#StackBounty: #ssh #ssh-tunnel #certificate-authority SSH known_hosts entry for port number and tunneling using @cert-authority

Bounty: 50

I’ve set up SSH certificate authority on my server, including a signed host key with the applicable principals. I’ve set up my local known_hosts file to recognize the certificate authority and when I ssh directly into the host it works fine. However, I’ve also set up a reverse tunnel on the host to SSH into it via a VM I have set up. I can’t figure out how to get my SSH client to recognize it as a known host, despite an appropriate string in the signed host key. How do I sign the host key, or set up the known_hosts entry, to recognize the host when tunneling through a 3rd party?

This is the appropriate line from my client’s known_hosts:

@cert-authority *.DOMAIN.us ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRd5kjlix8PN1SsQ...

Here’s the ssh-keygen -L for the host key:

pi@ca51-1:~ $ ssh-keygen -L -f /etc/ssh/ssh_host_ecdsa_key-cert.pub 
/etc/ssh/ssh_host_ecdsa_key-cert.pub:
        Type: ecdsa-sha2-nistp256-cert-v01@openssh.com host certificate
        Public key: ECDSA-CERT SHA256:at+6J0W9S0BZj96YeJqtUCAAksUFu8P840ZCkVm9fb0
        Signing CA: RSA SHA256:AYPOCzb67UvUUIoULa3BgstmX1XIDP9+4bClTycMC9g
        Key ID: "ca51-1.in"
        Serial: 9
        Valid: forever
        Principals: 
                ca51-1.local
                ca51-1.in.DOMAIN.us
                [tunnel.in.DOMAIN.us]:10030
        Critical Options: (none)
        Extensions: (none)

When I try to connect to the server locally (ssh pi@ca51-1.local) I connect without any problems. (I just noticed that *.local isn’t in my known_hosts file despite it working.)

Notice that I have the tunnel address:port as a principal ([tunnel.in.DOMAIN.us]:10030).

When I try to ssh into the server via that tunnel I receive an error:

ssh -p 10030 pi@tunnel.in.awosome.us
key_cert_check_authority: invalid certificate
Certificate invalid: name is not a listed principal
The authenticity of host '[tunnel.in.awosome.us]:10030 ([138.68.10.xxx]:10030)' can't be established.
ECDSA key fingerprint is SHA256:at+6J0W9S0BZj96YeJqtUCAAksUFu8P840ZCkVm9fb0.

Here’s some more debug from -v:

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host certificate: ecdsa-sha2-nistp256-cert-v01@openssh.com SHA256:at+6J0W9S0BZj96YeJqtUCAAksUFu8P840ZCkVm9fb0, serial 9 ID "ca51-1.in" CA ssh-rsa SHA256:AYPOCzb67UvUUIoULa3BgstmX1XIDP9+4bClTycMC9g valid forever
debug1: checking without port identifier
debug1: Host 'tunnel.in.awosome.us' is known and matches the ECDSA-CERT host certificate.
debug1: Found CA key in /Users/jshannon/.ssh/known_hosts:31
key_cert_check_authority: invalid certificate
Certificate invalid: name is not a listed principal

To confirm that I hadn’t made a mistake with known_hosts I copied out the key on line 31 (ssh-rsa ....), pasted it into a temp file, then ran ssh-keygen -l:

ssh-keygen -l -f temp_keys/key.pub 
2048 SHA256:AYPOCzb67UvUUIoULa3BgstmX1XIDP9+4bClTycMC9g AWOS (RSA)

I thought that maybe the host format in principals was incorrect, but if I accept the unknown host, I get its key added to known_hosts:

[tunnel.in.DOMAIN.us]:10030,[138.68.10.xxx]:10030 ecdsa-sha2-nistp256 AAAAE2VjZHNhLX

The first entry matches up with entry in principals, down to the format and port number.

I’ve tried several iterations of principals entries without success. Ideally I’d like to have a principals entry which locks the host down to a FQDN (tunnel.in.DOMAIN) and port, but I’d be OK any port on that machine. I also tried some asterisks in there.


Get this bounty!!!

#StackBounty: #ssh #linux-mint #ssh-agent ssh-add: add_file: key_cert_copy: invalid argument

Bounty: 50

I get this error when running ssh-add. The command seems to work after this, but the return code is 127 (so a script runs into an error at this point). Does anyone recognize the error? Google doesn’t seem to.

$ eval `ssh-agent`
Agent pid 19527

$ ssh-add ~/.ssh/my_id_rsa
Enter passphrase for /home/davidparks21/.ssh/my_id_rsa: 
Identity added: /home/davidparks21/.ssh/my_id_rsa (/home/davidparks21/.ssh/my_id_rsa)
add_file: key_cert_copy: invalid argument

Added details

ssh -v localhost
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016

ssh-add ./id_rsa                                   # No passphrase
Identity added: ./id_rsa (./id_rsa)
add_file: key_cert_copy: invalid argument

Odd note: when I ran this test and echo $? to check the exit status I see an exit status of 0, different from what I saw when I originally wrote this question.


Get this bounty!!!

#StackBounty: #networking #ssh #textmate Connecting to ubuntu runnning rmate via multiple machines on the same network

Bounty: 50

I’ve got an ubuntu server with rmate installed (that’s a nice little package that lets you ssh to a server and edit remote files on your TextMate, locally).

The original setup claims it supports multiple machines accessing the same server, using the same port but different users. See the first link above.

For some reason when we ssh to two different users but on the same port from the same network, we’re crossing paths. That means:

If two users exit – a@server.com and b@server.com, and a ssh-es via port 999 to server.com and b ssh-es via port 999 to server.com from the same network, if a writes rmate file on his terminal, b gets the file in his text editor in addition to a.

Hope this make sense – my networking game is not on point.


Get this bounty!!!

#StackBounty: #ssh #tmux Send tmux command from remote inside ssh session to local instance

Bounty: 50

The goal is to send tmux command to the local running tmux from the remote server. not to run to different instances of tmux.

Inside tmux we ssh to a server that doesn’t run tmux

local>tmux send-key C-p  # works
local>ssh user@remote
user@remote> tmux send-key C-p # this will try to find tmux instance on remote. but we want to send it the local instead.

I can’t use keybinding because this will run from inside script.


Get this bounty!!!

#StackBounty: #ssh PC unable to ssh to Mac

Bounty: 50

I have a Windows 10 PC: 192.168.84.21
A Mac (macOS Sierra)   : 192.168.84.250
An iPhone 5s                  : 192.168.84.234
And an Apple TV            : 192.168.84.122

All connected to the same network. I know this because I have an app (Fing) on my iPhone that scans the network and shows all the devices, and all the devices pop up with the correct IP’s and device names.

The problem: I can’t ssh from my PC to the Mac.

I’m using PuTTY and here’s the command I’m using:

pscp -r -pw <password> me@192.168.84.250:Desktop/blank.png C:Users/me/temp

And I’m getting Fatal: Network error: Connection timed out.

Diagnostics:

The PC and Mac both have their firewalls turned off.
The PC and Mac cannot ping each other.
When the PC pings the Mac this is the response:

Pinging 192.168.84.250 with 32 bytes of data:
Reply from 192.168.84.21: Destination host unreachable.
Reply from 192.168.84.21: Destination host unreachable.
Reply from 192.168.84.21: Destination host unreachable.
Reply from 192.168.84.21: Destination host unreachable.

Ping statistics for 192.168.84.250:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)

When the Mac pings the PC this is the response:

Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
ping: sendto: No route to host
Request timeout for icmp_seq 2
ping: sendto: Host is down
Request timeout for icmp_seq 3
ping: sendto: Host is down
Request timeout for icmp_seq 4
ping: sendto: Host is down
...

Both laptops can ping the Apple TV
The iPhone is able to ping both laptops
Remote login is turned on on the Mac

Limitations:

I cannot reset the router.

Any idea why the PC cannot ssh into the Mac?

Update

Output of ipconfig on PC:

Windows IP Configuration


Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Link-local IPv6 Address . . . . . : fe80::f041:985f:3eb1:456e%6
   IPv4 Address. . . . . . . . . . . : 192.168.84.21
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.84.1

Output of ifconfig on Mac:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
    inet 127.0.0.1 netmask 0xff000000 
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 3c:15:c2:c5:1f:ba 
    inet6 fe80::1468:65cd:5eb9:fc86%en0 prefixlen 64 secured scopeid 0x5 
    inet 192.168.84.250 netmask 0xffffff00 broadcast 192.168.84.255
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether 0e:15:c2:c5:1f:ba 
    media: autoselect
    status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
    ether 7a:9a:4d:d0:43:93 
    inet6 fe80::789a:4dff:fed0:4393%awdl0 prefixlen 64 scopeid 0x7 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:03:39:01:b0 
    media: autoselect <full-duplex>
    status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether 72:00:03:39:01:b1 
    media: autoselect <full-duplex>
    status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 72:00:03:39:01:b0 
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 8 priority 0 path cost 0
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 9 priority 0 path cost 0
    nd6 options=201<PERFORMNUD,DAD>
    media: <unknown type>
    status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
    inet6 fe80::e5b8:7dcb:fd4f:82a7%utun0 prefixlen 64 scopeid 0xb 
    nd6 options=201<PERFORMNUD,DAD>
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 2e:be:08:cc:ca:41 
    inet6 fe80::c5c:a1d0:1525:3937%en4 prefixlen 64 secured scopeid 0xc 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (100baseTX <full-duplex>)
    status: active


Get this bounty!!!

#StackBounty: #ssh #gnupg #cryptography GPG/SSH: Making a key a subkey after the fact

Bounty: 100

I’m still new to GPG, SSH, and whatnot, and I’m not sure what best practice is.

I have a USB device capable of generating and holding GPG||SSH keys without them leaving the device. It also permits signing, with output on the local machine.

I would like a key on this device to be my master key M, but it’s inconvenient to use this device for daily use. Hence I would like to have another key A, signed by the master key, that I can keep locally and use for normal tasks. (possibly using a Yubikey to lock it à la).

Since subkeys generated in what I think is the “normal way” still wouldn’t leave the device, is there a standard way that I can generate a new key on A on my local machine and then sign it as a subkey of M?


Get this bounty!!!

#StackBounty: #linux #macos #ssh #qemu #tcpdump Configure QEMU (Guest Debian-9.0 Sparc64 – Host MacOS High Sierra) to do ssh from guest…

Bounty: 50

Firstly, with a QEMU Virtual Machine (Debian Sparc64 Etch 4.0), I have been able successfully to get ssh and scp commands from Guest to Host (MacOS Hight Sierra OS 10.13.3).

I wanted only to transfer files between guest and host.

To get it, I have followed this tutorial :

1) I have installed TUN/TAP drivers

2) Launching QEMU like this :

qemu-system-sparc -boot c -hda debian_etch.img -m 512M -net nic -net tap,script=no,downscript=no

3) Once VM booted, do on MacOS host : ifconfig tap0 192.168.10.1

4) On Debian Etch host, into /etc/network/interfaces :

auto eth0
iface eth0 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.1

and doing : /etc/init.d/networking restart

5) Finally, make on guest: $ scp -r dir user_host@192.168.10.1:~/

Now, I would like to get the same thing with a “Debian Sparc64 Stretch 9.0” guest.

It seems that ifconfig is deprecated with recent versions of Debian.

Anyway, I tried to launch the Sparc64 image with :

qemu-system-sparc64 
-drive file=debian-9.0-sparc64.qcow2,if=none,id=drive-ide0-0-1,format=qcow2,cache=none 
-m 1024 
-boot c 
-net nic 
-net tap,ifname=tap0,script=no,downscript=no 
-nographic

and do again the steps 1),3),4) but unfortunately, ssh and scp from guest don’t work.

I must make notice that with this Debian Sparc64 9.0 guest, network logical name is changing (maybe for each boot). For example, /etc/network/interfaces contains :

auto enp0s5
allow-hotplug enp0s5
iface enp0s5 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.1

Finally, I get from guest the following result :

# ssh user_host@192.168.10.1
  ssh: connect to host 192.168.10.1 port 22: No route to host

ip a gives :

# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.2/24 brd 192.168.10.255 scope global enp0s5
       valid_lft forever preferred_lft forever
    inet6 fec0::5054:ff:fe12:3456/64 scope site mngtmpaddr dynamic 
       valid_lft 86207sec preferred_lft 14207sec
    inet6 fe80::5054:ff:fe12:3456/64 scope link 
       valid_lft forever preferred_lft forever

If someone could give me some clues to fix it and get ssh/scp commands to work from guest to host (I have not network on Guest and no sshd server, so I want only the direction guest-->host for ssh/scp).

UPDATE 1:

I keep on debug this issue.

1) First, from this link, I rename at each boot the network interface of guest "Debian 9.0 Sparc64" to eth0 :

vi /etc/udev/rules.d/10-network.rules

   SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:12:34:56", NAME="eth0"

with MAC adress given by :

$ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.2/24 brd 192.168.10.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe12:3456/64 scope link 
       valid_lft forever preferred_lft forever

2) I used tcpdump on TAP interface of the host MacOS High Sierra :

# tcpdump -vv -i tap0
tcpdump: listening on tap0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:23:06.112155 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:06.112228 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28
00:23:07.128440 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:07.128499 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28
00:23:08.152323 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:08.152381 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28
00:23:11.119346 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:11.119396 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28
00:23:12.120190 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:12.120250 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28
00:23:13.145028 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:13.145075 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28
00:23:16.127525 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:16.127575 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28
00:23:17.145202 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 46
00:23:17.145272 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at fe:22:e7:8c:7f:fa (oui Unknown), length 28

Should I conclude that guest (192.168.10.2 on guest /etc/network/interfaces) and host (192.168.10.1 set by ifconfig tap0 192.168.10.1) are communicating, since I see both adresses with tcpdump above ?

If I do a tcpdump -vv -i tap0 on host while I restart networkin on guest, I get :

00:27:07.648620 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff12:3456 to_ex { }]
00:27:07.804644 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff12:3456 to_ex { }]
00:27:08.569140 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff12:3456: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::5054:ff:fe12:3456
      unknown option (14), length 8 (1): 
        0x0000:  3bd4 4c86 3dd6
00:27:08.612632 IP (tos 0x0, ttl 255, id 37381, offset 0, flags [none], proto UDP (17), length 118)
    192.168.10.1.mdns > 224.0.0.251.mdns: [udp sum ok] 0 PTR (QU)? 6.5.4.3.2.1.e.f.f.f.0.0.4.5.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
00:27:09.592322 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::5054:ff:fe12:3456 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff12:3456 to_ex { }]
00:27:09.592483 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::5054:ff:fe12:3456 > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16
      source link-address option (1), length 8 (1): 52:54:00:12:34:56
        0x0000:  5254 0012 3456
00:27:09.616466 IP (tos 0x0, ttl 255, id 18614, offset 0, flags [none], proto UDP (17), length 118)
    192.168.10.1.mdns > 224.0.0.251.mdns: [udp sum ok] 0 PTR (QM)? 6.5.4.3.2.1.e.f.f.f.0.0.4.5.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
00:27:09.976787 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::5054:ff:fe12:3456 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff12:3456 to_ex { }]

Are there useful informations in these messages, in order to get ssh/scp from guest to host ?

Finally, is it normal to have the following state (UNKNOWN) for guest eth0 :

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN 

??

UPDATE 2: I tried also to launch by using guestfwd flag with “-net tap” flag like this :

qemu-system-sparc64 
-boot c 
-hda debian-9.0-sparc64.qcow2 
-net nic 
-net tap,ifname=tap0,script=no,downscript=no 
-net 'user,guestfwd=tcp::22-tcp::22' 
-m 1024 
-nographic 

But still no ssh access from guest to host.

I don’t know if, into -net 'user,guestfwd=tcp::22-tcp::22', in which order I have to put the IP of guest and host and the ports to use for each of them (I used here 22 for both)

If someone could give me some precisions about “guestfwd” flag.

Regards


Get this bounty!!!

#StackBounty: #windows #ssh #putty #tortoise-git PuTTyGen- Couldn't load private key(unable to open file)

Bounty: 50

Step 1: Generating SSH Key

1.From the command line, enter ssh-keygen. (if you get an error in the command window, check if C:Program FilesGitusrbin is part of your path)
The command prompts you for a file to save the key in

  1. Press enter to accept the default key and path, /c/Users//.ssh/id_rsa.

  2. Enter and re-enter a passphrase when prompted.

  3. The command creates your default identity with its public and private keys.

2.Configuring tortoise-git

  1. Load the ssh key generated previously(id_rsa). it will prompt you to select the file. (default path of the ssh keys C:Users.ssh)
  2. While loading it will ask for passphrase.. enter the passphrase that was given earlier. After this step putty will load the certificate.

  3. Once the certificate is loaded, click on the ‘Save private key’ button. it will prompt for picking the folder in which the file to be saved. Better to keep it in the same one as ssh key folder (C:Users.ssh). specify the filename also.

  4. Now you have to configure the TortoiseGit with the generated key file. right click on the repo folder select TortoiseGit>Settings

  5. In the settings screen select Git > Remote

  6. In remote screen, select origin.. it will populate the URL and other fields.

  7. Click on the ellipses against the Putty Key field and select the private key file that was generated with puttygen.

The file format of the private key is

PuTTY-User-Key-File-2 : XXXXX

Encryption: none

Comment: RRRR

Public-Lines: MMM

LLLLLL

Private-Lines: OOOOOOO

KKKKKKKK

Private-MAC: XXXXXXX

enter image description here

Updated screenshot

The error was

Couldn’t load private key(unable to open file)

enter image description here
The file has read-write permission. Apart from this private key has a passphrase, I think it would be the reason for the error.


Get this bounty!!!