What should be entered as passphrase when loging into EC2 ?
stein$ ssh -i "travis.pem" ec2-user#ec2-54-208-53-238.compute-1.amazonaws.com
Enter passphrase for key 'travis.pem':
Related
Okay, this is a very strange case of this "No secret key" error. I've looked at all the other answers related to this and none of them are related to my problem.
On my machine I do this..
gpg --export-secret-keys me#example.com
On a new WSL 2 Linux machine I do this...
gpg --import /tmp/keys.asc
echo 'enter 5 for trust level'
gpg --edit-key me#example.com trust
# I enter '5' trust level and exit
Now I should be ready for my encrypted backup restore, but it fails...
# ssh mount my backup on my NAS to /media/backup
sshfs tdanas:/backup /media/backup/
cat /media/backup/cloud-tar/2021/05/home.0.backupaa | gpg -d | ( cd /; tar -g /dev/null -xvz)
gpg: encrypted with 2048-bit RSA key, ID 465E18C472F84F14, created 2011-01-05
"User Name <me#example.com>"
gpg: public key decryption failed: Inappropriate ioctl for device
gpg: decryption failed: No secret key
If I do the following (decrypt a file and not a stream), it prompts for my password on decryption, and the problem completely vanishes.
gpg -d /media/backup/cloud-tar/2021/05/home.0.backupaa | ( cd /; tar -g /dev/null -xvz)
gpg --list-secret-keys
sec rsa2048 2011-01-05 [SC]
5ABF9709EFF6255C3B9DC4D9F029102596EDB6DB
uid [ultimate] User Name <me#example.com>
ssb rsa2048 2011-01-05 [E]
I'm an idiot, lol. the stdin is already consumed, so it can't prompt for a password at that point, unless I used a gui password prompt
I generated an rsa_id ssh key, and used ssh-copy-id on my own account on localhost, just to test running Ansible against localhost with ssh.
I did not use a passphrase. However, when running ansible against localhost, I'm prompted with:
Enter passphrase for key '/home/username/.ssh/id_rsa.pub':
I generated my key pair on a new computer that I'm setting up for my development environment. I am already using my id_rsa.pub key in several places and don't wish to change it. When generating the key, I entered a passphrase and confirmed it. I believe this means that I must enter the passphrase every time my key is used or accessed, such as during ssh into a server or doing a git push to GitHub. I forgot that I could have just hit the enter key and skipped entering a password during generation.
What I want to know is if I can remove the passphrase so that it is as if I had just used the enter key when I was generating it or so that I can use the same key pair without having to use a passphrase. Thanks!
I found what I needed here:
http://www.thinkplexx.com/learn/howto/security/ssl/remove-passphrase-password-from-private-rsa-key
SSH into a host that has your public key: ssh my_user#myhost
At the password prompt, openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa_new
Enter old passphrase
Back up and replace private ssh key:
cp ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
rm ~/.ssh/id_rsa
cp ~/.ssh/id_rsa_new ~/.ssh/id_rsa
Set key permissions: chmod 400 ~/.ssh/id_rsa
Test it by logging in to the remote again.
When we try to access the remote host server in the bellow manner its asking me for password.
]# ssh remotehost
Enter passphrase for key '/root/.ssh/id_rsa':
Enter passphrase for key '/root/.ssh/id_rsa':
Enter passphrase for key '/root/.ssh/id_rsa':
Password:
Last login: Tue Apr 25 05:54:32 2017 from pm.remothost
Copyright (c) 2001-2014 EMC Corporation. All Rights Reserved.
Copyright (c) 1992-2011 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
remotehost-1#
Is there any way to give the password in ssh command like sshpass or expect.
There is a .ssh/config file which have accessing 2 jumphost before connecting the remotehost.
Can we do something like which can expect/give password when prompted and then we get the login.
Below is what we are trying but not working. It gives passphrase 3 time but when the last password is entered it comes out and no file is created in the local machine.
#!/usr/bin/env expect
set timeout 10
spawn ssh ip < ./ai.py >> stinfo_2017.txt
expect "Enter passphrase for key '/root/.ssh/id_rsa':"
send "12345\r"
expect "Enter passphrase for key '/root/.ssh/id_rsa':"
send "12345\r"
expect "Enter passphrase for key '/root/.ssh/id_rsa':"
send "12345\r"
expect "Password:"
send "54321\r"
interact
When running the script the output is like this.
[root#centseven ~]# ./directconnect
spawn ssh ip < ./ai.py >> stinfo_2017.txt
Enter passphrase for key '/root/.ssh/id_rsa':
Enter passphrase for key '/root/.ssh/id_rsa':
Enter passphrase for key '/root/.ssh/id_rsa':
Password:
zsh: no such file or directory: ./ai.py
Killed by signal 1.
Killed by signal 1.
[root#centseven ~]#
The script is not getting executed on the remote server, hence there is no file created stinfo_2017.txt.
When we run this manually it creates a file.
There was a problem in the spawn line.
#!/usr/bin/env expect
set timeout 10
spawn sc -h "ssh ip < ./ai.py >> stinfo_2017.txt"
expect "Enter passphrase for key '/root/.ssh/id_rsa':"
send "12345\r"
expect "Enter passphrase for key '/root/.ssh/id_rsa':"
send "12345\r"
expect "Enter passphrase for key '/root/.ssh/id_rsa':"
send "12345\r"
expect "Password:"
send "54321\r"
interact
I am looking for help to figure out how to tie a secret key with a passphrase to encrypt a file using GPG.
I had tested many option (--encrypt, --sign, --recipient, --symmetric, etc), but in all of them, I was able to decrypt the file typing only the passphrase, even in a machine where I don't have the public nor the private/secret keys.
Is there a way to force the user to have the secret key and to be asked to type the passphrase?
I am open to any other idea that force a double security check to decrypt the protected file.
Thanks,
during decryption process type
gpg --allow-secret-key-import --import PrivateKey.gpg
after that prompt will appear for passphrase, enter the passphrase and after that decrypt file using
gpg filename.gpg