0
0
I am trying to SSH into a server, where I do not have root privileges. I don't like using Putty, I prefer Cygwin. I can log into the server using Putty, but using the exact same private key and typing in the exact same password, I get an error using Cygwin. I tried this with and without the SSH version 2 force, and with and without the port forwarding option. Same result. Also tried deleting the host from my known_hosts file, same result.
See below. Changed IP address for security.
$ ssh -v -2 -i private_key.ppk -L 5432:localhost:5432 user@22.22.22.22
Connecting to 22.22.22.22
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Connecting to 22.22.22.22 [22.22.22.22] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/private_key.ppk type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/private_key.ppk-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 22.22.22.22:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:T1wfSekfyPulNsBaGn/d5ubEKy1VKWKmBcr/SQQTRSs
debug1: Host '22.22.22.22' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:58
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/private_key.ppk
Enter passphrase for key '/home/user/.ssh/private_key.ppk':
Enter passphrase for key '/home/user/.ssh/private_key.ppk':
Enter passphrase for key '/home/user/.ssh/private_key.ppk':
debug1: No more authentication methods to try.
Permission denied (publickey).
The "debug1: key_load_public: No such file or directory" part might be it. But again, I can SSH into this server with Putty using the same private key, so my key on the server must be in place.
rshaq
Posted 2015-10-03T21:18:19.047
Reputation: 3
Permission denied (publickey)therefore it is the key. The preceding lines look like you had trouble entering the passphrase to unlock the keyfile, this is not the password of the remote machine. – ctrl-alt-delor – 2015-10-03T21:25:38.823use can use ssh-keygen in cygwin to make a key. BTW I like how you used the same port number for your port forwarding, for seamlessness. and with 127.0.0.1/localhost means it's ssh all the way – barlop – 2015-10-03T21:29:10.973
A passphrase is not a password, it should be longer and less easy to guess than a password, as it can be brute forced, and your passwords should be better than they, probably are. If the enemy get hold of your computer, then they will try to break into your key-file, so that they can then break in to that DoD computer in ohio. Consider using ssh-add, so that you can use a longer passphrase, without the inconvenience. – ctrl-alt-delor – 2015-10-03T21:29:31.473
@richard technically a password is not necessarily easier to break than a key, e.g. if a password is as long and random looking as a key, then it'd be just as "impossible"/"possible" to brute force as a key, though indeed, in practice, people don't use passwords as long and random looking as keys. Though they could if they use a program to store their passwords, or a usb rubber ducky like gadget that types in the passwords automatically. – barlop – 2015-10-03T21:34:49.580
@barlop yep, turns out I needed a .pem file instead of a .ppk. Tunnel vision. The ports are for Postgres, so I can use pgAdmin, thanks. – rshaq – 2015-10-03T21:37:38.967
@barlop that is true, but why are you telling me. I can only assume that you though I say comparing passwords and keys. I was not, I am comparing passwords and passphrases. – ctrl-alt-delor – 2015-10-03T21:38:31.987
@richard fair point. I suppose though that even though a passphrase is meant to be guessable, it could be random and as strong as a key. You did say a passphrase can be brute forced, and that it's meant to be stronger than a password. You could add with regular use.. 'cos that doesn't apply so much if a password is made that is as strong as a key. (I suppose in those situations also things boil down to how long the hash is for password.. I don't know if passphrase uses a hash, if so then that too) – barlop – 2015-10-03T22:41:59.407
@barlop Passphrase is not stored in any way, not even its hash: it is used to decrypt the key. Passwords can get away with being a BIT weaker because the server will/should limit attempt rate. You can not limit the attempt rate of decrypting a key, except my using a long passphrase, and good encryption. – ctrl-alt-delor – 2015-10-03T22:59:11.423