SSH with SSL private key to CentOS7 with ASF public key
WinSCP works like a champ using a password to sign into SSH on my dedicated CentOS LAMP server.
I gather using a public SSL key on the server and the corresponding private key on WinSCP is significantly more secure.
But for the life of me I've not been able to make a connection using keys.
CentOS7 wants an RSA public key. WinSCP wants a PuTTY formatted private key. Using PuTTYgen from the WinSCP "Tools" pull-down I picked RSA and cranked out what should be a SSH-2 2048 bit pair of SSL keys.
PuTTYgen dutifully produced a line of plain text in the "Public key for pasting into OpenSSH authorized_keys file". So I made a one line plain text file called "id_rsa_pub" and uploaded it to /root/.ssh/authorized_keys/ on the server and set the permissions to 0600 (I also tried 0700). After making a few diddles to the /etc/ssh/sshd_config file to enable PubkeyAuthentication and point AuthorizedKeysFile to ".ssh/authorized_keys" I restarted the sshd service.
Turning back to WinSCP I hit the "Save private key" button and PuTTYgen saved the private key as "id_rsa.ppk". All that remained was to use WinSCP's Advanced Site Settings to uncheck "Allow Agent Forwarding" and pick "id_rsa.ppk" as the "Private key file".
It didn't work. All I get is a "Server rejected key" message.
Needless to say I tried all sorts of permutations and regenerated the keys just to be sure. Each try was met with a "server rejects the WinSCP private key" message.
Obviously while all of this was going on I maintained another instance of WinSCP connected to the server using a password. Once sshd_config was reconfigured to use SSL keys and I restarted the sshd service there would be no way to regain access to the server to unwind my changes.
So the question is "does keeping an instance of WinSCP open and connected to my server cause a second instance of WinSCP to fail to connect using SSL keys?"
Any insight is welcome.
Aza D. Oberman 3/12/2018
I gather using a public SSL key on the server and the corresponding private key on WinSCP is significantly more secure.
But for the life of me I've not been able to make a connection using keys.
CentOS7 wants an RSA public key. WinSCP wants a PuTTY formatted private key. Using PuTTYgen from the WinSCP "Tools" pull-down I picked RSA and cranked out what should be a SSH-2 2048 bit pair of SSL keys.
PuTTYgen dutifully produced a line of plain text in the "Public key for pasting into OpenSSH authorized_keys file". So I made a one line plain text file called "id_rsa_pub" and uploaded it to /root/.ssh/authorized_keys/ on the server and set the permissions to 0600 (I also tried 0700). After making a few diddles to the /etc/ssh/sshd_config file to enable PubkeyAuthentication and point AuthorizedKeysFile to ".ssh/authorized_keys" I restarted the sshd service.
Turning back to WinSCP I hit the "Save private key" button and PuTTYgen saved the private key as "id_rsa.ppk". All that remained was to use WinSCP's Advanced Site Settings to uncheck "Allow Agent Forwarding" and pick "id_rsa.ppk" as the "Private key file".
It didn't work. All I get is a "Server rejected key" message.
Needless to say I tried all sorts of permutations and regenerated the keys just to be sure. Each try was met with a "server rejects the WinSCP private key" message.
Obviously while all of this was going on I maintained another instance of WinSCP connected to the server using a password. Once sshd_config was reconfigured to use SSL keys and I restarted the sshd service there would be no way to regain access to the server to unwind my changes.
So the question is "does keeping an instance of WinSCP open and connected to my server cause a second instance of WinSCP to fail to connect using SSL keys?"
Any insight is welcome.
Aza D. Oberman 3/12/2018
