Skip to main content

Questions tagged [private-key]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
560 votes
33 answers
1.2m views

How do I tell Git for Windows where to find my private RSA key?

My Git setup runs fine on Linux, but when I try to set things up under Windows (using Git for Windows and TortoiseGit), I don't know where to put my private SSH key (or, better still, how to tell ssh ...
binaryorganic's user avatar
330 votes
2 answers
244k views

Create a public SSH key from the private key?

Let's suppose I have a SSH key, but I've deleted the public key part. I have the private key part. Is there some way I can regenerate the public key part?
Amandasaurus's user avatar
  • 32.5k
99 votes
6 answers
360k views

How to get a .pem file from ssh key pair?

I created a key pair using ssh-keygen and get the two clasic id_rsa and id_rsa.pub. I imported the public key into my AWS EC2 account. Now I created a windows instance and to decrypt that instance ...
user avatar
54 votes
6 answers
28k views

Stop ssh client from offering all the public keys it can find?

Like most sysadmins I use openssh all the time. I have about a dozen ssh keys, I like to have a different ssh key for each host. However this causes a problem when I am connecting to a host for the ...
Amandasaurus's user avatar
  • 32.5k
36 votes
9 answers
34k views

Bypass ssh key file permission check

I have an encrypted FAT volume (for compatibility) containing a private key file and other sensitive data. I want to connect to my server through SSH using my private key, but of course, as FAT doesn'...
instanceof me's user avatar
26 votes
6 answers
78k views

certutil: function failed: security library: bad database

when I'm using certutil it returns this error: certutil: function failed: security library: bad database. e.g. I can't list certs or keys How Can I fix this?
Zim3r's user avatar
  • 1,554
25 votes
5 answers
10k views

How to secure your CA's private key?

I'm about to implement my own Certification Authority (CA) for interal use only. Now there is a problem, that the CA private should never ever be exploited. So right now the private key is encrypted. ...
JMW's user avatar
  • 1,463
23 votes
4 answers
4k views

Why does Amazon release private keys instead of public keys?

My brain is wrapped around the axle on public and private keys. When you create a cloud server (instance) on Amazon's EC2 service and then want to connect to it via SSH, Amazon requires you to ...
Seth's user avatar
  • 433
22 votes
4 answers
27k views

How do I import a RSA SSH key into GPG as the _primary_ private key?

I currently have a SSH key that I've used for a while and I'd like to start using GnuPG with a new keyring. However, given that I've used my key for ages, I would like to still use that key in GPG as ...
SineSwiper's user avatar
  • 2,658
20 votes
11 answers
44k views

OpenVPN easy-rsa build-key automation?

I have a lot of keys to generate for my clients VPN server. Whenever I use easy-rsa to generate the keys like this: ./build-key client1 There is some output with a series of questions. The questions ...
Jake Wilson's user avatar
  • 8,964
20 votes
2 answers
3k views

Receiving a private key from server admin: ok or not?

I am to get access to a remote SFTP server. The admin has created a user for me, and generated a public/private key pair for me. Then he securely sent me the private key file, which I use for ...
matthiash's user avatar
  • 311
18 votes
4 answers
12k views

How to manage a web servers SSL private key protection (password vs. no password)?

We have a discussion in my company's security group about what's the worse of the following options to manage SSL private key. The web server needs access to the private key for the encryption ...
chmeee's user avatar
  • 7,450
16 votes
2 answers
8k views

In which order does OpenSSH try private keys?

I'm having a hard time finding proper docs on the order in which the OpenSSH client tries private keys for authenticating against a server, given that all of the following are present: key files with ...
sschuberth's user avatar
11 votes
3 answers
11k views

SSH does not allow the use of a key with group readable permissions

I have a development git server that deploys to a live server when the live branch is pushed to. Every user has their own login and therefore the post-receive hook which does the live deployment is ...
Jessie's user avatar
  • 213
11 votes
3 answers
6k views

Bastion server: use TCP forwarding VS placing private key on server

We have bastion server B. We need to SSH from A through B to C, using private key. What is the better option: Put the private SSH key on server B. We read that it's a bad idea to do that in a ...
user2503775's user avatar
11 votes
1 answer
1k views

Does generating a CSR through IIS 7.5 on Windows Server 2008 R2 always create a new private key?

Generating a CSR for a Windows 2008 R2 server and need to ensure that the private key used for the CSR is new. I have used OpenSSL before to create my own self-signed certs for testing and if I ...
jzimmerman2011's user avatar
11 votes
1 answer
28k views

ssh - Why isn't it trying my private key? [closed]

I'm trying to connect to a remote SSH server using a private key at ~/.ssh/id_rsa. When I ssh -v to the server I get the following: ... debug1: Authentications that can continue: publickey debug1: ...
Martin's user avatar
  • 236
10 votes
2 answers
5k views

How does changing a GPG encryption key's passphrase work?

I know that I can do (edit: fixed this; I'm interested in gpg NOT openssh) gpg --edit-key ...to change my passphrase for my key, but I'm not sure what this means. If I'm encrypting data on box A ...
jberryman's user avatar
  • 934
10 votes
8 answers
15k views

Ssh key accepted by host but client disconnect

Helo, I have a problem with SSH after fedora 23 installation. When i wan't to connect to my remote host with private key my host find the key : debug1: matching key found: file /home/theo/.ssh/...
Preovaleo's user avatar
  • 109
9 votes
2 answers
41k views

Entering Private Key Passphrase with Putty Command Line PSFTP.exe

I'm using psftp.exe to automate a file download but need to connect with a private key as explained below. I am able to connect, however, the private key requires a Passphrase. This procedure works ...
Eric's user avatar
  • 93
9 votes
1 answer
4k views

Can I get anSHA-256 certificate when the CSR is for SHA-1?

I've read: By default, OpenSSL cryptographic tools are configured to make SHA1 signatures. for example, if you want to generate a SHA256-signed certificate request (CSR) , add in the command line:...
joshua.paling's user avatar
9 votes
3 answers
12k views

How do I setup sshd to require both a private key and a password?

How do I setup sshd to require both a private key and a password? In /etc/ssh/sshd_config, I currently have: RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication yes But apparently ...
ryanprayogo's user avatar
9 votes
4 answers
16k views

What does this ssh error mean?

This is my last resort. I've been trying to figure out the problem here for hours. Here's the deal: I have copied my private key from machine #1 onto machine #2. Machine #1 is able to connect via ...
kevin's user avatar
  • 91
8 votes
5 answers
30k views

Recover an SSH private key?

I have an RSA key (generated by PuTTYgen) that's set up for logging in to a bunch of machines via SSH. Or rather, i HAD such a key. (The computer it was on crashed, to the point that a reinstall of ...
cHao's user avatar
  • 473
8 votes
2 answers
27k views

How to make in SSH private key from one line, three lines [closed]

i have ssh-key, something like this -----BEGIN RSA PRIVATE KEY----- my_super_secret_password -----END RSA PRIVATE KEY----- Of course this key does not work. When i am doing manual things, something, ...
Piduna's user avatar
  • 571
7 votes
2 answers
3k views

How to find out if an OpenSSL certificate was created by a certain private key?

I have an OpenSSl certificate. I also need the private key. I was told it is located somewhere on the server, and true enough, I found multiple SSL key files. Before I try them all by brute force: Is ...
k0pernikus's user avatar
  • 4,420
7 votes
2 answers
6k views

What are the risks in backing up private keys on services like Dropbox?

I have a couple of private keys that I use to administer Amazon EC2 instances. I recently lost these keys when I did a re-install of my computer and I found out that the CD-RW I'd backed them up to ...
brabster's user avatar
  • 183
7 votes
1 answer
9k views

Packer won't correctly use private key for SSH auth in provisioning step

I use Packer to build VirtualBox images, with the Ansible provisioner to set up the images. The builder step creates a temporary user (ssh_username and ssh_password). The Ansible provisioner runs ...
siride's user avatar
  • 619
7 votes
1 answer
5k views

haproxy ssl password protected private key

Usage: Haproxy as SSL termination Requirement: Our private keys are password protected and we are not allowed to remove the password for the private key Problem: If i run the following command ...
Naresh's user avatar
  • 71
6 votes
1 answer
3k views

Vim SCP parameter with private public key pair

Currently, I am trying to edit a file on a remote server using Vim's built-in netrw plugin. I can SSH fine into my Amazon EC2 server using a command like this: ssh -i <keyfile> bitname@<ec2-...
Delos Chang's user avatar
6 votes
1 answer
9k views

Does openssl always encrypt the private key?

When using openssl 0.9.8 to create a new self-signed cert+key, there is a -nodes parameter that can be used to tell openssl to not encrypt the private key it creates. For example: openssl req -x509 -...
Stéphane's user avatar
  • 456
6 votes
2 answers
3k views

Easy multi-level authentication for sudo

I have a FreeBSD server with password-based SSH enabled. I would like to enable sudo, but I do not want a potential attacker to be one password away from root access. My current solution is logging ...
Michael Ekstrand's user avatar
6 votes
2 answers
12k views

Passing a private key to scp from the command line instead of a file [closed]

Is there a way to pass the contents of a private key directly to the scp command instead of having to copy it to a file and pointing at it via the -i /path/to/key.pem option? So instead of doing: ...
Julian's user avatar
  • 555
5 votes
1 answer
23k views

How to export private key? (GnuPG) [closed]

I have successfully created GnuPG public/private key pair using RSA and RSA algorithm. How can I export a public key and private key in the form of file with the .asc extension?
rancho's user avatar
  • 181
5 votes
3 answers
424 views

how to prevent a user using private key after leaving organization?

In the enterprise environment, each user was issue a key pair for using to encrypting/signing. Since they have the private key, that mean they can decrypt any file that encrypt for them, even after ...
user avatar
5 votes
1 answer
3k views

Keeping track of SSH private keys without comments

SSH public keys support comments (which simply consist of text appended to the end of the key), which makes it easy to identify an otherwise unidentifiable id_rsa.pub file. You can use the comment to ...
Frogging101's user avatar
4 votes
2 answers
1k views

How to SSH to a remote server using a private key on Linux?

I have been trying to connect to a remote server using my private key file from the terminal, but it doesn't seem to work. I don't understand why. Here is how I do it: $ ssh -i private.ppk [email protected]....
Fokwa Best's user avatar
4 votes
3 answers
20k views

Apache SSL without Private Key

We are currently working with a client who needs SAML authentication to setup their QA site on our servers. They have sent us the CRT file for the SSL to install, however they are not sending the key. ...
DidierTech's user avatar
4 votes
3 answers
12k views

Forgot the password for an encrypted SSH key that's in my (gnome) SSH agent. How do I extract unencrypted version? [closed]

OK, I have an encrypted ssh private key that provides access to a server. My Ubuntu GNOME desktop has an integrated graphical ssh agent (seahorse v3.2.2). That ssh key is in this ssh agent and it's ...
Amandasaurus's user avatar
  • 32.5k
4 votes
2 answers
2k views

Extract private key from Domino keyring

I'm trying to use a multipurpose certificate on an infrastucture that contains a Domino 7 server. To accomplish this, I tried: Generate a CSR outside of Domino: I'm able to use the produced ...
Andrea Colleoni's user avatar
4 votes
1 answer
1k views

Get SSH fingerprint from remote server securely?

I had thought about this and my host provides out of band support, so I could simply create the key fingerprint out of band and compare it when connecting to that server from home. Is there any other ...
James l.'s user avatar
4 votes
1 answer
954 views

What happens when someone gets to know the secret key (of the web server / a CA)?

basically, I have three questions and I would be grateful for a brief explanation of the differences in the consequences of these thefts: What happens when someone gets to know the secret key of the ...
Marcel C's user avatar
4 votes
1 answer
4k views

Node + PM2 - How to securely read SSL private key with non-root user?

I'm looking for a way to run node via PM2 whilst reading an SSL private-key that is placed in a secure directory. Details: Bitnami LEMP stack with Node permissions for /etc/ssl/private: drwx------ ...
jolian's user avatar
  • 107
4 votes
1 answer
2k views

Can apache use a key agent to store private keys for SSL?

For mod_ssl in apache to work, you need your RSA private key on the server. If the key is passphrase protected, you have to enter the passphrase whenever you restart apache. There is ...
Corey Henderson's user avatar
4 votes
1 answer
14k views

How can I use an SSL certificate generated with Java keytool with Nginx?

I used the Java keytool to generate a "keystore": keytool -genkey -alias example.com -keyalg RSA -keystore example.com.keystore Then I generated a CSR (Certificate Signing Request): keytool ...
Jonas's user avatar
  • 1,207
4 votes
1 answer
293 views

Authentication using SSL certificates -- General Question

SSL client authentication using certificates -- it's a complex topic, and I think I've learned just enough to make it even more complex. Here is my basic understanding: A public and private key are ...
Nick's user avatar
  • 203
3 votes
3 answers
13k views

Why can't I ssh into my server using my private key?

I just setup my new server as I used to, and this time I can't login using my private key. The server is ubuntu 11.04. And I have setup following ssh key directories. root@myserv: ls -la drwx------ ...
user61342's user avatar
  • 159
3 votes
3 answers
3k views

Securing SSL certificate private key with nginx

I've been researching how to secure privaye keys for SSL certificats using nginx as a webserver, but have not been able to find many satisfactory answers. Specifically, for a client who wants to me ...
Buno's user avatar
  • 165
3 votes
1 answer
20k views

SFTP asks for passphrase for unencrypted private key, but WinSCP works fine?

Summary: I want to SFTP a file from one server to another, authorizing with a private-key. I believe the public key is installed correctly (WinSCP lets me log in with private key), and I ...
Paul's user avatar
  • 173
3 votes
1 answer
7k views

Powershell self-signed certifcate private key not exportable

Using Powershell, I'm attempting to create a self-signed ssl certificate with a private key that can be exported. I've read and followed various tutorials, however the end result is always that no ...
Ryan DiFrancesco's user avatar