SSH key asking me for a passphrase?

I have a public/private key pair. Neither of them have any sort of passphrase associated with them.

Whenever I try to ssh using either the private or public(and I'm pretty sure I should only be using the public key), I get queried for a passphrase, and then of course can't connect up.

Anyone have any idea how to get around this? Am I typing some command incorretly? I am trying to ssh into a server that I have setup in my ~/.ssh/config file(correctly, since this exact same setup works on another server) with the key stored in ~/.ec2/key.ppk

I've also tried using puttygen.exe to generate a new private key WITH a passphrase, and then using that key, and when I type the passphrase, it still fails.

llaskin

Posted 2010-06-25T11:46:36.983

Reputation: 513

Answers

First off it's the private key that will have the pass-phrase. This validates against the public key stored on the remote server.

Best guess is that your are trying to use a putty private key (ppk) key format with openssh this doesn't work.... PuTTYgen has an export option for openssh if this is the case.

ssh-rsa AAAAB3NzaC1y...... etc

I also assume that the server you are trying to ssh to has your public key stored correctly in the authorized key file (in ~/.ssh/authorized_keys generally).

Another guess would be that the correct key isn't be selected. Some things I would try are:

Resetting the keys pass-phrase using ssh-keygen, like this...

$ ssh-keygen -f ~/.ec2/key.ppk -p

This will confirm if in fact your key does (or does not) have a pass-phrase on it already.

Secondly I'd try connecting using a verbose output, specifying your public key explicitly output:

$ ssh host -i ~/.ec2/key.ppk -vvv

This will give you more of an idea of what is going on.

mrverrall

Posted 2010-06-25T11:46:36.983

Reputation: 855

This error also is given if the file is in correct format - so double and triple check you copied and pasted properly if manually creating it. – Daniel Sokolowski – 2015-09-03T19:40:27.187

Correct, this is a key generated by puttygen from a key that works in putty. When I putty into the same server(from the machine that hosts the cygwin instance) it works fine with the exact same key. When i try to connect via ssh from cygwin, it bombs out. I'm confused how to make this work. – llaskin – 2010-06-25T13:38:49.503

Is ssh-rsa AAAAB3NzaC1y...... etc is the format from openssh, right? I have this format in my private key. The header states: PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: imported-openssh-key Public-Lines: 6 But the file is stored as a id_rsa file. Does this mean that this is still in .ppk format, even though the name of the file is just id_rsa – alpha_989 – 2018-01-15T14:59:46.807

Found out the answer for the different formats here. In my case even though the extension of the file didnt have .ppk, it still was in putty format, which confused me, as it was showing all kinds of errors, but not giving me any direct hint that the problem was with the format of the key: https://stackoverflow.com/a/44391850/4752883

– alpha_989 – 2018-01-15T16:12:39.477

6I think mrverrall's points is that the file format for the PuTTY private key is not the same as the file format used for OpenSSH (the ssh client in cygwin). So OpenSSH is just failing to use the private key data because it can't figure out what the data means. But PuTTY has an "export" option, so you can get data in the "PEM" format needed. – Phil P – 2011-01-23T21:44:14.440

You could run ssh-agent. See here for a discussion.

The short version that worked for me (in bash):

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-rnRLi11880/agent.11880; export SSH_AUTH_SOCK;
SSH_AGENT_PID=11881; export SSH_AGENT_PID;
echo Agent pid 11881;

I took the 3 lines it echoes out, and executed them. Another way to do that is take the output of -s:

$ eval `ssh-agent -s`

Then I added my credentials to it:

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/me/.ssh/id_rsa: 
Identity added: /home/me/.ssh/id_rsa (/home/me/.ssh/id_rsa)

Now the agent supplies the credentials instead of me having to type in my passphrase.

I believe ssh-agent goes away when the shell does, so this should be scripted upon startup for maximum convenience. The link I shared describes scripting as well.

dfrankow

Posted 2010-06-25T11:46:36.983

Reputation: 539

Check that the private key id_rsa doesn't have extra line breaks at the end, in some cases extra line breaks will make ssh-keygen to ask for the passphrase, try this:

sed  '/^$/d' /path/to/key > id_rsa

test:

ssh-keygen -yf id_rsa

nbari

Posted 2010-06-25T11:46:36.983

Reputation: 193

2OMG this was my problem. an extra newline after the -----END RSA PRIVATE KEY----- was causing it to ask for the passphrase on a key that didn't have one set! – edk750 – 2019-01-29T02:06:02.657

When you set up your public key, you probably (perhaps inadvertently) set it up with a passphrase.

You probably need to start fresh -- I haven't used puttygen, but you can delete (or rename) the public key in your .ssh directory, use ssh-keygen to generate a new one (being sure not to provide a passphrase), and then share the public_key out to the authorized_keys file on the server you're trying to connect to.

You may need to also remove your old passphrase-key from the authorized-keys file on the server you're connecting to.

JohnMcG

Posted 2010-06-25T11:46:36.983

Reputation: 246

One thing to check, if your sshd_config file has StrictModes=yes , then the $HOME directory or $HOME/.ssh directory must not be world writable to group or other. Otherwise authentication fails no matter what.

TD1

Posted 2010-06-25T11:46:36.983

Reputation: 155

I made the mistake of accidentally overwriting my ~/.ssh/id_rsa file with my ~/.ssh/id_rsa.pub. Doing that will cause ssh to ask for a pass phrase.

Red Cricket

Posted 2010-06-25T11:46:36.983

Reputation: 111

On OSX I was able to just run:

$ ssh-add ~/.ssh/id_rsa Enter passphrase for /Users/me/.ssh/id_rsa: `Identity added: /Users/mikekilmer/.ssh/id_rsa (/Users/mikekilmer/.ssh/id_rsa)

The password was stored by the Keychain Access application, which is in the Applications > Utilities folder. I just entered id_ in the search field.

MikeiLL

Posted 2010-06-25T11:46:36.983

Reputation: 367

I ran into this problem the other day. Specifically, I was trying to copy/paste a private AWS key from one machine to another.

I have a bad habit of either missing the first or last character. It turns out that if you don't grab every hyphen at the end of your private key–even though it has nothing to do with the key text itself–you will be prompted for a passphrase for the private key until add every character from the key you copied from (in my case this meant adding a a single hyphen to the end of the key.)

I suppose this means that best practice is to SSH the text file across the wire instead of trying to copy and paste between Terminal windows.

Professor Tom

Posted 2010-06-25T11:46:36.983

Reputation: 1

Try viewing the log files on the server. See /var/log/authlog (e.g., /var/log/authlog for OpenSSH, although I've seen some operating systems use Portable OpenSSH and use /var/log/auth.log) and check the end of that file.

The most common causes I've seen are incorrect permissions (as noted by TD1's answer), although other issues could be with the public key (stored on the server) not being in the right file, or that key being commented out, or a misspelled username.

It may also be helpful (for troubleshooting) to give the account a passphrase temporarily, just to verify that the account can be successfully logged in when you do that.

If viewing the log file doesn't quickly lead you to a resolution, I suggest posting a new question (since this is a great generalized question) which does include the specific details from the log file, so that more specific directions can be provided.

TOOGAM

Posted 2010-06-25T11:46:36.983

Reputation: 12 651

On my team, when this happens it isn't an issue with anything locally. The user's ssh key and/or access hasn't been configured correctly on the server they're connecting to (in our case a hosting platform). For some reason this triggers a prompt for a non-existent ssh key.

ognockocaten

Posted 2010-06-25T11:46:36.983

Reputation: 188