Mam parę kluczy dla WinSCP i bez problemu się łącze z pewnym serwerem autoryzując się kluczem prywatnym oraz ręcznie wysyłam/pobieram pliki.
Teraz potrzebuje zrobić to samo dla sftp pod linuksem, wszystko się upiera w format klucza jak podejrzewam.
Pytanie jest następujące: - jak zaadoptować klucz prywatny z WinSCP do sftp?
0
0
Samo skopiowanie do ~/.ssh/?
Przed momentem sobie wygenerowałem klucza przykładowego i tak wygląda:
cat ~/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA6zIDLrRUhTFEgpSiz0PISFhvYUTbkRY+FjVuDR1yaNtBFYH3VJf9
NOBaT/iS0+PDx4g7YaKulS/dMf6F6CmQY1naDmtSutr5WMM/yG+7wJiEtOnoqmKF7pi8LK
PGpmlbTuKHvakEJxd1Kw0JnODWZpNa8AlkpJ1/nGR7AXIH6Zn+kem4+S00YBFApMLCfGnF
cJ9bx5T/7B+gXf2Gfko01zSrV5LM3wNgfW1nLxvb4wwpfTB5qDMNjo5nOZrabMpcSs2czj
ralyZ9xBj3FLvKtv18dm4+K/v53WnvB42OzWLCXJX4vMSrmEtmN1PDwuesdFSJSsEK6k/U
53l/aBHvXHDm2vuTOjikBg12EYied8guAGQLbnvm5ZKDjdCpXNgeNqFUxai1oI8W0u3qM/
oQ/Q5Hevsv7pC3hahpiSppaXmGieAN6/eTwQd/VzsebPBJuA2QWx7QuD1leDX0fWV1exqC
csICI9VM62Jac6/wB1EPDzA7ePJyqC9hWhm9u1R9AAAFgH/Tz85/08/OAAAAB3NzaC1yc2
EAAAGBAOsyAy60VIUxRIKUos9DyEhYb2FE25EWPhY1bg0dcmjbQRWB91SX/TTgWk/4ktPj
w8eIO2GirpUv3TH+hegpkGNZ2g5rUrra+VjDP8hvu8CYhLTp6Kpihe6YvCyjxqZpW07ih7
2pBCcXdSsNCZzg1maTWvAJZKSdf5xkewFyB+mZ/pHpuPktNGARQKTCwnxpxXCfW8eU/+wf
oF39hn5KNNc0q1eSzN8DYH1tZy8b2+MMKX0weagzDY6OZzma2mzKXErNnM462pcmfcQY9x
S7yrb9fHZuPiv7+d1p7weNjs1iwlyV+LzEq5hLZjdTw8LnrHRUiUrBCupP1Od5f2gR71xw
5tr7kzo4pAYNdhGInnfILgBkC2575uWSg43QqVzYHjahVMWotaCPFtLt6jP6EP0OR3r7L+
6Qt4WoaYkqaWl5hongDev3k8EHf1c7HmzwSbgNkFse0Lg9ZXg19H1ldXsagnLCAiPVTOti
WnOv8AdRDw8wO3jycqgvYVoZvbtUfQAAAAMBAAEAAAGABrbrzlaJny/T4+J4b3Bg9GfJ7j
34AsFezmWCGc/AZ2vzBLksJXcdXHgXO/c9wdzbxwOFpnjtgQbXysiYbBNbsupqxkScHQeJ
XNZeKMu/0XTJPRz8bnjXmAM2RBP85N1XJP5kn66GltMdnjgGETt+A3mre/TYsbZpYT6hIF
5wCWRDF0lT5ZE70I5NiSaiRMkEQP3bsev4DnasrmJBh7N4pLg1OA/R14ASLiKEcpzZ/zZm
rNNIddvXRD2ehs978uUoBVsF5QO8MJMsZUlxw3pTrz/GrpVITE/hOpT0ZocLquHlXIofIf
N7cMCsfOpkOo6dQsRIOlvCFKiZCBdPaCT5tc7fOwYtHOBheSloIbpD9/KLQaOYMeXjFwI8
N+JYvbqWZpF2CfN1pP3i/my6PfyMghM/Ss2FPG+Q2XA+snDpjjHsA2awPZDXlTmSe2oXm1
F/ap/jZ35igduf4acoNpa2APRR1PZ5RnoYtgNzB1PhWuzIxgygmM9N1nmX/PuQObqFAAAA
wQDG/M4jRaJzvyUtrHd7++IXk7nOJxN/2C1qP3//HbGv9Lqb5ioCVoj5ruHQHTB43Y4N6d
99+F0FghUQvwYWDE2MCjU4cklN0viF2T4eNi4rH5wEDfsbUdfD4j83vEnyWgVpB21hoKV9
2BMZwLumCpM0hhvBZStyFt+7Jz09vaLmDSnmzf7BYm/uJ6mDZmpdr04YdEHIuUAvqbDBl9
hrXZ2SsUKx+Z79lHPYHv1sPPOSAr/OvePU456k6sELufLIA7IAAADBAPsMXjQNr1RuLJhZ
7LCzJM9yVavTK8b/qCfFGZBdG/+pK91UEPB/0M8e+i7rmm8c4A/hUQ1HeO43vJXRpMq5T5
MJaENDqBnjqW78YTVCfmpl2V1f/M57N1RSKfZpv3WVLRl1AcLe9JqWk3o2VgA2mQYqEx7R
DXziCRj/EvoKtO4URvT2wVSGbDm9oS/4DOPCQlCTP6bLh9vLQdzts6usUaqzXifGiaEYLq
dKDd2BeCIwzF5I99zH7Bk59WA5U5P30wAAAMEA79WY5tlna9rNElGS0O8tJVNWFXQ60Dt1
W5Z4OLxk23ea0OBB0aho6kUEgyfVdeIVZ6jbHIB8/lPLDidxm4PhfhIcOsIpX+NdttObV1
y+MW+TJA/70ARhumQqx+XNS+t+KNJ73YDhqa2I6e1CjoHclRhI4IAOMy4p1xk+HD59vLuO
fFLXKSZKaORiMQjqNfnMR2tCsio8poTIcWiP8GHmsvD0OoV+rLF2XcvO3/FZ0fOPVf8evo
XWFYkhMM4NNaBvAAAACGFjQGxvZ29zAQI=
-----END OPENSSH PRIVATE KEY-----
1
Nie wiem jaki format masz i jaki potrzebuesz (PEM, BER, DER) ale openssl umie je konwertować.
0
Niby jaki format nie podam i tak pokazuje ten sam fingerprint, ale się nie łączy :/
0
@_13th_Dragon: ale nie łączy się poprzez ssh clienta z linuksa?
0
Dokładnie, klucze próbowałem podawać w różnych formatach:
sftp -i ./orzin-private.id [email protected]
sftp -oIdentityFile=./orzin-private.id [email protected]
sftp -i ./orzin-private.rss [email protected]
sftp -oIdentityFile=./orzin-private.rss [email protected]
sftp -i ./orzin-private.ppk [email protected]
sftp -oIdentityFile=./orzin-private.ppk [email protected]
The authenticity of host '62.3.168.188 (62.3.168.188)' can't be established.
ECDSA key fingerprint is SHA256:EOne9sIa784B6s1X2AE3vme23WuWXUrWfwJWUg61ksU.
ECDSA key fingerprint is MD5:77:3f:52:49:59:14:18:ab:af:b5:fd:81:11:00:de:94.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Couldn't read packet: Connection reset by peer
The authenticity of host '62.3.168.188 (62.3.168.188)' can't be established.
ECDSA key fingerprint is SHA256:EOne9sIa784B6s1X2AE3vme23WuWXUrWfwJWUg61ksU.
ECDSA key fingerprint is MD5:77:3f:52:49:59:14:18:ab:af:b5:fd:81:11:00:de:94.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Couldn't read packet: Connection reset by peer
The authenticity of host '62.3.168.188 (62.3.168.188)' can't be established.
ECDSA key fingerprint is SHA256:EOne9sIa784B6s1X2AE3vme23WuWXUrWfwJWUg61ksU.
ECDSA key fingerprint is MD5:77:3f:52:49:59:14:18:ab:af:b5:fd:81:11:00:de:94.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Couldn't read packet: Connection reset by peer
The authenticity of host '62.3.168.188 (62.3.168.188)' can't be established.
ECDSA key fingerprint is SHA256:EOne9sIa784B6s1X2AE3vme23WuWXUrWfwJWUg61ksU.
ECDSA key fingerprint is MD5:77:3f:52:49:59:14:18:ab:af:b5:fd:81:11:00:de:94.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Couldn't read packet: Connection reset by peer
The authenticity of host '62.3.168.188 (62.3.168.188)' can't be established.
ECDSA key fingerprint is SHA256:EOne9sIa784B6s1X2AE3vme23WuWXUrWfwJWUg61ksU.
ECDSA key fingerprint is MD5:77:3f:52:49:59:14:18:ab:af:b5:fd:81:11:00:de:94.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Couldn't read packet: Connection reset by peer
The authenticity of host '62.3.168.188 (62.3.168.188)' can't be established.
ECDSA key fingerprint is SHA256:EOne9sIa784B6s1X2AE3vme23WuWXUrWfwJWUg61ksU.
ECDSA key fingerprint is MD5:77:3f:52:49:59:14:18:ab:af:b5:fd:81:11:00:de:94.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Couldn't read packet: Connection reset by peer
1
Host key verification failed.
~/.ssh/known_hosts - wywal wpis dla tego klucza i spróbuj się ponownie podłączyć.
Gdyby nie pomogło, to zobacz w logi i pokaż co tam masz.
0
W związku z sugestjami od @.andy zmeniłem na:
sftp -i ./orzin-private.ppk -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" [email protected]
i zaczęło się łączyć, czy da się tu w wierszu polecenia podać jeszcze Enter passphrase for key './orzin-private.ppk':?
Ciekawostką jest to że w pliku jest wpis:
Encryption: none
Po próbach kombinowania wg https://superuser.com/questions/988185/how-to-avoid-being-asked-enter-passphrase-for-key-when-im-doing-ssh-operatio/990447
Przestało się łączyć :/
Jak cofnąć skutki kombinowania?
1
ssh-agent -k ?
0
$ ssh-agent -k
SSH_AGENT_PID not set, cannot kill agent
wcześniej killowałem przez kill -9
1
@_13th_Dragon: nie mam czasu sprawdzić dokładnie, ale pozwoliłeś ssh-agentowi trzymać dane uwierzytelnienia i pewnie podałeś błędne, dlatego nie może się podłączyć. Musisz poszukać sposobu na jego wyczyszczenie. Może samo przelogowanie pomoże?
0
Przelogowanie to pierwsze co zrobiłem. :/
1
chmod -R 600 ~/.ssh? Ew. czy uprawnienia masz inne niż 600 na kluczach?
0
-rw------- 1 alex orzin 1458 07-08 10:12 orzin.ppk
biorę z bieżącego folderu na razie
sftp -i ./orzin.ppk -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" [email protected]
Zaczęło działać po tych dwóch -o ale pytało o PassPhrase, więc poeksperymentowałem z ssh-agent, próby się nie tylko nie powiodły ale i zablokowały działanie sftp
1
Teraz widzę , że to ppk, próbowałeś tego?
https://superuser.com/questions/232362/how-to-convert-ppk-key-to-openssh-key-under-linux
0
@_13th_Dragon: ssh-add -D?
Deletes all identities from the agent.
0
alagner napisał(a):
Teraz widzę , że to ppk, próbowałeś tego?
https://superuser.com/questions/232362/how-to-convert-ppk-key-to-openssh-key-under-linux
Jeszcze raz:
0. Klucz jest dobry
- Zaczęło się łączyć, ale jeden mankament - pyta o passphrase
- Eksperymenty z ssh-agent, przestało się łączyć
- Próbuję to odkręcić
.andy napisał(a):
@_13th_Dragon: ssh-add -D?
Deletes all identities from the agent.
$ eval `ssh-agent -s`
SSH_AUTH_SOCK=/tmp/ssh-aLIbbmOu1mUL/agent.12052: Nie znaleziono polecenia.
export: Nie znaleziono polecenia.
SSH_AGENT_PID=12053: Nie znaleziono polecenia.
export: Nie znaleziono polecenia.
Agent pid 12053
$ ssh-add -D
Could not open a connection to your authentication agent.
[email protected]:/opt/orzin/temp>eval `ssh-agent -k`
SSH_AGENT_PID not set, cannot kill agent
$
1
export: Nie znaleziono polecenia.
To wskazuje, że nie jesteś na bashu. echo $SHELL please ;)
EDIT sh/csh?
W każdym razie, spróbuj manualnie zrób ssh-agent -s (bez evala i pazurków) a potem spróbuj to w skrypt wrzucić czy ręcznie z tym pokombinować. Jak jesteś na csh to odpowiednikiem export FOO=BAR jest setenv FOO BAR... a jak to jeszcze inny shell to musisz już sam sprawdzić.
0
$ bash
bash-4.3$ eval $(ssh-agent -s)
Agent pid 16204
bash-4.3$ ssh-add -D
All identities removed.
bash-4.3$ eval $(ssh-agent -k)
bash: unsetenv: nie znaleziono polecenia
bash: unsetenv: nie znaleziono polecenia
Agent pid 16204 killed
bash-4.3$ exit
exit
$ sftp -i ./orzin.ppk -vvvv -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" [email protected]
OpenSSH_7.2p2, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 45: Applying options for *
debug2: resolving "62.3.168.188" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 62.3.168.188 [62.3.168.188] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file ./orzin.ppk type -1
debug1: key_load_public: No such file or directory
debug1: identity file ./orzin.ppk-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 62.3.168.188:22 as 'skany18'
debug3: hostkeys_foreach: reading file "/dev/null"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: [email protected] need=64 dh_need=64
debug1: kex: [email protected] need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EOne9sIa784B6s1X2AE3vme23WuWXUrWfwJWUg61ksU
debug3: hostkeys_foreach: reading file "/dev/null"
Warning: Permanently added '62.3.168.188' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: ./orzin.ppk ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ./orzin.ppk
Enter passphrase for key './orzin.ppk':
debug2: no passphrase given, try next key <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
Couldn't read packet: Connection reset by peer
Przed zabawami z ssh-agent wiersza zaznaczonego znakami <<<<<<<<<<<<<<< nie było, i następowało połączenie.
0
ssh-add plik-z-kluczem (po odpaleniu ssh-agenta)?
0
Zabawy z ssh-agent dla tego nic nie dały że ssh-add nie przyjmuje pustej passphrase.
Ba ssh-add "nauczył" tej głupoty sftp'a :)
bash-4.3$ eval $(ssh-agent -s)
Agent pid 17155
bash-4.3$ ssh-add ./orzin.ppk
Enter passphrase for ./orzin.ppk:
bash-4.3$ ssh-add -l
The agent has no identities.
bash-4.3$ sftp -i ./orzin.ppk -vvvv -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" [email protected]
...
Enter passphrase for key './orzin.ppk':
debug2: no passphrase given, try next key
...
bash-4.3$
0
Pewnie to co podałeś dla starszych wersji, nowa chyba zaczyna od czyścenia bufora klawiatury :)))
bash-4.3$ ssh-add ./orzin.ppk <(echo "")
Enter passphrase for ./orzin.ppk: <<<<<<<<<<<<<<<<<<<<< tu czeka na enter
bash-4.3$ ssh-add ./orzin.ppk < empty.txt
Enter passphrase for ./orzin.ppk: <<<<<<<<<<<<<<<<<<<<< tu czeka na enter
1
PuttyGen - export key do formatu new Open SSH załatwił sprawę.