Windows, Net::SSH: how do I use a private key (w / password)

[James Dinkel]

Private key authentication works with this user, I know because I use it
fine with Putty.

Here is my script right now:
------------
require 'rubygems'
require 'net/ssh'

Net::SSH.start( 'files02', 'myuser', 'mypassword' ) do |session|
session.open_channel do |channel|
channel.on_data do |ch, data|
puts data
end

channel.exec "echo \"hello\""

end

session.loop
end
-------------

and it works, but I would prefer it to use a private key for the
authentication and then prompt for the key's password. In the
documentation it says it will automatically look for a key in certain
places, but the places are unix paths and this needs to run from a
Windows (XP) box.

 

[Luis Lavena]

Private key authentication works with this user, I know because I use it
fine with Putty.

Here is my script right now:
------------
require 'rubygems'
require 'net/ssh'

Net::SSH.start( 'files02', 'myuser', 'mypassword' ) do |session|
session.open_channel do |channel|
channel.on_data do |ch, data|
puts data
end

channel.exec "echo \"hello\""

end

session.loop
end
-------------

and it works, but I would prefer it to use a private key for the
authentication and then prompt for the key's password. In the
documentation it says it will automatically look for a key in certain
places, but the places are unix paths and this needs to run from a
Windows (XP) box.

You will need a few things:

Pageant (from PuTTY) is like a ssh keyring that hold all your private
keys. Also, you need to create a PuTTY session with the same name of
your server (files02) and put into Connection -> Data the username
you're using to log into the server.

That's what I'm using with capistrano and other Net::SSH things that I
cannot disclose, and worked without issues.

HTH,

 

[James Dinkel]

You will need a few things:

Pageant (from PuTTY) is like a ssh keyring that hold all your private
keys. Also, you need to create a PuTTY session with the same name of
your server (files02) and put into Connection -> Data the username
you're using to log into the server.

That's what I'm using with capistrano and other Net::SSH things that I
cannot disclose, and worked without issues.

HTH,

So, Net::SSH will pull a key from Pageant? I was hoping for something a
little more portable, like being able to tell it to use a key located in
the same directory as the script.

 

[Luis Lavena]

So, Net::SSH will pull a key from Pageant? I was hoping for something a
little more portable, like being able to tell it to use a key located in
the same directory as the script.

AFAIK, it relly on plink, plink accepts provide a private key file (-
i), but I didn't see how that will fit into Net::SSH code.

Maybe you can request it as feature:

http://rubyforge.org/tracker/?atid=1126&group_id=274&func=browse

 

[Gordon Thiesfeld]

AFAIK, it relly on plink, plink accepts provide a private key file (-
i), but I didn't see how that will fit into Net::SSH code.

Maybe you can request it as feature:

http://rubyforge.org/tracker/?atid=1126&group_id=274&func=browse

I think you can probably do this now, but there are some quirks. You
can pass in a :keys option to Net::SSH.start[1] and point it to your
keys (I think you need both the private and public key on your side).
Also, putty private keys aren't the same as OpenSSH keys. PuttyGen
has an option to convert to OpenSSH keys, but I didn't have any luck
using that with Net::SSH. Net::SSH does include a keygen tool
(rb-keygen) that I used to generate a set of keys, and after setting
up that pub key on the SSH server, I was able to connect.

Hope that helps,

Gordon

[1] http://net-ssh.rubyforge.org/chapter-2.html#s3

 

[James Dinkel]

http://rubyforge.org/tracker/?atid=1126&group_id=274&func=browse

I think you can probably do this now, but there are some quirks. You
can pass in a :keys option to Net::SSH.start[1] and point it to your
keys (I think you need both the private and public key on your side).
Also, putty private keys aren't the same as OpenSSH keys. PuttyGen
has an option to convert to OpenSSH keys, but I didn't have any luck
using that with Net::SSH. Net::SSH does include a keygen tool
(rb-keygen) that I used to generate a set of keys, and after setting
up that pub key on the SSH server, I was able to connect.

Hope that helps,

Gordon

[1] http://net-ssh.rubyforge.org/chapter-2.html#s3

I actually generated the key with ssh-keygen on the linux server (which
needs to be converted to use with Putty, but I expect to use the
unconverted key with the ruby script). What is the syntax of using the
:key parameter? Is it like this?

Net::SSH.start( 'files02', :keys=>['C:\\key_name'] ) do |session|

assuming of course the key file is named 'key_name' and resides directly
under the c: drive. Do you put in the name the public key to? (With
Putty and openSSH clients I only need the private key on the client)

 

[Gordon Thiesfeld]

I actually generated the key with ssh-keygen on the linux server (which
needs to be converted to use with Putty, but I expect to use the
unconverted key with the ruby script). What is the syntax of using the
:key parameter? Is it like this?

Net::SSH.start( 'files02', :keys=>['C:\\key_name'] ) do |session|

assuming of course the key file is named 'key_name' and resides directly
under the c: drive. Do you put in the name the public key to? (With
Putty and openSSH clients I only need the private key on the client)

Here's what I tried, the keys are in the same directory as the script,
so no path.

C:\ruby>ruby -v
ruby 1.8.6 (2008-03-03 patchlevel 114) [i386-mingw32]

C:\ruby>gem li net-ssh

*** LOCAL GEMS ***

net-ssh (1.1.2)

# test_ssh.rb
require 'net/ssh'
Net::SSH.start( 'local' , :keys =>['private_key.priv']) do |session|
# do stuff
end

I had to rename my public key to private_key.priv.pub (so, name of
private key, with a .pub extension), or it would throw an error.
Right now, I'm testing against a cygwin ssh server on my local
machine. I'll look at it some more when I get in to work and can test
against a "proper" ssh server.

 

[Robert Dober]

I think you can probably do this now, but there are some quirks. You
can pass in a :keys option to Net::SSH.start[1] and point it to your
keys (I think you need both the private and public key on your side).
Also, putty private keys aren't the same as OpenSSH keys. PuttyGen
has an option to convert to OpenSSH keys, but I didn't have any luck
using that with Net::SSH.

AFAIR you still need to use keygen to convert the key a second time. I
know it does not make a lot of sense but happened to me, but maybe the
person sending me the key made an error on the client ( spelling as
PuTTY )
HTH
Robert

 

[Gordon Thiesfeld]

I think you can probably do this now, but there are some quirks. You
can pass in a :keys option to Net::SSH.start[1] and point it to your
keys (I think you need both the private and public key on your side).
Also, putty private keys aren't the same as OpenSSH keys. PuttyGen
has an option to convert to OpenSSH keys, but I didn't have any luck
using that with Net::SSH.

AFAIR you still need to use keygen to convert the key a second time. I
know it does not make a lot of sense but happened to me, but maybe the
person sending me the key made an error on the client ( spelling as
PuTTY )
HTH
Robert

Ok, the trick for me was to export the PuTTY private key to an OpenSSH
key in PuTTYgen, then cut and paste the public key into a file, rather
than using the "Save public key" button.

C:\ruby\scripts\ssh_test>dir /b
key
key.pub
ssh.rb

C:\ruby\scripts\ssh_test>ssh.rb
Wed Apr 16 10:01:24 CDT 2008

# ssh.rb
require 'net/ssh'

Net::SSH.start( 'server' , :keys =>['key']) do |s|
s.process.popen3( "date" ){ |input, output, error| puts output.read }
end

 

[James Dinkel]

know it does not make a lot of sense but happened to me, but maybe the
person sending me the key made an error on the client ( spelling as
PuTTY )
HTH
Robert

Ok, the trick for me was to export the PuTTY private key to an OpenSSH
key in PuTTYgen, then cut and paste the public key into a file, rather
than using the "Save public key" button.

C:\ruby\scripts\ssh_test>dir /b
key
key.pub
ssh.rb

C:\ruby\scripts\ssh_test>ssh.rb
Wed Apr 16 10:01:24 CDT 2008

# ssh.rb
require 'net/ssh'

Net::SSH.start( 'server' , :keys =>['key']) do |s|
s.process.popen3( "date" ){ |input, output, error| puts output.read
}
end

Hey it works. I also added in the username parameter. Now the sucky
thing is, it displays the password when typing it in.

Anybody know how to hid the password while typing it? Either don't
display anything, or replace each character with * ?

 

[James Dinkel]

For what it's worth, here is my script with all the rubyscript2exe and
keyfile issues resolved:
---------------
require 'rubygems'
require 'net/ssh'
require 'rubyscript2exe'

RUBYSCRIPT2EXE.dlls = ["zlib.dll"]
RUBYSCRIPT2EXE.bin = ["rsa_key", "rsa_key.pub"]

if RUBYSCRIPT2EXE.is_compiled?
keyfile = RUBYSCRIPT2EXE.appdir[0..-4] + 'bin/rsa_key'
else
keyfile = 'rsa_key'
end

puts
puts "WARNING!! The password will be displayed as you type."
puts "Make sure there are no prying eyes!!"

Net::SSH.start( 'files02',
:username=>'myusername',
:keys=>[keyfile] ) do |session|

system("cls")
unless RUBYSCRIPT2EXE.is_compiling?

session.open_channel do |channel|
channel.on_data do |ch, data|
puts data
end
channel.exec "ls -al"
end
session.loop

end
end
----------------

Just make sure zlib.dll, rsa_key (the private key), and rsa_key.pub (the
public key) are in the same directory as the script, and it compiles
just fine with rubyscript2exe, pulling in everything you need.

The password that is being prompted is because I have a password on my
key file. I'm going to try to hack this file
net-ssh-1.1.2/lib/net/ssh/transport/ossl/key-factory.rb to make the
password prompt a little more friendly (not showing the full file name,
and hiding the password as it's typed).