|
#1
05-26-2006, 02:14 PM
|
|||
|
|||
|
Same keypair for securecrt and openssh?
I'm in a mixed environment .. Most of the times, I will initiate my ssh session from my laptop (WinXP) either through securecrt or cygwin/openssh or from my intermediary server (unix/openssh).
laptop -> intermediary server (unix) -> customer server (unix) My requirment is to end up having only have 1 public key assigned even though I may come in from: securecrt (laptop) -> intermediary server -> customer server cygwin (laptop) -> intermediary server -> customer server intermediary server (openssh) -> customer server Some history: I have been using sshclient to ssh into the intermediary server then from that session ssh to a customer server. I also created a tiny script on cygwin to call sshclient.exe through the command line incorporating port forwarding so I can directly have a terminal session on the customer server. I now have the restriction that all my keys require a passphrase, so obviously, I require agent forwarding now and all public keys within the customer servers be assigned an owner (Which is why I want to have just one public key, whether I come from securecrt; openssh/cygwin or openssh/intermediary unix) via cygwin (define a connection to the intermediary server than port forward to my customer's server) keychain -id_rsa ssh -l rross -L $lport:$host:22 relay.hub.company.com -N $log & sleep 1 securecrt.exe /SSH2 /P $lport /L root /I d:/cygwin/home/rross/.ssh/id_ rsa localhost The securecrt.exe still prompts me for my passphrase. I was able to use the /PASSPHRASE option to get arount this. What I would like is to retrieve the key from my ssh-agent. via Windows (with securecrt pointing to my openssh key) Use securecrt gui to ssh into the intermediary server securecrt did not prompt for my passphrase and had to login to the intermediary server using my userid password If I generated the key in securecrt (with passphrase) copy the private and public key (after converting the pub key to openssh format) the passphrase seems to get corrupted and openssh does not accept it. I know this sounds confusing .. and my team and I have been banging our heads agains the wall with the new requirments without breaking all our automation. Thanks for any pointers 
|
|
#2
05-26-2006, 03:35 PM
|
||||
|
||||
|
Hi Rross,
If I understand correctly, you would like to have one set of keys to use for all the connections. Is that correct? If so, this should be possible with a key pair generated by OpenSSH. SecureCRT can read OpenSSH generated keys. Just copy the public and private keys from the OpenSSH machine that generated the key pair to all the other machines. Set SecureCRT to use this key pair. This can be done by clicking the 'Properties' button after highlighting 'PublicKey' in the 'SSH2' sub-category under 'Connection' in the 'Session Options'. Once the servers are configured to allow this key for your user, you should be able to use the same set of keys for all the connections. Does using an OpenSSH generated key pair allow all the connections to use the same keys?
__________________
Thanks, Teresa Teresa Nygren
|
|
#3
05-26-2006, 04:04 PM
|
|||
|
|||
|
Teresa,
This is what I have for Properties of Public Key D:\cygwin\home\richard\.ssh\id_rsa The problem is that it's not asking me for the passphrase and is trying to authenticate using password of the userid. When I attempt through securecrt.exe under cygwin, I have to use the /PASSPHRASE option to make it work Yet .. ssh under cygwin is working correctly (authenticating via my passphrase via ssh-agent) Thanks again, Richard
|
|
#5
05-26-2006, 04:33 PM
|
||||
|
||||
|
Hi Rross,
Quote:
If so, there could be something else happening. To find out for certain, could you provide me with the 'Trace Option' output in an email to support@vandyke.com? Just use a subject of ATTN: Teresa Forum Thread 1461 and it will get to me. Quote:
__________________
Thanks, Teresa Teresa Nygren
|
|
#6
05-26-2006, 06:27 PM
|
|||
|
|||
|
Teresa,
Ah ha .. Password authentication was the 1st one listed .. I changed the order so Public Key is first and now I'm being asked for the passphrase .. Thanks Can you explain in some more detail on how agent forwarding works on securecrt? I have both 'Add keys to agent' and 'Enable OpenSSH agent forwarding' enabled. Does this spawn off another process? or is this something built into securecrt? What I would like to do is have the ability to enter my passphrase only once per windows boot. When I restarted securecrt I was prompted for the passphrase again .. Is this the way it works? Any way to piggy back on the ssh-agent process that I started from cygwin?
|
|
#7
05-27-2006, 10:10 AM
|
|||
|
|||
|
Hello rross.
Agents are programs that work in the background gathering information or performing small processing tasks. In SecureCRT, the implemented agent temporarily holds private keys for use with public-key authentication to multiple remote hosts. If you use passphrases to protect your private keys, and you need to connect to many servers using the same key pair, you can have the agent cache your unencrypted private key so that you don't have to enter your passphrase for every machine. If you enable the "Add Keys to Agent" setting, you can enter your passphrase the first time you need to use your private key and as long as your agent has not been flushed, you can connect to any other server that has the corresponding public key. Agent forwarding is using the agent to connect to a remote machine through another remote machine To connect to the destination machine without using the agent, you would have to transfer your public key to both the intermediate and destination hosts and you would have to store your private key on the intermediate machine as well as on your local machine. With the agent enabled, it acts as your proxy in authenticating to the destination host and allows you to keep your private key on just the local machine. Note: Agent forwarding will only work if all intermediate machines are OpenSSH agent protocol servers running SSH2. Destination servers must be running SSH2 but do not have to be OpenSSH agent protocol servers. You can read more about using the Agent in the SecureCRT Help in the "Secure Connections" \ "Using the Agent" category of the Help. Does this help you? Thank you JJH
|
 |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
