You are at the newest post.

putty and ssh public key authentication

hardly ever did i bother to use putty as a normal terminal usually does what i want. unfortunately, there is an "operating system" whose name i will not mention that considers itself so different that the variety of available terminals for it is pretty low.

needing to tunnel an audio stream, i finally engaged in the quest for working ssh public key authentication using putty on such a system. needless to say, i read Chapter 8: Using public keys for SSH authentication and Chapter 9: Using Pageant for authentication of its documentation.

also needless to say, i couldn't have imagined how many pitfalls it contains. on unix, generating a key pair and sending the public key over is something that does not take more than a minute.

putty saved the generated keys somewhere, with the private key named .ppk and the public named whatever. it also offers to export something into openssh format which was what i wanted. i was nevertheless amazed that this file only contains the private key.

the public key that is needed to be put into server:.ssh/authorized_keys looked like some other rsa key that are used for ssl certificates but not very much like the keys that are normally stored in .ssh/authorized_keys. there is something that will output this format that i found on unix but not yet on other platforms,  -O public-openssh.

remedy:

edit a copy of this public key file with a text editor, delete all the boilerplate stuff, write ssh-rsa / ssh-dsa on the beginning of the line with the actual key, join all further lines of it to just one, append something like user@host at the end and delete all the rest. the file is now ready to be appended to the other keys in authorized_keys.

the documentation on puttygen on unix has options to directly output this format using -O public-openssh . in this case i did it manually, from this:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20110410"
AAAAB3NzaC1yc2EAAAABJQAAAIEAqW/3hc9LgrNfYHFdBU37AM45s0OLfDJ1isvh
V5Ug4h0d/YzY8uzjRcZU5FrUz3NAsLlkgZck7M3Dg61/6oSZRDYAOZwsWJWhv+bx
uBY6Y2JEiFTZP1vIJoaj2v3nJz07w5n6ZtueCtodUWLi8MHotC6+zsXEmCbhI1RR
7u/8ork=
---- END SSH2 PUBLIC KEY ----


into this:


ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAqW/3hc9LgrNfYHFdBU37AM45s0OLfDJ1isvhV5Ug4h0d/YzY8uzjRcZU5FrUz3NAsLlkgZck7M3Dg61/6oSZRDYAOZwsWJWhv+bxuBY6Y2JEiFTZP1vIJoaj2v3nJz07w5n6ZtueCtodUWLi8MHotC6+zsXEmCbhI1RR7u/8ork= user@host


run:

start pageant. i will hang out in the system tray and yes, private keys can be read into it and decrypted at which point it workedforme(tm).

problem:

 u got grub, lilo or something in your partitions but the shit doesnt boot


solution:

 fuck the harddisks MBR over to get a bootmenu that boots any fuckin partition, regardless of whats inside


how-to-repeat:

DISCLAIMER: if you wipe your harddisk(s) trying this its your dogdamn own fault.
also, dos partition labels only. no idea if this works on gpt.

NOTE: this snippet was almost finished but got fucked up on the way. it prolly sounded nicer before.

entering:

some FreeBSD bootmedium (ie. a freesbie image if that works for you or maybe something more recent: a CD, Stick etc)

boot the thing and get root.

make your mind up about which disk you want to replace the MBR of.
if there is just one disk in the box, and this is a PATA disk connected as master on the first bus, the bios will likely call it 0x80 (0x81 for the 2nd etc.).
also, in this case the os will likely call it ad0.

knowing the disks name in terms of bios and OS numbering will help in hitting the right disk.

making the mbr writable:

  sysctl kern.geom.debugflags=0x10


write a new mbr without affecting the partitions on it:

  boot0cfg -B -v -d 0x80 ad0


if everything went well, on next reboot you'll be greeted with a little chooser for booting.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.