Questions tagged [private-key]
The private-key tag has no usage guidance.
169
questions
560
votes
33
answers
1.2m
views
How do I tell Git for Windows where to find my private RSA key?
My Git setup runs fine on Linux, but when I try to set things up under Windows (using Git for Windows and TortoiseGit), I don't know where to put my private SSH key (or, better still, how to tell ssh ...
330
votes
2
answers
244k
views
Create a public SSH key from the private key?
Let's suppose I have a SSH key, but I've deleted the public key part. I have the private key part. Is there some way I can regenerate the public key part?
99
votes
6
answers
360k
views
How to get a .pem file from ssh key pair?
I created a key pair using ssh-keygen and get the two clasic id_rsa and id_rsa.pub.
I imported the public key into my AWS EC2 account.
Now I created a windows instance and to decrypt that instance ...
54
votes
6
answers
28k
views
Stop ssh client from offering all the public keys it can find?
Like most sysadmins I use openssh all the time. I have about a dozen ssh keys, I like to have a different ssh key for each host. However this causes a problem when I am connecting to a host for the ...
36
votes
9
answers
34k
views
Bypass ssh key file permission check
I have an encrypted FAT volume (for compatibility) containing a private key file and other sensitive data.
I want to connect to my server through SSH using my private key, but of course, as FAT doesn'...
26
votes
6
answers
78k
views
certutil: function failed: security library: bad database
when I'm using certutil it returns this error: certutil: function failed: security library: bad database.
e.g. I can't list certs or keys
How Can I fix this?
25
votes
5
answers
10k
views
How to secure your CA's private key?
I'm about to implement my own Certification Authority (CA) for interal use only.
Now there is a problem, that the CA private should never ever be exploited. So right now the private key is encrypted.
...
23
votes
4
answers
4k
views
Why does Amazon release private keys instead of public keys?
My brain is wrapped around the axle on public and private keys. When you create a cloud server (instance) on Amazon's EC2 service and then want to connect to it via SSH, Amazon requires you to ...
22
votes
4
answers
27k
views
How do I import a RSA SSH key into GPG as the _primary_ private key?
I currently have a SSH key that I've used for a while and I'd like to start using GnuPG with a new keyring. However, given that I've used my key for ages, I would like to still use that key in GPG as ...
20
votes
11
answers
44k
views
OpenVPN easy-rsa build-key automation?
I have a lot of keys to generate for my clients VPN server. Whenever I use easy-rsa to generate the keys like this:
./build-key client1
There is some output with a series of questions. The questions ...
20
votes
2
answers
3k
views
Receiving a private key from server admin: ok or not?
I am to get access to a remote SFTP server. The admin has created a user for me, and generated a public/private key pair for me. Then he securely sent me the private key file, which I use for ...
18
votes
4
answers
12k
views
How to manage a web servers SSL private key protection (password vs. no password)?
We have a discussion in my company's security group about what's the worse of the following options to manage SSL private key.
The web server needs access to the private key for the encryption ...
16
votes
2
answers
8k
views
In which order does OpenSSH try private keys?
I'm having a hard time finding proper docs on the order in which the OpenSSH client tries private keys for authenticating against a server, given that all of the following are present:
key files with ...
11
votes
3
answers
11k
views
SSH does not allow the use of a key with group readable permissions
I have a development git server that deploys to a live server when the live branch is pushed to.
Every user has their own login and therefore the post-receive hook which does the live deployment is ...
11
votes
3
answers
6k
views
Bastion server: use TCP forwarding VS placing private key on server
We have bastion server B.
We need to SSH from A through B to C, using private key.
What is the better option:
Put the private SSH key on server B. We read that it's a bad idea to do that in a ...
11
votes
1
answer
1k
views
Does generating a CSR through IIS 7.5 on Windows Server 2008 R2 always create a new private key?
Generating a CSR for a Windows 2008 R2 server and need to ensure that the private key used for the CSR is new.
I have used OpenSSL before to create my own self-signed certs for testing and if I ...
11
votes
1
answer
28k
views
ssh - Why isn't it trying my private key? [closed]
I'm trying to connect to a remote SSH server using a private key at ~/.ssh/id_rsa. When I ssh -v to the server I get the following:
...
debug1: Authentications that can continue: publickey
debug1: ...
10
votes
2
answers
5k
views
How does changing a GPG encryption key's passphrase work?
I know that I can do (edit: fixed this; I'm interested in gpg NOT openssh)
gpg --edit-key
...to change my passphrase for my key, but I'm not sure what this means.
If I'm encrypting data on box A ...
10
votes
8
answers
15k
views
Ssh key accepted by host but client disconnect
Helo,
I have a problem with SSH after fedora 23 installation.
When i wan't to connect to my remote host with private key my host find the key :
debug1: matching key found: file /home/theo/.ssh/...
9
votes
2
answers
41k
views
Entering Private Key Passphrase with Putty Command Line PSFTP.exe
I'm using psftp.exe to automate a file download but need to connect with a private key as explained below. I am able to connect, however, the private key requires a Passphrase.
This procedure works ...
9
votes
1
answer
4k
views
Can I get anSHA-256 certificate when the CSR is for SHA-1?
I've read:
By default, OpenSSL cryptographic tools are configured to make SHA1 signatures.
for example, if you want to generate a SHA256-signed certificate request (CSR) , add in the command line:...
9
votes
3
answers
12k
views
How do I setup sshd to require both a private key and a password?
How do I setup sshd to require both a private key and a password?
In /etc/ssh/sshd_config, I currently have:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
But apparently ...
9
votes
4
answers
16k
views
What does this ssh error mean?
This is my last resort. I've been trying to figure out the problem here for hours.
Here's the deal: I have copied my private key from machine #1 onto machine #2. Machine #1 is able to connect via ...
8
votes
5
answers
30k
views
Recover an SSH private key?
I have an RSA key (generated by PuTTYgen) that's set up for logging in to a bunch of machines via SSH. Or rather, i HAD such a key. (The computer it was on crashed, to the point that a reinstall of ...
8
votes
2
answers
27k
views
How to make in SSH private key from one line, three lines [closed]
i have ssh-key, something like this
-----BEGIN RSA PRIVATE KEY----- my_super_secret_password -----END RSA PRIVATE KEY-----
Of course this key does not work. When i am doing manual things, something, ...
7
votes
2
answers
3k
views
How to find out if an OpenSSL certificate was created by a certain private key?
I have an OpenSSl certificate. I also need the private key. I was told it is located somewhere on the server, and true enough, I found multiple SSL key files.
Before I try them all by brute force: Is ...
7
votes
2
answers
6k
views
What are the risks in backing up private keys on services like Dropbox?
I have a couple of private keys that I use to administer Amazon EC2 instances.
I recently lost these keys when I did a re-install of my computer and I found out that the CD-RW I'd backed them up to ...
7
votes
1
answer
9k
views
Packer won't correctly use private key for SSH auth in provisioning step
I use Packer to build VirtualBox images, with the Ansible provisioner to set up the images. The builder step creates a temporary user (ssh_username and ssh_password). The Ansible provisioner runs ...
7
votes
1
answer
5k
views
haproxy ssl password protected private key
Usage: Haproxy as SSL termination
Requirement: Our private keys are password protected and we are not allowed to remove the password for the private key
Problem:
If i run the following command ...
6
votes
1
answer
3k
views
Vim SCP parameter with private public key pair
Currently, I am trying to edit a file on a remote server using Vim's built-in netrw plugin. I can SSH fine into my Amazon EC2 server using a command like this:
ssh -i <keyfile> bitname@<ec2-...
6
votes
1
answer
9k
views
Does openssl always encrypt the private key?
When using openssl 0.9.8 to create a new self-signed cert+key, there is a -nodes parameter that can be used to tell openssl to not encrypt the private key it creates. For example:
openssl req -x509 -...
6
votes
2
answers
3k
views
Easy multi-level authentication for sudo
I have a FreeBSD server with password-based SSH enabled. I would like to enable sudo, but I do not want a potential attacker to be one password away from root access. My current solution is logging ...
6
votes
2
answers
12k
views
Passing a private key to scp from the command line instead of a file [closed]
Is there a way to pass the contents of a private key directly to the scp command instead of having to copy it to a file and pointing at it via the -i /path/to/key.pem option?
So instead of doing:
...
5
votes
1
answer
23k
views
How to export private key? (GnuPG) [closed]
I have successfully created GnuPG public/private key pair using RSA and RSA algorithm. How can I export a public key and private key in the form of file with the .asc extension?
5
votes
3
answers
424
views
how to prevent a user using private key after leaving organization?
In the enterprise environment, each user was issue a key pair for using to encrypting/signing. Since they have the private key, that mean they can decrypt any file that encrypt for them, even after ...
5
votes
1
answer
3k
views
Keeping track of SSH private keys without comments
SSH public keys support comments (which simply consist of text appended to the end of the key), which makes it easy to identify an otherwise unidentifiable id_rsa.pub file. You can use the comment to ...
4
votes
2
answers
1k
views
How to SSH to a remote server using a private key on Linux?
I have been trying to connect to a remote server using my private key file from the terminal, but it doesn't seem to work. I don't understand why. Here is how I do it:
$ ssh -i private.ppk [email protected]....
4
votes
3
answers
20k
views
Apache SSL without Private Key
We are currently working with a client who needs SAML authentication to setup their QA site on our servers. They have sent us the CRT file for the SSL to install, however they are not sending the key. ...
4
votes
3
answers
12k
views
Forgot the password for an encrypted SSH key that's in my (gnome) SSH agent. How do I extract unencrypted version? [closed]
OK, I have an encrypted ssh private key that provides access to a server. My Ubuntu GNOME desktop has an integrated graphical ssh agent (seahorse v3.2.2). That ssh key is in this ssh agent and it's ...
4
votes
2
answers
2k
views
Extract private key from Domino keyring
I'm trying to use a multipurpose certificate on an infrastucture that contains a Domino 7 server.
To accomplish this, I tried:
Generate a CSR outside of Domino: I'm able to use the produced ...
4
votes
1
answer
1k
views
Get SSH fingerprint from remote server securely?
I had thought about this and my host provides out of band support, so I could simply create the key fingerprint out of band and compare it when connecting to that server from home.
Is there any other ...
4
votes
1
answer
954
views
What happens when someone gets to know the secret key (of the web server / a CA)?
basically, I have three questions and I would be grateful for a brief explanation of the differences in the consequences of these thefts:
What happens when someone gets to know the secret key of the ...
4
votes
1
answer
4k
views
Node + PM2 - How to securely read SSL private key with non-root user?
I'm looking for a way to run node via PM2 whilst reading an SSL private-key that is placed in a secure directory.
Details:
Bitnami LEMP stack with Node
permissions for /etc/ssl/private:
drwx------ ...
4
votes
1
answer
2k
views
Can apache use a key agent to store private keys for SSL?
For mod_ssl in apache to work, you need your RSA private key on the server. If the key is passphrase protected, you have to enter the passphrase whenever you restart apache. There is ...
4
votes
1
answer
14k
views
How can I use an SSL certificate generated with Java keytool with Nginx?
I used the Java keytool to generate a "keystore":
keytool -genkey -alias example.com -keyalg RSA -keystore example.com.keystore
Then I generated a CSR (Certificate Signing Request):
keytool ...
4
votes
1
answer
293
views
Authentication using SSL certificates -- General Question
SSL client authentication using certificates -- it's a complex topic, and I think I've learned just enough to make it even more complex.
Here is my basic understanding: A public and private key are ...
3
votes
3
answers
13k
views
Why can't I ssh into my server using my private key?
I just setup my new server as I used to, and this time I can't login using my private key.
The server is ubuntu 11.04. And I have setup following ssh key directories.
root@myserv: ls -la
drwx------ ...
3
votes
3
answers
3k
views
Securing SSL certificate private key with nginx
I've been researching how to secure privaye keys for SSL certificats using nginx as a webserver, but have not been able to find many satisfactory answers.
Specifically, for a client who wants to me ...
3
votes
1
answer
20k
views
SFTP asks for passphrase for unencrypted private key, but WinSCP works fine?
Summary:
I want to SFTP a file from one server to another, authorizing with a private-key.
I believe the public key is installed correctly (WinSCP lets me log in with private key), and I ...
3
votes
1
answer
7k
views
Powershell self-signed certifcate private key not exportable
Using Powershell, I'm attempting to create a self-signed ssl certificate with a private key that can be exported. I've read and followed various tutorials, however the end result is always that no ...