agent forwarding problem

Hi,

I normally do an ssh or scp connection between Unix boxes and I now need to do it through a WinXP box. I've generated the 2048 bit RSA (SSH2) keys using puTTYgen and uploaded the public key to the ~/.ssh/authorized_keys file on the Unix box.

Now when I use WinSCP3 (version 3.7.6) I enter the host name and user name. I enable agent forwarding and start pageant and load my private .ppk key into it.

I choose the scp protocol, click Login, and I get the usual warning message. When I hit enter to start working the password window pops up.

The only difference is that I use ssh not ssh2 on my Unix box to Unix box connections, while I'm using ssh2 keys for the XP to Unix connection. Could the Unix box be rejecting the private key when I try to connnect from XP? If so, does that mean the Unix box I'm using isn't using OpenSSH? I did try to us ssh1 encryption but WinSCP says there's an SSH1 issue when trying to connect via the SCP protocol.

ls6v wrote:

Now when I use WinSCP3 (version 3.7.6) I enter the host name and user name. I enable agent forwarding and start pageant and load my private .ppk key into it.

You probably do not need agent forwarding. Read documentation to find out what it is good for.

I choose the scp protocol, click Login, and I get the usual warning message. When I hit enter to start working the password window pops up.

When you are connecting of other Unix box, do you also use public key authentication? Does it work? Have you tryed to use the same key in WinSCP? When authentication failes, do you see message "server has refused our key" in the authentication log?

Could the Unix box be rejecting the private key when I try to connnect from XP?

Should not.

If so, does that mean the Unix box I'm using isn't using OpenSSH?

Can be.

I did try to us ssh1 encryption but WinSCP says there's an SSH1 issue when trying to connect via the SCP protocol.

What issue?

Hi,

I need the agent forwarding to run scheduled batch jobs. And using public key authorization works fine on the Unix boxes.

I think it's clearly a Unix server issue with the keys being generated from puTTYgen. If I export a private key from the server (I know that's bad), load it into puTTYgen, and then save it with the .ppk, I can use that private key with winSCP and gain access to a Unix box (with an untouched public key, orignally generated in the Unix environment) via key authorization.

When I connect to the Unix box I checked the connection info and it said the connection was OpenSSH 3.7.2 .


This is an unnacceptable solution, and I still haven't found information on why the seemingly OpenSSH Unix server is rejecting puTTYgen Keys.

Does the format of public key generated by PuTTY look similar to one you've already had in ~/.ssh/authorized_keys ?

martin wrote:

Does the format of public key generated by PuTTY look similar to one you've already had in ~/.ssh/authorized_keys ?

No.

We found a solution to the problem in terms of getting the [Unix generated] keys to the correct places without security violations.

Thanks