Github ssh keys on Windows

1) Install git client

choco install git -Y

2) generate ssh key for your email

ssh-keygen -t rsa -b 4096 -C "[email protected]"

3) enable `OpenSSH Authentication Agent` in Services management

4) add key to agent

ssh-add  C:\Users\USER\.ssh\id_ed25519

5) add key to github

type "C:\Users\USER\.ssh\id_ed25519.pub"

6) test key

ssh -T [email protected]
Hi USER! You've successfully authenticated, but GitHub does not provide shell access.

Other links

Using ssh as proxy/tunnel between Mac OS and Linux

How to connect to remote computer with private key by using ssh:

#register private key
ssh-add ~/dev/Private/ludek_vodicka_dsa.openssh

#connect to computer and forward local port to remote computer and remote port
ssh my-computer.com -p PORT -lUSER -L LOCAL_PORT:REMOTE_COMPUTER:REMOTE_PORT

#connect to computer and create SOCKS proxy on port SOCKS_PORT
ssh my-computer.com -p PORT -lUSER -D SOCKS_PORT

Note:

If your private key was created for Windows, it will probably not work on linux/mac. It’s necessary to convert it by using puttygen (on mac or windows). You need to open it by puttygen and choose “Save as openssh” from menu.

Additional resources

Why I am not using phpMyAdmin on production servers

Even though I find phpMyAdmin and similar tools useful I don’t like them on production servers. When I spent a lot of my time protecting website against SQL injection I don’t want to leave opened doors to access the database through phpMyAdmin. Many phpMyAdmin installations are not protected with HTTPS and just one login on a public or attacked wifi can lead to a lot of troubles. So I recommend to delete the phpMyAdmin installation from the server and start with a more comfortable and secured way to do the task.

SSH tunnel will give you the security you’re looking for. Start your Putty, load the session and configure tunnel:

Putty tunnel screenshot

I’ve selected port 3366 to be used on my local machine so it avoids conflict with my other installation. Now I can connect from any tool to MySQL database at localhost:3366. I prefer Netbeans IDE and MySQL Workbench which is also really great for server/user configuration.

Secure SSH with RSA/DSA key

We are using SSH a lot to deploy our projects and to do common maintenance tasks. If you are accessing your server many times a day you might find frustrating typing the password all the time. You can use private key instead. Here are some detailed articles about adding RSA key and configuring SSH daemon. Bellow is a summary of the basic steps for Windows users.

Putty which is a great alternative to the Linux tools. To generate private/public key you should use PuttyGen.exe. Run the application, click generate and follow the instructions. It’s a good idea to put your name into the key comment so you could easily recognize your public key in configuration files. You should also protect your key with a password.

PuttyGen screenshot

Copy the public key which is located in the big text field above Key fingerprint field. Append the public key into /root/.ssh/authorized_keys file (if you want to login as root). You might need to create this file if it doesn’t exist already. Click on Save private key button and save the key to a secured place. You can now use this private key to login with putty to the remote server. To make things more comfortable you can use an agent to store unlocked private keys in the memory while you are logged into your computer. Run this command after you login:

pageant.exe john_doe.ppk

Without any further settings you should now be able to login to the remote SSH without password. If everything worked as expected you can now disable password authenticated access to make your server more secure:

# /etc/ssh/sshd_config
PasswordAuthentication no

To load you key after you login to a Linux box (useful for deployment) insert:


# ~/.bash_profile
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
 . ~/.bashrc
fi

keychain --clear id_rsa
. ~/.keychain/$HOSTNAME-sh

ssh-add

Now we have a little bit more secured but more comfortable way to use SSH.