I have a public/private key pair. Neither of them have any sort of passphrase associated with them.
Active1 month ago
Jun 22, 2012 SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair. Use ssh-keygen -p command to remove the passphrase – just press Enter when asked for the new passphrase without typing any phrase. No Way To Recover Forgotten Passphrase. IMPORTANT: you cannot overwrite a forgotten passphrase. If your SSH key is encrypted, you must have the original passphrase to decrypt the key and save it with the new passphrase.
Whenever I try to ssh using either the private or public(and I'm pretty sure I should only be using the public key), I get queried for a passphrase, and then of course can't connect up.
Anyone have any idea how to get around this? Am I typing some command incorretly? I am trying to ssh into a server that I have setup in my ~/.ssh/config file(correctly, since this exact same setup works on another server) with the key stored in ~/.ec2/key.ppk
I've also tried using puttygen.exe to generate a new private key WITH a passphrase, and then using that key, and when I type the passphrase, it still fails.
llaskinllaskin
10 Answers
First off it's the private key that will have the pass-phrase. This validates against the public key stored on the remote server.
Best guess is that your are trying to use a putty private key (
ppk ) key format with openssh this doesn't work.. PuTTYgen has an export option for openssh if this is the case.
I also assume that the server you are trying to ssh to has your public key stored correctly in the authorized key file (in
~/.ssh/authorized_keys generally).
Another guess would be that the correct key isn't be selected. Some things I would try are:
Resetting the keys pass-phrase using
ssh-keygen , like this..
This will confirm if in fact your key does (or does not) have a pass-phrase on it already.
Secondly I'd try connecting using a verbose output, specifying your public key explicitly output:
This will give you more of an idea of what is going on.
Adobe
1,40322 gold badges1919 silver badges3232 bronze badges
mrverrallmrverrall
You could run ssh-agent. See here for a discussion.
Ssh-keygen Passphrase Less
The short version that worked for me (in bash):
I took the 3 lines it echoes out, and executed them. Microsoft visual basic 2008 express. Another way to do that is take the output of -s:
Then I added my credentials to it:
Now the agent supplies the credentials instead of me having to type in my passphrase.
I believe ssh-agent goes away when the shell does, so this should be scripted upon startup for maximum convenience. The link I shared describes scripting as well.
dfrankowdfrankow
42422 gold badges66 silver badges1616 bronze badges
When you set up your public key, you probably (perhaps inadvertently) set it up with a passphrase.
You probably need to start fresh -- I haven't used puttygen, but you can delete (or rename) the public key in your .ssh directory, use
ssh-keygen to generate a new one (being sure not to provide a passphrase), and then share the public_key out to the authorized_keys file on the server you're trying to connect to.
You may need to also remove your old passphrase-key from the authorized-keys file on the server you're connecting to.
JohnMcGJohnMcG
One thing to check, if your sshd_config file has StrictModes=yes , then the $HOME directory or $HOME/.ssh directory must not be world writable to group or other. Otherwise authentication fails no matter what.
TD1TD1
Check that the private key
id_rsa doesn't have extra line breaks at the end, in some cases extra line breaks will make ssh-keygen to ask for the passphrase, try this:
test:
nbarinbari
I made the mistake of accidentally overwriting my ~/.ssh/id_rsa file with my ~/.ssh/id_rsa.pub. Doing that will cause ssh to ask for a pass phrase.
Red CricketRed Cricket
I ran into this problem the other day. Specifically, I was trying to copy/paste a private AWS key from one machine to another.
I have a bad habit of either missing the first or last character. It turns out that if you don't grab every hyphen at the end of your private key–even though it has nothing to do with the key text itself–you will be prompted for a passphrase for the private key until add every character from the key you copied from (in my case this meant adding a a single hyphen to the end of the key.)
I suppose this means that best practice is to SSH the text file across the wire instead of trying to copy and paste between Terminal windows.
Professor TomProfessor Tom
On OSX I was able to just run:
$ ssh-add ~/.ssh/id_rsaEnter passphrase for /Users/me/.ssh/id_rsa:`Identity added: /Users/mikekilmer/.ssh/id_rsa (/Users/mikekilmer/.ssh/id_rsa)
The password was stored by the Keychain Access application, which is in the Applications > Utilities folder. I just entered MikeiLLMikeiLL
id_ in the search field.
23711 gold badge33 silver badges1212 bronze badges
Try viewing the log files on the server. See /var/log/authlog (e.g., /var/log/authlog for OpenSSH, although I've seen some operating systems use Portable OpenSSH and use /var/log/auth.log) and check the end of that file.
Ssh-keygen Passphrase Command Line
The most common causes I've seen are incorrect permissions (as noted by TD1's answer), although other issues could be with the public key (stored on the server) not being in the right file, or that key being commented out, or a misspelled username.
It may also be helpful (for troubleshooting) to give the account a passphrase temporarily, just to verify that the account can be successfully logged in when you do that.
If viewing the log file doesn't quickly lead you to a resolution, I suggest posting a new question (since this is a great generalized question) which does include the specific details from the log file, so that more specific directions can be provided.
TOOGAMTOOGAM
11.8k33 gold badges2626 silver badges4949 bronze badges
On my team, when this happens it isn't an issue with anything locally. The user's ssh key and/or access hasn't been configured correctly on the server they're connecting to (in our case a hosting platform). For some reason this triggers a prompt for a non-existent ssh key.
Ssh-keygen Passphrase Change
ognockocatenognockocaten
protected by Community♦Aug 15 at 20:10Ssh Keygen Without Passphrase
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead? Ssh-keygen Passphrase From FileNot the answer you're looking for? Browse other questions tagged linuxsshcygwinputty or ask your own question.Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |