Issue when SSH'ing to Linux server from Windows client using Public key

1

This question is Cygwin-specific.

My intention is to SSH to Linux Debian 9 Stretch server from Windows 10 Pro client.

Steps I have done so far:

  1. Installed Cygwin with OpenSSH package.

  2. Generated private-public pair in Cygwin:

    ssh-keygen -t rsa -b 8192

  3. Copied the server's public key to Cygwin:

    ssh-copy-id user_name@ip_address -p port_number

  4. First time connected to the server:

    ssh user_name@ip_address -p port_number

    It told me:

    The authenticity of host '[ip_address]:port_number ([ip_address]:port_number)' can't be established.

    ... Are you sure you want to continue connecting (yes/no)?

    I replied yes.

  5. I defined an alias in Cygwin and got it sourced:

    vi .bash_aliases

    Exactly the same as the first time connection.

  6. I restarted Cygwin.

  7. Now the issue I'm having, is that when I do:

    ssh-server

    It always asks me for password to private key. And I don't know why. Because it's encrypted obviously, but how do I get rid of it?:

    Enter passphrase for key '/home/user_name/.ssh/id_rsa':

Note: When connecting from my Linux machine, it does not ask for that password. Did I miss a step?

EDIT:

  1. When I start SSH Agent and add the key, I can connect flawlessly:

    • Start SSH Agent:

      eval `ssh-agent -s`

    • Add missing keys to identity: 

      ssh-add

But this only works for a session, why is it not permanent?

LinuxSecurityFreak

Posted 2017-08-16T07:06:57.063

Reputation: 2 298

1

Possible duplicate of Save identities added by ssh-add so they persist

– Jakuje – 2017-08-16T08:57:51.563

@Jakuje This question is Cygwin specific, not a duplicate of that post – LinuxSecurityFreak – 2017-08-16T09:17:35.857

No, it is not cygwin specific. The openssh tools work the same way as in the Linux. It looks like you miss the point how do these tools work. Only difference is that in Linux the session is your login session, but in Cygwin, it is the cygwin shell (or how does it look) you are opening. – Jakuje – 2017-08-16T09:20:06.420

To have an OpenSSH privatekey not encrypted at all (which means anyone who gets your computer or disk unless disk-level encrypted or a copy of your disk or that file can impersonate you) either when you create the key enter nothing for the passphrase (just hit return twice) or change an existing keyfile with ssh-keygen -p -f ~/.ssh/id_rsa (or other filename) and enter nothing for the new passphrase. – dave_thompson_085 – 2017-08-16T10:45:11.550

Answers

0

As an unencrypted private key is not an option for me, I must have set a passphrase. I hoped there's some trick that would unlock my key upon login. But as it appears, that is not going to happen.

So I retreated for the solution when Cygwin asks for my password always upon launch.

You can use whatever editor installed, I used nano, to edit your startup file, e.g.:

nano .bashrc

Simply add these two lines to the end of the file:

eval `ssh-agent -s`
ssh-add

You can find more information about ssh-agent in the manual, the same goes for the ssh-add.

Now, every time you start your Cygwin terminal, it will ask you for password to the private key.

LinuxSecurityFreak

Posted 2017-08-16T07:06:57.063

Reputation: 2 298

Asked: 2017-08-16T07:06:57.063

Viewed: 130 times

Active: 2017-08-17T19:17:49.363