Cygwin+SSH : Permission Problem - SSH

This is a discussion on Cygwin+SSH : Permission Problem - SSH ; Could somebody help me here? While I use Putty to access a remote host via ssh, it doesn't work with Cygwin's ssh. Here is what I have: # This is my private key file $ ls -l /cygdrive/h/etcsec/fischron.ppk -rw------- 1 ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: Cygwin+SSH : Permission Problem

  1. Cygwin+SSH : Permission Problem

    Could somebody help me here? While I use Putty to access a
    remote host via ssh, it doesn't work with Cygwin's ssh. Here
    is what I have:

    # This is my private key file
    $ ls -l /cygdrive/h/etcsec/fischron.ppk
    -rw------- 1 fischron mkgroup-l-d 802 May 8 16:06 /cygdrive/h/etcsec/
    fischron.ppk

    $ ls -dl etcsec
    drwx------+ 1 fischron mkgroup-l-d 0 May 8 16:06 etcsec

    # This is what ssh says:
    mucn13154:~ 1 199 $ ssh -i $HOME/etcsec/fischron.ppk -2 -p 22
    fischron@...
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    Permissions 0644 for '/cygdrive/h/etcsec/fischron.ppk' are too open.
    It is recommended that your private key files are NOT accessible by
    others.
    This private key will be ignored.
    bad permissions: ignore key: /cygdrive/h/etcsec/fischron.ppk
    Password:


    Somehow ssh sees different permissions than I have set
    with chmod....

    Ronald

  2. Re: Cygwin+SSH : Permission Problem

    Additional information to my posting:

    I found that this error message was only caused when the environment
    variable CYGWIN was
    not set to smbntsec.

    When I do an

    export CYGWIN=smbntsec

    ssh now asks me

    Enter passphrase for key 'etcsec/fischron.ppk':

    which is also strange, since the whole purpose of passing the private
    key file to ssh ist that
    I don't have to specify a passphrase. What else am I missing?

    Ronald

  3. Re: Cygwin+SSH : Permission Problem

    On 2008-05-08, RonaldOttoValentinFischer wrote:
    > Could somebody help me here? While I use Putty to access a
    > remote host via ssh, it doesn't work with Cygwin's ssh. Here
    > is what I have:
    >
    > # This is my private key file
    > $ ls -l /cygdrive/h/etcsec/fischron.ppk
    > -rw------- 1 fischron mkgroup-l-d 802 May 8 16:06 /cygdrive/h/etcsec/
    > fischron.ppk
    >
    > $ ls -dl etcsec
    > drwx------+ 1 fischron mkgroup-l-d 0 May 8 16:06 etcsec
    >
    > # This is what ssh says:
    > mucn13154:~ 1 199 $ ssh -i $HOME/etcsec/fischron.ppk -2 -p 22
    > fischron@...
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > Permissions 0644 for '/cygdrive/h/etcsec/fischron.ppk' are too open.
    > It is recommended that your private key files are NOT accessible by
    > others.
    > This private key will be ignored.
    > bad permissions: ignore key: /cygdrive/h/etcsec/fischron.ppk
    > Password:
    >
    >
    > Somehow ssh sees different permissions than I have set
    > with chmod....
    >
    > Ronald


    What does "ls -l /cygdrive/h/etcsec/fischron.ppk" in the cygwin
    shell show?


    --
    Christopher Mattern

    NOTICE
    Thank you for noticing this new notice
    Your noticing it has been noted
    And will be reported to the authorities

  4. Re: Cygwin+SSH : Permission Problem

    RonaldOttoValentinFischer wrote:
    > ssh now asks me
    >
    > Enter passphrase for key 'etcsec/fischron.ppk':
    >
    > which is also strange, since the whole purpose of passing the
    > private key file to ssh is that I don't have to specify a
    > passphrase. What else am I missing?


    Are you sure your key is in the right format? I haven't heard that
    OpenSSH can handle PuTTY's .ppk format for private keys. (Of course,
    if it can and nobody's happened to tell me, that'd be great!)
    --
    Simon Tatham "Thieves respect property; they only wish the property to
    be their own, that they may more properly respect it."

  5. Re: Cygwin+SSH : Permission Problem

    On 8 May, 16:14, Simon Tatham wrote:
    > RonaldOttoValentinFischer * wrote:
    > > ssh now asks me

    >
    > > * Enter passphrase for key 'etcsec/fischron.ppk':

    >
    > > which is also strange, since the whole purpose of passing the
    > > private key file to ssh is that I don't have to specify a
    > > passphrase. What else am I missing?

    >
    > Are you sure your key is in the right format? I haven't heard that
    > OpenSSH can handle PuTTY's .ppk format for private keys. (Of course,
    > if it can and nobody's happened to tell me, that'd be great!)
    > --
    > Simon Tatham * * * * "Thieves respect property; they only wish theproperty to
    > * *be their own, that they may more properly respect it."


    It still can't. You need to use Puttygen to transform it properly to
    the OpenSSH compatible format.

    And Hi, Simon! Thanks for your work with Putty: any word on when it
    might incorporate GSSAPI directly, rather than requiring me to get the
    fork from Quest Software?

  6. Re: Cygwin+SSH : Permission Problem

    On 8 Mai, 16:48, Chris Mattern wrote:
    > On 2008-05-08, RonaldOttoValentinFischer wrote:
    >
    >
    >
    > > Could somebody help me here? While I use Putty to access a
    > > remote host via ssh, it doesn't work with Cygwin's ssh. Here
    > > is what I have:

    >
    > > # This is my private key file
    > > $ ls -l /cygdrive/h/etcsec/fischron.ppk
    > > -rw------- 1 fischron mkgroup-l-d 802 May 8 16:06 /cygdrive/h/etcsec/
    > > fischron.ppk

    >
    > > $ ls -dl etcsec
    > > drwx------+ 1 fischron mkgroup-l-d 0 May 8 16:06 etcsec

    >
    > > # This is what ssh says:
    > > mucn13154:~ 1 199 $ ssh -i $HOME/etcsec/fischron.ppk -2 -p 22
    > > fischron@...
    > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    > > Permissions 0644 for '/cygdrive/h/etcsec/fischron.ppk' are too open.
    > > It is recommended that your private key files are NOT accessible by
    > > others.
    > > This private key will be ignored.
    > > bad permissions: ignore key: /cygdrive/h/etcsec/fischron.ppk
    > > Password:

    >
    > > Somehow ssh sees different permissions than I have set
    > > with chmod....

    >
    > > Ronald

    >
    > What does "ls -l /cygdrive/h/etcsec/fischron.ppk" in the cygwin
    > shell show?
    >


    Well, as I wrote in my posting, it show:

    -rw------- 1 fischron mkgroup-l-d 802 May 8 16:06 /cygdrive/h/
    etcsec/

    So this should be fine.

    Ronald

  7. Re: Cygwin+SSH : Permission Problem

    On 8 Mai, 17:14, Simon Tatham wrote:
    > Are you sure your key is in the right format? I haven't heard that
    > OpenSSH can handle PuTTY's .ppk format for private keys. (Of course,
    > if it can and nobody's happened to tell me, that'd be great!)


    If this is so, it could be indeed the reason!! Actually, I thought
    everything dealing
    with ssh is standardized, so I assumed that I can use the same key
    file for putty and for Cygwin's ssh.

    So how would I have to proceed, if I want to use putty and Cygwin ssh
    on the same machine in order to connect to a remote host?

    Ronald

  8. Re: Cygwin+SSH : Permission Problem

    RonaldOttoValentinFischer wrote:
    > If this is so, it could be indeed the reason!! Actually, I thought
    > everything dealing with ssh is standardized, so I assumed that I can
    > use the same key file for putty and for Cygwin's ssh.


    Unfortunately not: I know of three different formats for SSH-2
    private key files. (The SSH-1 private key format _is_ de-facto
    standardised, oddly.)

    This is at least partly my fault: I invented a new format for
    PuTTY's private keys instead of using one of the existing formats.
    There was a reason, however: PuTTY's key format keeps the public key
    in plaintext (meaning the client can do initial negotiation with the
    server by itself, and doesn't have to ask for your passphrase until
    it really needs to construct a signature), while also tamperproofing
    it with a MAC (defeating some attacks against half-encrypted private
    key files which work by modifying the public half of the key in such
    a way that the signatures subsequently computed by the client reveal
    information about the private half). I therefore think it's superior
    to other key formats (which are all either vulnerable to such
    attacks, or less convenient to use) and would like to see other
    people start using it :-)

    > So how would I have to proceed, if I want to use putty and Cygwin ssh
    > on the same machine in order to connect to a remote host?


    As Nico says: load your private key into PuTTYgen, and export it in
    OpenSSH's private key format. (The Windows PuTTYgen can do this for
    you in a GUI fashion, or the Unix one can do it on the command line;
    your choice.)
    --
    Simon Tatham "That all men should be brothers is a
    dream of people who have no brothers."

  9. Re: Cygwin+SSH : Permission Problem

    Nico Kadel-Garcia wrote:
    > And Hi, Simon! Thanks for your work with Putty: any word on when it
    > might incorporate GSSAPI directly, rather than requiring me to get the
    > fork from Quest Software?


    As it happens, Owen is actively working on integrating GSSAPI into
    the main PuTTY source base. I can't promise exactly when that might
    happen, but I'd certainly expect it by the next release. (he says,
    having no real idea when _that_ might happen either :-)
    --
    Simon Tatham "infinite loop _see_ loop, infinite"
    - Index, Borland Pascal Language Guide

  10. Re: Cygwin+SSH : Permission Problem

    Simon Tatham wrote:
    > Nico Kadel-Garcia wrote:
    >> And Hi, Simon! Thanks for your work with Putty: any word on when it
    >> might incorporate GSSAPI directly, rather than requiring me to get the
    >> fork from Quest Software?

    >
    > As it happens, Owen is actively working on integrating GSSAPI into
    > the main PuTTY source base. I can't promise exactly when that might
    > happen, but I'd certainly expect it by the next release. (he says,
    > having no real idea when _that_ might happen either :-)


    Good. The other package is useful, but the installer is not so good as yours,
    and I'd rather see such features in the main codeline.

+ Reply to Thread