Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 08-29-2018, 12:53 PM
netgus netgus is offline
Registered User
 
Join Date: Aug 2018
Posts: 3
Impossible to use an ssh key (windows or Mac)

Hello all,

I'm trying to use a generated ssh key (ssh-keygen) from a linux server (Centos 7). I authorized the use of the key on the server. I'd like the private key to stay on the server. I copied the public key to my Windows or Mac and I have an error:

Public-key authentification with the server for user xxxx failed. Please verified username and public/private key pair.

I probably shouldn't do something right. Someone would have a detailed procedure.

Best regards.
Reply With Quote
  #2  
Old 08-29-2018, 01:56 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 836
Quote:
Originally Posted by netgus View Post
I'm trying to use a generated ssh key (ssh-keygen) from a linux server (Centos 7). I authorized the use of the key on the server. I'd like the private key to stay on the server. I copied the public key to my Windows or Mac and I have an error:

Public-key authentification with the server for user xxxx failed. Please verified username and public/private key pair.
If you want to perform authentication using the SSH2 protocol's "publickey" authentication method, the private key must be accessible to the SSH client. The server needs the public key. The client needs the private key (Technically, the client needs the public key, too. But the public key can be derived from the private key)

An SSH client needs the private key in order to sign the public key if the server says the public key might work.

If you want that private key to remain on the CentOS 7 machine where it was generated, then you will not be able to use it in SecureCRT/SecureFX on your Mac/Windows machine for authentication to that CentOS 7 server (or any other server).

You either will need to securely copy the private key to your machine where you have SecureCRT/SecureFX installed, or you will need to generate a new key pair in SecureCRT/SecureFX (Tools > Create Public Key...) and then copy the public portion of your key to the server and authorize this new key for use on the server by your user account.

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
support@vandyke.com
http://www.vandyke.com/support
Reply With Quote
  #3  
Old 08-30-2018, 07:23 AM
netgus netgus is offline
Registered User
 
Join Date: Aug 2018
Posts: 3
Thank jdev for your answer and your clarification.

This morning I did some testing, because when I try to import the private key into SecureCRT, the format is not recognized.
I took the PPK and with Putty key generator, I exported the private key that I renamed to Identity and I exported the public key to Identity.pub in the same folder. If I import it into SecureCRT, the format is not recognized and I have tried all possible Putty Key Generator formats.

So I did the opposite, I generated a private and public key from SecureCRT and pushed the public key to the server in Authorized_keys and it works.

If I compare the private keys generated by SecureCRT and Putty Key generator, the character length is quite different.

How to make SecureCRT work with keys generated from Putty. For information, if I use other solutions like Xshell, Putty keys work, but SecureCRT keys do not.

Thank you for your help.
Reply With Quote
  #4  
Old 08-30-2018, 07:59 AM
netgus netgus is offline
Registered User
 
Join Date: Aug 2018
Posts: 3
Another point.

I tried to open SecureCRT private key in Putty Key Generator and the message is:

OpenSSH SSH-2 private key (old PEM format).

To use this key with Putty, you need to use the "Save private key"

It's possible to convert the new PEM format to the old PEM format?
Reply With Quote
  #5  
Old 08-30-2018, 08:55 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,529
Hi netgus,

jdev is not available today.

What version of SecureCRT are you using?

SecureCRT only started supporting .ppk keys in v8.0:

Changes in SecureCRT 8.0 (Beta 1) -- January 28, 2016
-----------------------------------------------------
New features:

  • SSH2: PuTTY PPK keys can be used for public-key authentication.

Quote:
I tried to open SecureCRT private key in Putty Key Generator and the message is:

OpenSSH SSH-2 private key (old PEM format).
I am not sure what you mean in your later post. As stated in SecureCRT's Help topic Secure Connections / Public-Key Authentication for SSH2:
Note: Public keys generated using VanDyke Software products comply with the established IETF draft specification defining the format of Secure Shell public key files. This does not guarantee that SecureCRT will work with public key files generated using other Secure Shell software implementations which may or may not comply with this specification.

Since there is no IETF specification defining the format of Secure Shell private key files, SecureCRT may not be able to use private key files generated with other implementations. It should also be noted that, since the private key generated by SecureCRT uses a different format from OpenSSH's private key, OpenSSH cannot use a VanDyke Software generated private key.

SecureCRT supports SSH2 public-private key files generated with VanDyke Software products and the public-private key files generated with the OpenSSH ssh-keygen utility.

I'm not sure what putty means by "PEM format" (either old or new).
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 08:12 AM.