poohTTY (sic) help

OK - I’ve searched hi, and lo, all morning, I want a simple-as-F__K guide for a moron like me to follow - about how to import my EXISTING F–KING public key, into poohTTY (sic)… it’s so dumb it can’t read a plain text string in a file like id_rsa.pub, I have to mangle it into a PPK or something… A Walther PPK?
image

Surely it can’t be that hard? Why does it have to be so hard? And NO - I’m not going to use the piece of crap like I see so many “colleagues” (I use that term loosely) using it - i.e. challenge / response transaction with username and password EVERY SINGLE TIME they connect!

EVERY single guide out there (I’ve hit at least 10 pages) - assumes you want to make a new one (generate a new key pair) ! I don’t - I want to use my SAME OLD ONE EVERY F–KING - TIME! My key pair that works PERFECTLY 100% ALL OF THE TIME with Linux to UNIX / Linux, MacOS to UNIX/Linux, MobaXterm to MacOS/UNIX/Linux et cetera…

I can’t believe how convoluted this shit is… puTTY’s over 20 years old, and it’s still a piece of crap, compared even to Windows 10 and openssh…

e.g. on Windows 10, I can “ssh-keygen”, and it will create me a new key pair in C:\Users$homedir.ssh\ - in another window (e.g. MobaXterm), I can then add the string from id_rsa.pub, into “~/.ssh/authorized_keys” on the remote host - and BANG! I can ssh from the Windows 10 CLI - beautiful… works in Windows Terminal too… just a shame that Microsoft neglected to include ssh-copy-id - and/or - “sshpass” (that’s a lifesaver sometimes - some people think that’s a massive security risk - but they’d be wrong - OVER complicated and obfuscated security encourages humans to find workarounds, backdoors and shortcuts).

Now I want to setup Putty to work the same way (but I don’t want to make new keys from scratch!).

MobaXterm is a piece of cake to setup - I just copy my id_rsa and id_rsa.pub into /drives/c/Users/$HOME/…/…/.ssh folder and BANG! I’m ready to go!

Note : I could “in theory” use the MobaXterm method for Windows 10 “native” openssh client - but -EVERY F–KING TIME - I get the wrong permissions on those files and it shits itself - i.e. need some bizarre acl (icacls) or whatever command syntax, that NEVER works 'cause I don’t have FULL Administrator rights on this VDI …

Take, for example :

I tried a couple of the things in that article - but - none of them work, 'cause they assume my Windows 10 instance is “my own” and I’m GOD on there, but I’m not - it’s a VDI and I have the bare minimum of permissions… and on the actual “physical” Windows 10 laptop I’m using, it’s even more locked down - I can’t even plug in a thumb drive to copy a few music files!

Hi @daniel.m.tripp
I am actually not an ssh fan at all.
The world should go back to rsh… the supposed security issues are a fabrication
https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.230.723&rep=rep1&type=pdf

https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.230.723&rep=rep1&type=pdf

The move from r commands to s commands was unnecessary, and it imposed on all of us a burden of managing keys. You are experiencing the aftershock

I too kinda miss stuff like rsh…

But I like the convenience of key based auth in SSH versus plain text challenge response with telnet… Although there were ways of automating that too… but mostly adhoc stuff…

Truth - I don’t really miss telnet at all… Having said that - “telnet” is usually my first port of call if I’m troubleshooting something - e.g. apache : “telnet 0 80” (“0” is shorthand for localhost)… and it pisses me off (to put it mildly) when I’m tasked with investigating something, and find that the telnet binary client packet isn’t installed! Good thing about “telnet” is that it doesn’t seem to have too many dependancies, e.g. I’ve copied the binary from a Ubuntu 18 system, to an REL6 or 7 and run it…

And then you get into arguments with so called “security experts” (on “paper”) who did a coupla udemy courses and got a cert, and declare “telnet is insecure” - OF COURSE IT’S INSECURE - but - is telnet to a TCP port on the same host “insecure” especially when there’s no actual security information being transmitted or received? I’m just probing to see if the listener’s running FFS!

Telnet’s also great for diagnosing SMTP issues : telnet 0 25, then “HELO domain.name” et cetera… invaluable…

Security is only needed when there is some content which requires security.
99.99 percent of stuff I transmit is security-agnostic, and mostly headed for the public domain anyway.
The ‘F’ in FOSS means I should be able to choose when I want to transmit securely, and when I dont care.
Making everyone use secure connection all the time is a copout.

“code” can mean a set of rules, a cipher, or a pile of computer code. and it is both a noun and a verb, but as a verb it only seems to take the 2nd and 3rd meanings.

1 Like

DOCTOR Deepak to the rescue :

That helped… got me there… but… it’s INCREDIBLY CLUNKY! He didn’t actually document where to set poohTTY to use the ppk file - but I muddled my way with some clickety-click-click-fu to where I need to RAM that entry into poohTTY’s config…

Screen Shot 2022-10-04 at 8.42.40 am
Note - it’s VERY (extremely even) non-intuitive, there’s no indication there whether one already exists or not (in the screenshot - it already exists). I guess it might also be possible to paste the private key string into that larger text box? Who knows… massive kludgy-clunker of a thing…

I don’t get people who bang on how hard Linux is to use and they’re shy of the terminal… blah blah blah… Linux is LIGHT years ahead of stuff like PoohTTY… And it beggars belief there are actually Linux users who use a Linux port of PuTTY! Yes - they exist!!!

So - I’ve now got my SSH key in shiTTY (the app formerly known as putty) - configured two connections to jumphosts… What now? I’ve got FIVE other machines I need to get his onto…

Breakout registry editor (WTF? We’re still doing this primitive shit in the third decade of the third millennium???) :

  • HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY

and export that “HIVE” (reminds me more of “hives” than anything to do with apiary) to a *.reg file so I can import those settings to the other 5 (and any other instances of shiTTY as necessary)…

I can actually remember messing around with this SHIT TWENTY years ago! At 3:00 am when my pager goes off (actually it was a Nokia cell phone) and I have to fix some crap over dial up with an RSA token and telnet or RSH (using putty as a telnet client) to a Solaris server… the stuff of nightmares…

2 Likes

So - further trials and tribulations with terminal applications and putty and SSH.

  1. in putty it’s not so simple as plonking a key into that configuration doohicky… You actually have to have peagent or whatever-the-F it’s called running already, with your ppk (still makes me think of that Walther PPK) - e.g. I have a Windows shortcut that does this :

“C:\Program Files\PuTTY\pageant.exe” id_rsa.ppk

With “Start in:”

C:\Users\%USERNAME%\Documents\ResilioSync\pigs_it\poohTTY-pooh

And - if I want I can add that to my startup apps… But it’s easy enough to kick off manually before I launch my Putty shortcuts…

e.g. Target : "C:\Program Files\PuTTY\putty.exe -load NAME-of-STORED-connection

Note - I used to be able to use @ in shortcuts, but Windows 10 craps itself (worked in XP) - e.g. I’d “putty @stored-connection-name” - and I can still SuperKey+R and “putty @saved-name” - but that doesn’t work in from a shortcut…

So now I’m using puTTY like I bought it, instead of stealing it…

IT’S SO UTTERLY FRUSTRATING watching so called “professional” IT “engineers” launch putty, and do the “challenge / response” bullshit login (i.e. type their username, then password [or copy+paste x 2). Maybe overkill, but if I had any minions, or underlings, and I caught them doing “challenge / response” to UNIX servers - I’d probably fire them, or flick the open-trapdoor button, to chute them down to the refuse pile…

But I still prefer doing it all from the CLI. e.g. it’s nearly seemless using Windows Terminal, or “Tabby” terminal - as Win10’s SSH (openssh) is BETTER than puTTY… e.g. using DOS / CMD / PowerShell, in Tabby, to SSH to my Pi4 :

i.e. Windows 10’s SSH client (openssh) uses C:\Users\%USERNAME%\.ssh - and supports ~/.ssh/config file - so I have a config to SSH to my Pi4 over the wild interwebs, using the alias “xp” (short for “expi” which is short for “external pi”)…

I use Putty if I have to, but use RoyalTS every day, all day. You can connect to SSH, RDP, telnet, VNC, TeamViewer, Hyper-V, VMWare, HTTP, sftp file transfer, and probably other methods. You can build a nested directory tree of server connections and save credentials (username/password or ssh key) right with the entries. Also, the credentials can just be a reference to a common saved credential. That way when you have to update your password every 90 days or whatever, you update it in just one spot.

You can view remote sessions in windows, full screen, or tiled modes too.

It’s pretty cool. It runs on Windows and Mac. They have a free version that is limited to 10 saved connections. Give it a shot.

I will check it out… Cheers…

I hope it’s not as ugly as ASG-CDE (which looks like a zombie app resurrected from a 1990’s cemetary - or some legacy piece of SHIT the likes of MicroFocus have taken, and run with)…

Tried to get mRemoteMG going on one of those VDI instances - as a “testbed” - it’s a “portable app” anyway - you can supposedly plonk the exe anywhere and run it - but it must need some kinda escalated privilege, 'cause it won’t run… unlike some other stuff that does run, surprisingly, like ResilioSync agent (it is flaky mind you), Windows Terminal, tabby.exe, MobaXterm.exe, amongst others…

The main reason I wanted mRemoteMG, was 'cause the “newer” versions of mstsc.exe WILL NOT save passwords - which is a monumental PITA… FFS! And I seem to remember using mRemoteNG a few months back (well I setup up about 24 months ago, and “set it and forget” it - it just worked - double click the connection setting and it plonks me on my desired desktop)…

Actually - never mind - I just realised, using the principle of recursion, I can nest RDP connections (done it as many as 5 layers deep in the past - ALL that to run a putty window at the business end to fix an issue on a UNIX machine!) …

So - MacOS : Microsoft Remote Desktop app to open a “Workspace” from a URL, then use that to fire up a Windows 10 VDI hosted in Azure (a bunch of them seemingly randomly assigned, pot luck, fingers crossed it can sync and can still run the portable apps I’ve dropped onto it) … In that Workspace Windows 10 Virtual Desktop - go to the Microsoft App Store, get the app store version of Microsoft Remote Desktop (it’s so much more than just “mstsc.exe”) - then I can save profiles with passwords and user accounts and single or double click to get a connection (and none of this typing passwords everywhere bullshit).

Seriously - CONTINUALLY typing passwords is RETROGRADE, and trojan writers and ransomeware / keyloggers F–KING LOVE that shit… “on paper” security consultants who allow (and encourage) such lo-fi security methods (constanly enforcing users to continually type their password) shouldn’t have jobs… it’s that simple… Make the password overly complex and hard to remember, the greater the chance of the user keeping it on a post-it note next to their monitor!

Just took a look at RoyalITS (despite being a republican - I have issues with “Royal” - note - outside the USA, republican does not mean GOP, it’s actually more “left” as in we don’t believe in hereditary monarchy) - and it’s certainly quite pleasant to look at, i.e. much nicer on the eye than ASG-CDE

Damn! That page is growing on me (Royal Apps). It’s a ONE OFF price (unlike the daylight robbery of MobaXterm and many others who want yearly fees - what galls me about MobaXterm, is all they did was pre-package CygWin, bits of puTTY and a freeware X server) - and the website knows I’m in Australia and quotes the price in AUD!

1 Like