warn
wowsers! this is very out of date! As of 2023, this is beyond ancient. TODO: Update.
On windows, you can use PuTTY to connect to your digital ocean droplet via SSH.
(There have since been invented 300 better ways to achieve this, such as:
- with wsl - bash.exe or
- with
cmder
which I think is using OpenSSH by way of gitbash.
..)
First need to generate private/public key pair, using PuTTYgen.
Guide I followed for this is: https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-PuTTY-on-digitalocean-droplets-windows-users
Download complete PuTTY installer (msi) from this page: http://www.chiark.greenend.org.uk/~sgtatham/PuTTY/download.html
Look for "A Windows MSI installer package for everything except PuTTYtel"
Install that.
Then run PuTTYgen, and generate a private/public key pair. Save the public key as a .txt file and the private key as a .ppk file.
Store the passphrase in your password manager. Note that the passphrase is something you are expected to type, so make it an actual passphrase: easy to type but quite long.
(Originally I created a long and complex password... but then it was too hard to type. I found I could change the passphrase, using PuTTYgen -- I just had to re-save the private key afterwards.)
Go to your DO profile: https://cloud.digitalocean.com/settings/profile
Click "Security" on the left hand side...
Click "Add SSH Key"
When informing digital ocean of your public key, you need to paste it into a textbox. For this I did the wrong thing: I opened the public key text file, copied the contents and pasted it into the textbox. This resulted in an error that read:
Add SSH Key
Key invalid type, we support 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', or 'ssh-ed25519'.
What I should've done: look at the public key in PuTTYgen, where they provide a textbox with the public key formatted in the right way that you can copy and paste into various programs. Copy it from there. Not from the raw file.
Got this error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0744 for '/home/geek/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/geek/.ssh/id_rs
To limit the permissiveness of those files I used these commands...
sudo chmod 600 ~/.ssh/id_dsa
sudo chmod 600 ~/.ssh/id_dsa_com.pub
Had I created my keys in a different way I would not have needed to do this. But because I used PuTTYgen, this is what I needed to do...
http://stackoverflow.com/a/2224204/49
-
Open PuTTYGen
-
Click Load
-
Load your private key
-
Go to Conversions->Export OpenSSH and export your private key
-
Copy your private key to ~/.ssh/id_dsa (or id_rsa). Create the RFC 4716 version of the public key using ssh-keygen
ssh-keygen -e -f ~/.ssh/id_dsa > ~/.ssh/id_dsa_com.pub
-
Convert the RFC 4716 version of the public key to the OpenSSH format:
ssh-keygen -i -f ~/.ssh/id_dsa_com.pub > ~/.ssh/id_dsa.pub
Simple right!? No, not simple.
This command sets up a tunnel to let you access the remote machine while "staying" on the local machine, via port forwarding.
ssh -Nf -L 8080:localhost:2222 user@public_host.com
The "-N" option: means don't open a shell when performing the port forwarding (i.e. 'stay' on the local machine within the shell.)
THe "-f" option: means perform the operations in the background - don't take focus.
The "-L" option: is for specifying the address to use.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
7e:3e:42:31:34:82:47:97:e3:3f:f2:e1:c1:8c:d4:56.
Please contact your system administrator.
Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user1/.ssh/known_hosts:2
remove with: ssh-keygen -f "/home/user1/.ssh/known_hosts" -R 555.55.55.555
ECDSA host key for 555.55.55.555 has changed and you have requested strict checking.
Host key verification failed.
ssh-keygen -R [IP_ADDRESS]