remembering ssh passphrases

Similar Questions

• MacOS Sierra not properly to access the Keychain for OpenSSL/SSH passwords

  Hello

  It seems to be a problem in the Sierra of MacOS on the passwords for SSH keys.

  I have my public/private key pair that is enabled for access to some linux servers, so I can't SSH in without inserting my password. After upgrading to Mac OS sierra, it seems that the keychain is no more long-term treatment/store/retrieve passphrases correctly.

  When first tried to open a session in one of my remote servers, asked me for the password, which seemed odd, so I thought that maybe the passwords were lost in the upgrade and changed the password manually by calling "ssh-keygen - f id_rsa Pei." Then I went to log in again, I asked the password and he entered, so I could connect to the server but then, apart from SSH telling me it has stored the password in the keychain, subsequent attempts to connect again always ask me the password.

  debug1: Next authentication method: publickey
  debug1: Offering RSA public key: /Users/xxxxx/.ssh/id_rsa.pub
  debug3: send_pubkey_test
  debug3: send packet: type 50
  debug2: we sent a publickey packet, wait for reply
  debug3: receive packet: type 60
  debug1: Server accepts key: pkalg ssh-rsa blen 535
  debug2: input_userauth_pk_ok: fp SHA256:/xxxxxxxxx/GM
  debug3: sign_and_send_pubkey: RSA SHA256:/xxxxxxxx/GM
  debug3: Search for item with query: {
      acct = "/Users/xxxxx/.ssh/id_rsa.pub";
      agrp = "com.apple.ssh.passphrases";
      class = genp;
      labl = "SSH: /Users/xxxxx/.ssh/id_rsa.pub";
      nleg = 1;
      "r_Data" = 1;
      svce = OpenSSH;
  }
  debug2: Passphrase not found in the keychain. Enter passphrase for key '/Users/xxxxx/.ssh/id_rsa.pub': debug2: no passphrase given, try next key
  debug1: Offering RSA public key: /Users/xxxxx/.ssh/id_rsa
  debug3: send_pubkey_test
  ...
  debug2: storing passphrase in keychain debug3: Search for existing item with query: {
      acct = "/Users/xxxxx/.ssh/id_rsa";
      agrp = "com.apple.ssh.passphrases";
      class = genp;
      labl = "SSH: /Users/xxxxx/.ssh/id_rsa";
      nleg = 1;
      "r_Ref" = 1;
      svce = OpenSSH;
  }
  debug3: Item already exists in the keychain, updating. debug3: send packet: type 50
  debug3: receive packet: type 52
  debug1: Authentication succeeded (publickey).
  

  Note how he is unable to find the password in the keychain (it is out of the attempts of the second and following), then he says it stores the password in the keychain, and then, he considers it and "updated" it. However, next attempt will not find the password in the keychain, so that the process will be repeated "ad nauseam".

  We are not allowed to discuss beta of Mac OS in public forums.

  When you register, you gave instructions for reporating problems.

  Please find this information and use it, so that developers can solve any problems you encounter.

• Trouble with my router WRT110

  Hello! All this problem started when I upgraded the machine I'm typing this on Windows 7 Ultimate.  No matter what I did, it wouldn't connect to the existing network. I finally found a way to connect by entering the identification number of the router, but it created a completely new network. My problem is here. I can create new networks open very well, but even if I try to create an encrypted network, it won't work - the computer does not detect the router. I need a network encrypted because I am required by law to have one in my business, and I have no idea how set up. The network is composed of this machine that I use a Macbook and a TiVo DVR, as well as my laptop which is being repaired. I might also add that I have a problem with the software that came with the router. Ideally, I would have a secure network with a password that is easily memorable so that can reach other machines. I spent many hours on this I'm really at a loss, and some instructions step by step would be greatly appreciated. Thanks in advance,

  ~ Eric

  1. you should always access the web interface via a wired connection. Through a wireless link, you can configure the router of your neighbor accidentally. And of course you should also never make changes on settings wireless via a wireless link. So, always use a wired connection only for this purpose.

  2. it does not affect your network as it is. It only changes the configuration of the router. If you change the configuration of the router wireless, of course, it will affect all existing wireless links to the router (if any).

  3. you must not choose a password "easily memorable. It's always a bad idea. The wireless password is usually only once entry on each wireless device to connect to the router. The wireless device usually remember the passphrase. Thus, it is best to choose a strong password, for example a random generated password longer. It is much safer.

• SSH permissions

  I know that this has been done, but I can't find here or elsewhere.

  I just reinstalled my SSH protocols after replacing a hard drive on the server and (data only) restore from a Time Machine backup. I seemed to have to start the SSH process from scratch.

  I'm from the procedure (which I learned here) ctlow.ca/SSH-VPN_MacOSX.html.

  It worked, but when I connect from the client, it just goes through without asking for password. I think that he asked a password the first time, the password private key (?), but he used to ask for it (in a small text box, echo) every time and then the password (?) server in the Terminal itself, not taken over.

  Now, none of those happening.

  So, I found some notes I had made about it and reset the permissions as 700 .ssh folder and files inside like 600, on the server and the client.

  It ends up looking like this:

  ClientComputer: ~ ClientID$ ls - ael .ssh

  Total 24

  drwx - 5 personal ClientID 170 11 Sep 15:24.

  drwxr-x-wx + 24 personal ClientID 816 13 Sep 08:26...

  0: Group: everyone deny delete

  -rw-@ 1 personal ClientID 32 10 February 2012 config

  -rw - 1 1766 11 Sep 15:11 id_rsa personal ClientID

  -rw - 1 818 11 Sep 15:33 known_hosts personal ClientID

  ====

  ServerComputer: ~ ServerID$ ls - ael .ssh

  Total 16

  drwx - 4 personal ServerID 136 11 Sep 15:28.

  drwxr-xr-x @ 25 personal ServerID 850 11 Sep 15:30...

  0: Group: everyone deny delete

  -rw - 1 416 11 Sep 15:28 authorized_keys personal ServerID

  -rw - 1 391 11 Sep 15:26 known_hosts personal ServerID

  I don't think I'm particularly threatened, but I was happy to have to use two passwords to log into the SSH tunnel. No idea why I wonder no password now? (I did specify a passphrase when generating the key.)

  Thank you.

  Charles

  P.S. The customer running 10.9, 10.11 server.

  P.P.S. For the client-user info window showed "shared folder" which I don't know how it got that way and have unchecked the box. I doubt if that is related to my question.

  Hello Charles,

  I'm not sure what you were doing before, but it seems OK now.

  Most of the internet uses the same set of instructions that tell people not to use a password for the private key. It's a hassle to the running ssh-agent and most people struggle enough as it is with ssh. But on OS X, keychain using ssh-agent. Thus, when you provide a password for your private key, the first time you go, you will be asked (via a beautiful Aqua GUI) your password. You can expect that and save it in the keychain, hence, you will never be asked again. Then, if the rest of your ssh stuff is correct, it will pass all by as you describe. It sounds like what is happening now, and that's how it should work.

  If I were to speculate, I think that maybe before you run a custom build of ssh and ssh-agent command line version. This would explain the double Terminal passwords can be made echo and the other not.

• C20 - run API via SSH with plink logged on as admin

  Hi all

  What is the way of interacting ssh vith help API and application plink to run commands on a C20 looged as an administrator?

  I am able to execute commands as root for example to perform a reboot:

  Batch script:

  C:\putty\plink.exe-SSH IP_Addresss-l root pw - password C:\C20restartjob\c20.txt m

  C20.txt:

  echo restart now

  / sbin/reboot

  Output

  I would like to be able to run the commands API but being logged on as admin user.

  What I use in the c20.txt file if the command is recognized?

  SW: TC 6.X

  Thanks in advance for your advice.

  Played a little further - and found something that works for plink.

       C:\>PLINK.EXE -ssh testc60 -l admin -pw TANDBERG<>

  where C20. Cotains TXT:

       xcommand boot

       bye

  The "bye" is really useless if the reboot - to do, but if you show other xcommands then unplug the codec at the end of all your orders.

  Wayne
  --
  Remember the frequency responses and mark your question as answered as appropriate.

• Authorized SSH Keys

  I try to configure authentication using SSH on my ID I authorized keys generated my pair of keys using Puttygen.

  When I go in configure my key allowed, I can't determine what my Public Exponent is supposed to be. Anyone can shed some light?

  Thank you

  Mike J.

  PuTTY has been my favorite client SSH for nearly four years.

  I am currently using a recent version of PuTTY (2 July 2004), and the following instructions have been written for this new version. However, build everything from a snapshot taken in recent years should work.

  The main problem in establishing authorized SSH keys is that only the oldest RSA1 key format is acceptable. This means that you must indicate your key generator to create a RSA1 key, and you need to restrict the SSH client using the SSH1 protocol.

  Here is how you do it with recent versions of PuTTY:

  (1) launch puttygen

  (2) in the group 'Settings' at the bottom of the dialog box, click the type of key SSH1. Also, I would recommend to set the number of bits in the key generated to 2048.

  3) click on Generate... Follow the instructions. The key information appears in the upper pane of the dialog box.

  (4) clear on the 'key' comment editing area

  (5) to select all the text in the pane labeled "Public key for pasting into authorized_keys file" and press Ctrl-C.

  (6) areas of edition of type a password in the "Key passphrase" and "Confirm passphrase".

  7) click "save private key".

  (8) save the PuTTY private key file to a directory that is private to your Windows login (in the "Documents and Settings / (userid) /My Documents" subtree under Win2K/XP).

  (9) launch PuTTY

  (10) create a new PuTTY session as follows:

  Session:

  IP address: IP address of the sensor IDS

  Protocol: SSH

  Port: 22

  Connection:

  Auto-login username: cisco (or whatever connection you use on the sensor)

  Connection/SSH:

  Preferred SSH version: 1 only

  Connection/SSH/Auth:

  Private key for authentication file: Navigate to the. PPK file saved in step 8 above.

  Session: (back to top)

  Saved sessions: (enter the sensor name, click Save)

  11) click Open

  Use password authentication to connect to the sensor CLI, since we do not yet have the public key on the sensor.

  (12) type the following command in CLI and press ENTER:

  Configure the terminal

  (13) the following command in the CLI, but do not press ENTER again (make and type a space at the end):

  SSH authorized key mykey

  (14) right click of the mouse in the PuTTY terminal window... causing material Clipboard copied in step 5 to be entered in the CLI

  (15) press on enter

  (16) type the following command in CLI and press ENTER:

  output

  (17) confirm that the authorized key has been entered correctly. The following CLI command and press ENTER:

  view authorized ssh keys mykey

  (18) leave the CLI IDS. The following CLI command and press ENTER:

  output

  =====

  In my next post, I will finish these instructions...

• change ssh port?

  I'm changing the port ssh on my cisco 850 (ios v12.4 (4) T4)

  I found the following instructions: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804831de.html#wp1020480

  but most I've read this, I think that just speaks of reverse ssh.

  I want to change the port on which the router is listening to ssh sessions. is this possible? should I just before a foreign port to the internal ip address on port 22?

  I have a router Cisco 800 Series running 12.3 (7) T7 and have managed to change my SSH port by using something similar to the information provided in the link that you referenced.

  I don't remember where I found the config info, but it's here:

  Router (config) # ip port ssh 2229 62 Rotary

  Router (config) # access - list 129 allow tcp 0.0.0.x x.x.x.x any eq 2229

  Router (config) # line vty 0 4

  Router (config-Line) # access - class 129 in

  The first line sets the SSH port to 2229 - choose any port that is not in conflict with something important

  The rotating group is arbitrary and is NOT related to a given line VTY number

  The access list prevents all ports to access the router - fill the mask subnet and generic appropriate

  That's all there is to it. I tried several simultaneous sessions using the same number of port without problem.

  The only thing to watch is AAA. If you follow the example of your link using the 'login authentication default' statement, you need to enable AAA using 'aaa new-model' and follow with an order specifying where passwords will be checked.

  This could be 'aaa authentication login default group Ganymede + local' If you use a GANYMEDE server + with a downturn in the local database on the router, or something as simple as "aaa authentication login default" local to use the local database on the router.

  Hope this helps!

  Please provide your comments so that I know if it worked for you.

  Thank you!

  VRS

• SSH and Telnet access for catalyst 4503 list

  I was wondering the structure of command to apply an access list to ssh and telnet on a catalyst 4503. I keep a list of access for indoors and outdoors. Can afford two different IPs from the outside? Thank you

  You will need create an access list indicating the networks/hosts that you want to allow.

  -Example

  access-list 10 permit 10.10.1.10

  access-list 10 permit 10.10.2.10

  access-list 10 permit 127.1.0.0 0.0.255.255

  access-list 10 permit 192.168.1.0 0.0.0.255

  So you want to put this list of access on the VTY interfaces.

  -Example

  line vty 0 4

  access-class 10

  entry ssh transport * if you only want to SSH *.

  line vty 5 15

  access-class 10

  entry ssh transport * Ditto *.

  Now you can do all this with * line vty 0 15 * but, it gives you a better idea of what is happening. It is a simplistic configuration. Remember that it is advisable not to allow ssh. If you want to allow at the same time, let him * transport input ssh * out of the configuration.

  I hope that gives you an idea of the structure. If this is not the case, let me know.

• Content of the Validator package - Export Server logs-superuser for ssh

  I use Validator content pack to publish the contents of the pack. And I was able to publish according to the pop - up screen. The next step he seeks vRLI logs in using ssh. Who needs superuser to be created as shown below doc.  However, I am not able to change the password on the console of vCRLI as stated in the RFSO. I can do this on the web interface of vRLI? OR y at - it another way to do it.

  The console does ' t even take not the credentials of the administrator which I use for the user WEB interface.

  Here, any help would be appreciated.

  VMware vCenter Log Insight 1.5 Documentation Center

  Hello

  I don't know what is the procedure that you follow to set the root password, but please try the following steps. (Assuming that you have never set the root user password)

  On the console (CLI) of the master node:

  Root of type as username

  Press enter

  Again, press ENTER.

  Now type a new password

  And press ENTER.

  Retype the new password and press enter

  If someone has the installation program this virtual machine for you, you will need to ask them the password of root user, incase they put the password. The root user is on the paralytic and creating a user of root in the web INTERFACE or by using the web interface user admin user will NOT work on the CLI.

  If anyone configure the root password does not remember her or you can not access, then you need to reset the root user password by following these steps: (you may have tried this already)

  Reset the Root Password

  Once you are able to connect as root, you must run the following steps from the command line to collect the data. There is no way to collect the data of the user Web interface LI today.

  mkdir /storage/var/buckets; cd /storage/var/buckets; loginsight-dump-repo.sh 3; cd ..; tar cfz buckets.tar.gz buckets
  

• SSH access ESXi 4.1.0 fails

  Hi all

  I have a problem with SSH access on my server ESXi 4.1.0. The problem is that it keeps it all the time.

  Precesely more, I go to the tab "Configuration", "Safety profile", "Properties", "Remote Tech Support (SSH)" and configure the server running (I tried all three options). Then and for a few minutes, I can connect to the server using ssh, both with the root and non-root users. But after a few minutes the ssh server stops.

  I have no idea what's going on. Could you give me a hint to solve this problem?

  Thanls a lot for your help.

  Kind regards

  Agustin

  Hello

  Welcome to the community

  But after a few minutes the ssh server stops.

  Right, this is due to default security setting that stop ssh after a certain time (don't remember what are the exact numbers). If you want to enable SSH permanently you need to go to the screen of the ESX console and enable SSH from there

  http://vmwaremine.com/2010/10/25/how-to-enable-SSH-on-ESXi-4-1/

  See you soon
  Artur
  

  Please, do not forget the points of call of the "useful" or "correct" answers

• What happens if I don't remember the security issues and I'm stuck on my email?

  I don't remember my answers to security questions, and I'm also stuck on my email

  Hello

  As you can not receive emails, you will need to contact the Apple Support.

  The information is available here:

  Contact Apple for assistance with the security of the Apple ID - Apple Support accounts

• iPhone does not remember network wifi from 10.0.2 upgrade

  Hi, I have an iphone with OS 10.0.2 5s (A 14, 456). Given that I have updated to version 10 my phone does not remember the hidden network (hidden ssid, security wpa2, no proxy, without filter mac or anything special) at work. The AP is a Cisco Aironet 2602i works correctly for others (with iphones with os 10 and other phones/computers as well) and this worked well for me before the update. If I add once again the network by entering the name and password that it connects without any problem and works fine until I have disconnect or leaving the office. Once I disconnected or run out of reach and restart the connection (manual connect or just getting back to the beach) the network is no longer there as it never existed then I have to start the whole process from the beginning, if I want to use wifi.

  I have tried of course to restart the phone and add the network and remove it while I was connected and then add again, but so far nothing works.

  It is something he does not automatically connect, but because he forgets all the information I need to type again and again is quite annoying. Y at - there someone out there who could give advice what could be the problem and how to solve?

  Thank you!

  Hi Sircsak,

  All you have to do is reset the network settings.

  Go to settings > general > reset > reset network settings

  Finally, add your network.

  This should solve the problem.

  See you soon!

• I had to change my ID itunes because he remembered so I put in place and new id etc and it let me use t

  I need help with my paper on my phone has tried to do an update on its own (I think) and he asked for my apple id I remember and I created a new account, but it still doesn't let me log

  Hi gastrobl1960,

  I see you are be prompted to enter your information to Apple ID, but you forgot.

  Take a look at the following resource that we have on this topic:

  If you have forgotten your Apple - Apple Support ID

  If you have forgotten the password as well, these steps can also be useful for you, after determining which e-mail address you were using as a identifier Apple:
  If you forgot your Apple ID - Apple Support password

  See you soon!

• Can't ssh on Mac OS VPN server

  I can connect to my VPN L2TP server with my iPhone running iOS 10 through my network of data carriers and passed to my home network from Comcast, but everything does not work;

  What works:

  Access default Web site running the macOS Server using its IP address

  Public Web surfing

  I can ping my phone of any system IP address on my network

  What does not (what I tried):

  SSH to any system macOS on my network

  Access screen sharing on any system macOS on my network

  Resolve the local hostname to an IP address

  More information

  my iphone is running iOS 10

  My computers are running macOS Sierra

  I use Mac OS as host VPN server

  I use the client VPN L2TP iOS 10.

  Firewalls in the system is disabled.

  Typical VPN connections, you use the DNS server of your iPhone and not the DNS server of the network corresponding to your server.  In addition, Hello services are only available on the LAN.  So you have no way to resolve names to IP adrdesses for the network, you are VPNing.

  The only easy solution from an iPhone is to make a list of IP addresses and use them to connect instead of host names.  using IPs will work as long as your ISP does not also use the same internal (like 192.168 or 10.0) IP address than the network that you connect to.

• SSH keys no longer work after macOS Sierra Update

  Hello, I have a problem to connect my servers with my previously stored private ssh key in file .ssh with terminal commands or third-party applications. I should mention that I activated the filevault during the upgrade process. I see that my passphases are stored in the keychain, but I need to enter my password every time I want to connect to servers.

  Hello Marshall,

  Try to create a new ssh key. I think Sierra includes updated logic crypto and he doesn't like really old keys.