Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I've a server setup which is accessed via SSH by pulling a key from an external secure server. The SSH key is not password protected however asks for a password when I try to access the server:
Enter passphrase for key 'my-key'
When I view the key using vi, it has a noeol message at the end of the file
-----BEGIN OPENSSH PRIVATE KEY-----
...
...
-----END OPENSSH PRIVATE KEY-----
~
~
~
~
~
~
~
~/.ssh/my-key" [noeol] 27L, 1798C
This is rectified when I append \n when copying the key. Why does a lack of EOL cause the key to look for a password?
It can be because of the (proprietary) OPENSSH private key format, described here, which includes:
A format ID prefix
Encryption headers
An unused number for number of keys in the block
An rfc4253-style ssh public key
An private key somewhat modeled after the rfc4253 style
A comment
Padding for aligning private key to the blocksize
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
Is there a relationship between the content of a private RSA key (private exponent, modulus and primes) and a AES-128-cbs key and iv?
I know that you can encrypt your private key using AES in which case
the AES-iv is supplied in the pem file and the AES-key is
calculated using MD5 over secret-password and the first 8 bytes
of the AES-iv.
However I have AES encrypted data and a private RSA key that I can read.
Is there a standard on how to derive the AES-key and AES-iv from the
RSA key content, maybe from the prime numbers inside. Is
there some standard that is normally used?
No, it makes no sense to have your symmetric key depending on your asymmetric.
Usually you also don't just encrypt one particular AES key with one RSA keypair. Instead what you usually want to do is to use for example someone's public key to encrypt a randomly generated AES key and send the RSA encrypted key along with the AES encrypted data to the recipient.
This way you can use a different symmetric key for every data package.
This is just one use case, but it illustrates why there is no reason for such a dependency.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am following the steps to create Virtual Machine on Bluemix following the steps as below.
https://www.ng.bluemix.net/docs/starters/index-gentopic4.html#vm_ssh_key
I am blocked when I am trying to configure a SSH key. I am using an existing key pair which I use with my other machines.
I get an error
"Keypair data is invalid: failed to generate fingerprint"
I am not sure if it is not happy with the format or it is not OK with the public key itself.
I have tried entering with the lines
---- BEGIN SSH2 PUBLIC KEY ---- ,
---- END SSH2 PUBLIC KEY ----
and without it.
Try following github's steps to create a key pair. It seems your key pair might be invalid. Does your keypair work else where?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
What is the point of allowing ssh-keygen to generate empty passphrase keys when it is not recommended to use such keys for remote login? What situations would such keys be useful for?
The passphrase protects the key in its storage on your local computer.
Even without a passphrase, a key is still better than a password, as it can only be "stolen" if someone has physical access to your computer (or at least some kind of network access to the files on your computer), whereas a password can be brute-forced (or leaked from any number of places in case you re-use passwords).
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Today is friday and I'm a desperate sysadmin. I issued a demand of certificate for an HTTPS server, and just received it after more than a long week of waiting, but while my request was processed I lost the passphrase that secured my private key.
Given that I have the private key and the public key jointly generated with the passphrase (that I knew by the time), could there be a clever way to recover the lost passphrase.
Thanks in advance.
Not really. The point of these protection is precisely to make it infeasible to recover the password.
If the password wasn't too long, you might try brute force...
Your best option is probably to contact your CA and ask them to re-issue a certificate with a new CSR. Some might allow re-keying without an extra fee during the certificate validity period.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Diffie–Hellman offers secure key exchange only if sides are authenticated. for authentication, sides are using public/private key. so if side A knows the public key of the side B, then A can simply use that key to encrypt the message (or the new session key). why bother to use separate key exchange algorithm?
Diffie Hellman is designed to exchange a shared key. So the question could be rephrased as: Why would I want to use a shared key, when public/private key pairs offers encrpytion and ease of sharing public keys?
The benefits of a shared key over public/private keys are:
Shared keys have faster algorithms compared to public/private key algorithms and thus require less processing power.
It is possible for attackers to impersonate when using public/private key encrption, if a certificate authority is compromised: See the DigiNotar case.