SSH to a linux machine from windows

warn wowsers! this is very out of date! As of 2023, this is beyond ancient. TODO: Update.

On windows, you can use PuTTY to connect to your digital ocean droplet via SSH.

(There have since been invented 300 better ways to achieve this, such as:

  1. with wsl - bash.exe or
  2. with cmder which I think is using OpenSSH by way of gitbash.


Creating private/public key pair for use in SSH, using PuTTYgen

First need to generate private/public key pair, using PuTTYgen.

Guide I followed for this is:

Download complete PuTTY installer (msi) from this page:

Look for "A Windows MSI installer package for everything except PuTTYtel"

Install that.

Then run PuTTYgen, and generate a private/public key pair. Save the public key as a .txt file and the private key as a .ppk file.

Store the passphrase in your password manager. Note that the passphrase is something you are expected to type, so make it an actual passphrase: easy to type but quite long.

(Originally I created a long and complex password... but then it was too hard to type. I found I could change the passphrase, using PuTTYgen -- I just had to re-save the private key afterwards.)

Add your public key to digital ocean

Go to your DO profile:

Click "Security" on the left hand side...

Click "Add SSH Key"

When informing digital ocean of your public key, you need to paste it into a textbox. For this I did the wrong thing: I opened the public key text file, copied the contents and pasted it into the textbox. This resulted in an error that read:

Add SSH Key
Key invalid type, we support 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', or 'ssh-ed25519'.

What I should've done: look at the public key in PuTTYgen, where they provide a textbox with the public key formatted in the right way that you can copy and paste into various programs. Copy it from there. Not from the raw file.


Got this error:

Permissions 0744 for '/home/geek/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/geek/.ssh/id_rs

To limit the permissiveness of those files I used these commands...

sudo chmod 600 ~/.ssh/id_dsa
sudo chmod 600 ~/.ssh/

Export PuTTYgen keys to be usable from linux subsystem for windows

Had I created my keys in a different way I would not have needed to do this. But because I used PuTTYgen, this is what I needed to do...

  1. Open PuTTYGen

  2. Click Load

  3. Load your private key

  4. Go to Conversions->Export OpenSSH and export your private key

  5. Copy your private key to ~/.ssh/id_dsa (or id_rsa). Create the RFC 4716 version of the public key using ssh-keygen

    ssh-keygen -e -f ~/.ssh/id_dsa > ~/.ssh/

  6. Convert the RFC 4716 version of the public key to the OpenSSH format:

    ssh-keygen -i -f ~/.ssh/ > ~/.ssh/

Simple right!? No, not simple.

Use ssh for copying from remote machine

This command sets up a tunnel to let you access the remote machine while "staying" on the local machine, via port forwarding.

ssh -Nf -L 8080:localhost:2222

The "-N" option: means don't open a shell when performing the port forwarding (i.e. 'stay' on the local machine within the shell.)

THe "-f" option: means perform the operations in the background - don't take focus.

The "-L" option: is for specifying the address to use.

Host Identification has changed

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user1/.ssh/known_hosts:2
	remove with: ssh-keygen -f "/home/user1/.ssh/known_hosts" -R 555.55.55.555
ECDSA host key for 555.55.55.555 has changed and you have requested strict checking.
Host key verification failed.

ssh-keygen -R [IP_ADDRESS]