Featured Articles
Announcing Pi
Technical Specifications
Raspberry Pi FAQs
Win a Pi
Raspberry Pi Wishlist
Actions
Forum Thread Details
  • Replies 1 reply
  • Subscribers 633 subscribers
  • Views 1449 views
  • Users 0 members are here
Related

Automatically connect Windows Terminal to a Linux device with certificates

Jan Cumps

This little post shows a way to automatically open a Linux session in Windows Terminal, authenticated with your personal key.
A full logon without having to reveal the password.
I'm showing how I did this for a Raspberry Pi.

Requirements and expectations:

  • ssh is enabled on the Linux device
  • have an exisiting public / private keypair in openSSH format handy, or create one. Internet will help to create one if you don't have it.
    If you use PuttyGen to generate a key pair, export the private key in OpenSSH format.
  • have the public key added to the Linux device's ~/.ssh/authorized_keys file

I created two batch files.
One that knows how to open an SSH session, called daq.bat (because the Pi I'm connecting to is going to be a daq for a Road Test - but I digress).

ssh raspberry4daq -l pi -i "C:\Users\jancu\Documents\elektronica\certificates\rsa_jc.priv.openssh"

  • raspberry4daq is the name of my Pi, as entered in raspi-config
  • -l pi is my user
  • -i "<private key file> is the location of my private key certificate, on the Windows computer that will run the batch files. In openSSH format

The second batch file, called daqterminal.bat, opens Windows Terminal, and executes the first batch file.

"%LOCALAPPDATA%\Microsoft\WindowsApps\wt.exe" "C:\Users\jancu\Documents\elektronica\digilent\mcc dac\daq.bat"

The first part is fixed, and will start the Windows Terminal.
The second part is the full path of the first batch file. Terminal will execute it when it starts.

Result, when double-clicking on the second batch file:

image

If you run this batch file the first time, and you haven't SSH'd into the Linux box before, it will ask you to accept the server certificate:

The authenticity of host '************' can't be established.
ECDSA key fingerprint is ************************.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

If you trust the server (hey, it's your own Pi), answer yes. The server will be trusted for SSH communication from then on and you will not be prompted again.
Check the internet for the no/[fingerprint] options. They may be your best choice when using a server that you don't trust (yet).