Removing passwords from SSH keys and converting .ppk to .pem

SSH keys are a great thing. They improve security (provided that passwords are disabled) and they save you the drudgery of having to enter password each time you connect to your server. With a little tweaking of ~/.ssh/config file, you can connect to your server just by typing “ssh” followed by a space and a few letters for the hostname of your server, followed by Tab key. That’s only a few key strokes and it’s really fast. Furthermore, if you want to run any sort of automated scripts (SSH, SCP, Ansible…), you pretty much have to have password-less key.

First thing that irks me is when I get password protected private key from a client. Most of the time that’s generated from cPanel (ugh!) where keys must have password. This sounds like a good idea at first, but it’s really just an annoyance. cPanel generates longish random passwords for SSH keys, which you cannot remember, so you have to put write it down either in a password manager, or in plaintext (bad idea). If someone had compromised your PC, or intercepted your email, they are going to get to your SSH key, so this doesn’t offer any real protection. On the other hand, you have to enter the password each time you are logging in. I keep SSH keys on an encrypted storage which is protected by a strong password and an external key, so, that’s reasonably secure.

Fortunately, it’s easy to remove this password, it’s just one simple command:

1
ssh-keygen -p -P 'old-pass' -N '' -f <key_filename>

Another annoying thing is when you get .ppk key. .ppk keys are used in putty. This little program is great for connecting to your SSH server when you are condemned to use windows. Compared any terminal emulator on any Linux distro, putty is ugly and awkward. Fortunately, .ppk key can be converted to .pem key with one simple command (provided that you have putty installed):

1
puttygen key.ppk -O private-openssh -o key.pem

Read More

Using custom private SSH key for git

When you are working with git, either your private or your company’s git server or with github it is much nicer to be able to push/pull/clone without having to enter the password every time. Furthermore, SSH keys are safer. However, the default option is to keep the private key in ~/.ssh/ folder which is not encrypted (unless your /home folder is encrypted). SSH client has the -i which allows you to specify the location of your private key, but this won’t work with git.

Fortunately there is a way. All you need to do is create one config file (called ‘config’) in ~/.ssh/. Here is how it should look like:

1
2
3
4
host miloske.tk
  HostName miloske.tk
  IdentityFile /home/milos/secure/my-key
  User git

 

Read More