Peerobyte / Documentation / Remote Access and Setup / Connecting via OpenSSH / Copying Public Key / Powershell: Copying key to Linux

Powershell: Copying key to Linux

Published

In this section, we will explore the procedure for transferring a public key from a Windows-based system managed with PowerShell (Client) to a Linux-based system set up for secure remote management (Server).

Currently, the OpenSSH client for Windows lacks a specialized command for copying public keys, similar to the ssh-copy-id command for Linux. However, PowerShell provides tools that can replace this command. This will allow you to copy the SSH public key generated by the ssh-keygen command to a remote Linux device for passwordless system access.

Prerequisites

Client Requirements:

1. The сlient system must be running a Windows-based operating system.

2. The client system must have OpenSSH Client installed. Instructions for installing OpenSSH Client are provided in the "Windows: Using PowerShell to Install SSH Client" section.

3. Powershell must be installed on the Client system. You can read how to install Powershell in the "Installing PowerShell on Windows" guide.


Server Requirements:

1. The server system must be running a Linux-based operating system.

2. The server system must have OpenSSH Server installed. Instructions for installing OpenSSH Server are provided in the "Installing OpenSSH Server" section.

3. You must know the username and password of the server user account that will be used to connect from the remote client, such as the root user. The process of creating a new user is described in the "Linux: Creating New User" section.

Copying Public Key

To copy the key use the following command:

		

			
		

		cat <path_to_public_key> | ssh <server_user_name>@<server_ip> "mkdir -p /home/<server_user_name>/.ssh; cat >> /home/<server_user_name>/.ssh/authorized_keys"

where:

- <path_to_public_key> - The path to the public key of the key pair. How to create a key pair is described in "Creating Key Pair" section. By default, key pairs in Windows are created in the c:\Users\<current_user_name>\.ssh\ folder.

- <server_ip> - The IP address of the virtual machine or server that is specified in the Main IP Address field of the "Public Network IPv4" section of the Virtual Machine or Server Control Panel.

- <server_user_name> - the username you used when creating the new user. How to create a new user is described in the section "Creating New User". You can also use the root user for connection, whose password is specified in the Password field of the "Instance Details" section of the Peerobyte virtual machine or server control panel.

For example, this command might look like this:

		

			
		

		cat D:/test/mykey1.pub | ssh [email protected] "mkdir -p /home/mykey1/.ssh; cat >> /home/mykey1/.ssh/authorized_keys"

This command will connect to a virtual machine or server with the IP address 5.23.91.113 as the user myuser1, requiring the user's password. Once connected to the server, the command will create a .ssh/ directory in the user's directory, if it does not exist. And then add the public key D:/test/mykey1.pub to the authorized_keys file.

After successfully copying the private key to the server, you can connect to the virtual machine or server by following the instructions in the "Connecting to Server via OpenSSH" section. 

Possible Connection Issues

First-Time SSH Connection Warning

If this is the first time you are connecting to a host via SSH, you will see a similar message:

		

			
		

		The authenticity of host '203.0.113.12 (203.0.113.12)' can't be established.
ECDSA key fingerprint is SHA256:tXw8aipPPyyL4KBAjTtBvHU7K//HzkXuTtdLij2yJ2U.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

It indicates that your system does not know the host you want to connect to. This is a standard precaution to make sure you are not connecting to a fake or malicious server. Confirm your intention to connect to the host by typing yes on your keyboard and pressing Enter.

Host Key Fingerprint Mismatch Alert

You may also encounter this message when trying to connect to the host:

		

			
		

		@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
4e:10:78:39:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:5c.
Please contact your system administrator.
Add correct host key in c:\\users\user1/.ssh/known_hosts to get rid of this message.
Offending key in c:\\users\user1/.ssh/known_hosts:1
RSA host key for 203.0.113.12 has changed and you have requested strict checking.
Host key verification failed.

This message indicates that the remote host's fingerprint saved in your known_hosts file no longer matches the fingerprint presented by the host when attempting to connect. This can be caused by legitimate changes on the server, such as after reinstalling the operating system or changing security settings.

There is also a risk of a "man-in-the-middle" attack, where an attacker could intercept or alter the data. This is a serious security threat.

If the host key change is confirmed to be legitimate, you need to remove the old, outdated fingerprint entry from the known_hosts file on the client system. The offending key entry is indicated in the message as Offending key. The path to the known_hosts file is also provided in the message. If you do not connect to other hosts, you can delete the entire known_hosts file; it will be recreated on the next successful connection. After deleting the known_hosts file or the specific оffending key, retry the connection — the error should not appear.