I have a PPK file and I am trying to have PuTTY use it, when I am connecting to a remote server. But I keep getting this error below, and then I am just asked for my username (while I should be directly allowed in as root).
I don't understand what the problem is, and what's worse I have no idea how to troubleshoot further. A colleague of mine is using the same file and says everything is OK on his side. So I am stuck.
I did a web search and all I find is recommendations to convert the PEM file into a PPK file. But that does not apply in my case, I already have a PPK file.
I am using Windows on my local machine and the PPK file is located in C:\ssh-keys\
Unable to use key file "C:\ssh-keys\filename.ppk" (not a private key)
login as:
Here is the header:
filename.ppk
ё : mBIN ‚Ѓ& PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: imported-openssh-key
Public-Lines: 6
Your key file is corrupted.
A .ppk file must start with the PuTTY-User-Key-File- followed by the ppk format version number. It must be a plain text file. No binary data. No UTF BOM. Your colleague must have a different (correct) copy of the file.
Related
I am trying to copy data from SFTP to blob but got stuck when creating SFTP source.
I have the connection details and can easily connect on Filezilla or WinSCP. However, I am unable to get it to work in Azure data factory.
I am not using code but the user interface.
The connection details on the page creating the SFTP source:
Connect via integration runtime: AutoResolveIntegrationRuntime (default)
Host: xyz
Port: 22 (can't remove it as it doesn't like it)
SSH Host Key Validation: Enable SSH Host Key Validation
SSH Host Key Finger-print: taken from WinSCP - Session - Server/protocol information
Authentication type: SSH Public Key Authentication -can't use basic as the private key holds the security info
User name:XXX
Private Key Type: Use Key Content
Private key content: loaded the .ppk file, tried also tried loading the .pem file and got different errors
Pass Phrase: none
When setting up this sftp in WinSCP or FileZilla it automatically converted the provided .pem file into .ppk.
When I loaded the .ppk file into ADF I got an error: Invalid Sftp credential provided for 'SshPublicKey' authentication type.
When I loaded the .pem file I got: Meet network issue when connect to Sftp server 'spiderftp.firstgroup.com', SocketErrorCode: 'TimedOut'.
I have also tried 'Disable SSH Host Key Validation' in SSH Host Key Validation and made no difference.
I have also opened the .ppk file in PuttyGen and used that host key finger print and still no luck.
Only getting these 2 errors depending on which file I load.
Can't find anything about this online so would be grateful for some advice.
Have you read this note in this doc?
https://learn.microsoft.com/en-us/azure/data-factory/connector-sftp#using-ssh-public-key-authentication
SFTP connector supports RSA/DSA OpenSSH key. Make sure your key file content starts with "-----BEGIN [RSA/DSA] PRIVATE KEY-----". If the private key file is a ppk-format file, please use Putty tool to convert from .ppk to OpenSSH format.
Got this working today. Like you, could connect using WinSCP and failed when using ADF.
The link Fang Liu shared contains our answers, but my issue was not the private key. I suspect Fang's suggestion resolved your problem and I'm sharing my answer here to help others who may encounter similar.
My issue:
When using Private Key Authentication in ADF the password becomes a Pass Phrase and you no longer have the ability to supply a password. To overcome the problem we disabled password authentication for the user and the SFTP connection started working.
As stated in the documentation. The Pass Phrase is used to decrypt the private key if it is encrypted.
Also worth noting:
If you store the contents of the private key in Key Vault you need
to base64 encode the entire contents of the exported key and use
that string. This includes "-----BEGIN RSA PRIVATE KEY-----" and the
end. The same applies if you want to paste the value into the
textbox of the SFTP linked service edit screen.
I did not try to manually edit the JSON of the Linked Service to explicitly provide a password and this could be workaround for someone to test if they are unable to disable the password.
I used PuTTYGen to export the PPK to a private key and had the same fingerprint issue too so I just disabled cert validation. Funnily you can use the fingerprint provided by the error and it passes validation so not sure where the bug lies. :-)
I followed instruction on this page to verify the integrity of the download file. The file is a Sqoop installation, but my question is not specific to Sqoop.
http://www.apache.org/dyn/closer.lua/sqoop/1.4.7
At the backup site page I downloaded two files - asc file and md5 file.
https://www-eu.apache.org/dist/sqoop/1.4.7/
The instruction said I need to download KEYS file, PGP signature file (asc file), or PGP hash file (md5). So I think for this particular download there is no KEYS file?
I used the following command in CentOS, verifying the file with hash.
gpg --print-md MD5 sqoop-1.4.7.bin__hadoop-2.6.0.tar.gz
I got the hash value, which matches to the downloaded md5 file by characters, but NOT by case.
So question #1: Is PGP Hash verification case-insensitive?
In addition, Question #2: because there is no KEYS file to download, how do I use the asc file to verify file integrity? I tried the command on the instruction page but none of them worked for me.
After allowing an application to install ssh keys on my local machine, I can no longer connect to my Digital Ocean shell. (The app is not related to DO; totally different.) I get a
Permission denied (public key)
error that, with -vvv, debugs to
Trying private key: /Users/macbook/.ssh/id_dsa
no such identity: path/.ssh/id_dsa: No such file or directory
My keys are rsa. I have no idea why the machine is asking for dsa.
My .ssh/config file (which I have never read until now) has only information about the application I allowed access. Maybe it was overwritten. If this is the case, could you tell me how to rewrite my .ssh/config file?
My keys on my cloud server (accessed through a DO gui shell) and on my machine still match up. The folder permissions are ok. I've been using this for months with no trouble until now.
Any suggestions?
Edit:
This was probably a result of the third party application overwriting my .ssh/config file. Because the writing of this file was always automated for me, I never took any notice of it. If you try:
regenerating new keys
appending the new public key to the authorized_keys file on your server on a new line
writing a new .ssh/config file as so:
-
Host 111.11.11.1
User bob
IdentityFile ~/.ssh/new_file.pem
then you might make it. Somehow now I can't get a passphrase to work on the new keys.
I need an access to .k12 or .pem files for all https websites I am visiting on Mac OSx machine. Can anyone help me know the path where these files can be found.
Also, need to know a way to decrypt some packets using the key.
There are a couple of ways to get a certificate file in OSX. One way is to export the certificates from Keychain Access. Select Certificates in the Category (lower left) panel, choose Select All from the Edit menu (or hit ⌘A), and then choose Export Items... from the File menu (or hit ⇧⌘E). You can export your certificates as a .p12 file or a .cer file. The problem with this approach is you have to perform these steps periodically to keep your file in sync with the latest updates from Apple.
Another way is to install OpenSSL and use the cert.pem file that comes with it. Similarly, you'll have to keep OpenSSL up to date.
You would simply access the tool named "Keychain Access" in the Utilities folder of your Applications directory.
Once there, you can filter each keychain to only show certificates.
As for decrypting packets using a given key, there are plenty functions doing that within the Security framework, but this question would require clarification (Language requirement etc).
I was looking for this too. I couldn't find the files anywhere so I thought how about exporting them.
From the Keychain Access:
On left pane, click on the KEYS. On right pane, CTRL-Click on the desired certificate.
The Public key should be exported as a PEM file.
The Private Key should be exported as a P12 file.
The Certificate should be exported as a CRT file.
The Private key export option will as for a passphrase and then the user's keychain password. Upon import you will be asked for this passphrase.
NOTE: The private key, contains the public key.
I am using dozens of different web services, and I keep a password file in a remote Linux machine. The file contains my usernames, passwords and answers for security question.
This server happens to be offline to often, and I'm looking for a way to keep the password file on my own computer, or on a service like DropBox. Obviously, I want to keep the file encrypted, but handy - I want to be able to print its contents using one shell (or cygwin) command, perhaps using a passphrase.
Any good ideas how to do it?
You can use GPG's symmetric option to encrypt files with pass-phrases.
gpg --symmetric filename
That will result in an encrypted file named filename.gpg. To redirect the output to STDOUT instead of a .gpg file:
gpg --symmetric -o - filename
You can later decrypt the file with:
gpg --decrypt filename.gpg
I use PasswordSafe encrypted files in exactly this configuration. GUIs are available for Windows/Mac/Unix/Java. cliPSafe gives it a command line interface.
THe original code was written by Bruce Schneier, well known in the security world, but I've never used cliPSafe.
As already noted GPG solves the problem. Using the gpg command directly for encrypting text files may be a bit cumbersome though, especially as you would often decrypt the file to a seperate file, add some text (passwords in this case) and the reencrypt it (which will possibly expose your unencrypted data).
Vim has a very good plugin called gnupg for trasparently handling encrypted files using GPG. Using this plugin the unencrypted data will never be written to disc and you can just treat it as any other file (except for the passphrase question popping up of course).