows starts and you login, your keys are automatically available to you!

Security

Once you have added the keys to the ssh-agent, it is then “safe” to delete the local key files. HOWEVER, you are NOT able to export the private keys from the ssh-agent (only show the public keys): so make a backup copy on a removable device (such as a USB key) which you keep in a very safe location in case something happens to your machine!

Windows 10 OpenSSH: Migrating from PuTTy: Installation

This article is the first of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation < You are here
  2. Storing keys using the SSH Agent
  3. Importing existing keys
  4. Creating a new public/private key pair
  5. Other useful OpenSSH commands
  6. Configuring Windows Git

I’ve been a very very long time use of the excellent PuTTy SSH tools (since at least version 0.52 in 2002: at the time of writing, release 0.72 came out on the 20th of July 2019), but Windows 10 v1809 (also known as the Windows 10 April 2018 update), Microsoft finally added SSH support directly to Windows.

Whilst Microsoft does have a guide on their website about installing OpenSSH on Windows 10, it mixes setting up the OpenSSH client (which most people will want) with the OpenSSH server (which most people do not want) and it doesn’t give a guide on moving/migrating from PuTTy, so here’s the start of my guide!

Installation via PowerShell

  1. Open PowerShell as administrator:
  2. Install openSSH client:
    Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
    You should get output such as:

    Path          :
    Online        : True
    RestartNeeded : False
    

You will now have ssh, ssh-keygen, ssh-agent, ssh-add, ssh-keyscan, sftp and scp available!

The next step is setting up the ssh agent to store the keys