Using Openssh and creating SSH Keys with Powershell

Apr. 25, 2022

In this post I show you my process for creating SSH Keys for Linux Machines.

I use a fair amount of Linux in my work career (creating VMs and the like within Azure). Linux VMs are great for testing with, they use SSH and are configured and ready for testing VERY quickly in Azure. I also use a fair amount of Linux in personal life, with Home assistant and Plex.

I know many people use username and password with Linux environments and there is nothing wrong with this, I simply think that keys are better :smile: . I believe this for a few reasons.

  1. Allows for better control over access to a machine - no key, no access.
  2. Allows for a better logon experience, seems more “seamless”
  3. Key information can be stored in a secure location for repeated use
    1. For personal use, I store the key information in 1Password
    2. For work use, I store the key information in Azure Kayvault
  4. Can be easily scripted to create new keys as needed

With the last point, I am a big PowerShell user and I have created a simple script that work in PowerShell and PowerShell Core.

You will need openssh for this to work. The command below will help with this 👍.

choco install openssh

Now for the PowerShell code, update the variables as needed. This creates the keys for us.

$username = ""
$keyLocation = ''
$keyName = $username
$keyPath = $keyLocation + $keyName
ssh-keygen -m PEM -t rsa -b 4096 -f $keyPath -C $username

Now to get the content of the public key, for use with Azure VMs or any type of IaC, I use Bicep

You can read the content out to something simple like NotePad (Honestly a tool I use DAILY).

$pubKeyPath = $keyPath + '.pub'
$pubKey = get-content -Path $pubKeyPath
$pubKey

Example output from $pubkey below, this is what you need to copy and paste within the Azure Portal when creating a Linux VM.

ssh-key-example

If you want to use this key with an existing, you can. :smile: . We can perform a task similar to ssh-copy-id. Update the $destinationIp as needed.

$destinationIp = ""
type $pubKeyPath | ssh $username@$destinationIp "cat >> .ssh/authorized_keys"
Powered by Hugo with Console Theme.