Help with setup of ssh for server administration

Hi,

unfortunatelly I wasn’t abel to find any suiting answers on the howto section. I’d appreciate if you can point me to one :slight_smile:

I do own a nitrokey pro.

This is my setup:

  • bunch of servers I login via ssh (private key file (ppk) & passphrase)

Right now I store the private key on a USB Stick, I’d like to store it on the nitrokey.
Is there a way to handle login on servers like:

Thanks for any hint!

Hi @AndyHeinz!

Please take a look at this guide (assumed Linux OS):

Hi,

unfortunatelly I’m on windows.

The server is already setup, where I need my ppk & password to authenticate.

How do I setup the clientside (nitrokey + putty/kitty) to auth on my server?
Thanks!

Have you looked at the Windows variant? I did not get this from your reply. Here is the link:

About the key, you need to register new public key on all the servers, and remove the old one (based on the file) if not used anymore.

You mean: you want to import the current private key from teh USB stick to NK ? Or do you want to do a fresh start with new keys generated on NK ?

For the first you will need a workaround with different software to upload the key to the NK pro ( e.g. GnuPG or OpenSC pkcs15#.

Ensure you are using Putty SC to get SmartCard support for Putty.

Hi,
thanks for helping so far.
But official support is not helping so far. I bought a piece of hardware but there’s no proper FAQ or howto whatsoever.

I created new keys and tried to follow:
https://www.nitrokey.com/documentation/applications#p:nitrokey-pro&os:windows&a:ssh-for-server-administration

It says:

If everything is alright you now can use PuTTY as usual and PuTTY will make use of the Nitrokey automatically.

like, how?

In Putty: What are the auth settings like? Where do I put anything?
Do I need PKCS?
Where is the library?

This does not help so far. I bought a hardware, but where’s the professional support?
I bought one, with the idea in mind for supporting a potential great community project and getting 50+ sticks for my company. But after burning so many hours for nothing, I think this product ain’t ready for corporate.

Please prove me wrong and get a proper guide setup.

I try not to use Windows, so apologise when my answers are not 100% correct.

You are aware that PuTTY is not supporting Secure Cards out of the box ? Only workaround is, that PuTTY is using ssh v1 protocol “ChallengeResponse” for authentication. (See 4.23.4 of PuTTY documentation ).
There are older PuTTY Versions SC and CAC that also support Hardware Tokens, WHEN you have the right libraries etc.

NK is suggesting to use GPG’s agent that has a build-in support for PuTTY. So this (GPG and the PuTTY Support ) needs to be setup first like described. Also you will need to extract the public key out of the NK Pro and add it on the server side to your authorized_keys.

The use of the NK Pro is then total transparent for you inside PuTTY. You could easy check that with to ssh connections: first open a ssh connection with the NK Pro plugged in, then close the ssh session , unplug the NK Pro and try to re-open the ssh connection. It will (should :D) not work.

I am using ssh direct on my macOS Terminal with zsh. You could also try to use the MS Builtin ssh client instead of PuTTY. “Pure” ssh might be much easier than a GUI client above level. To use the NK Pro , you will need a pkcs#11 library. Have a look on https://www.nitrokey.com/documentation/applications#a:general e.g. for the setup of OpenSC ( or again GPG with an agent).