connect to server with SSH private key

May 2, 2017 1.7k views
Security Debian

I have two droplets. One with Nginx where my webapp is running and one for MySQL. Both have a private IP address. I have installed both droplets and software. Now i'm securing the MySQL droplet. I only want to connect with SSH through my Nginx droplet.

I created a DSA key (private and public) with putty-keygen and added the public key in my DigitalOcean. When I created both droplets, I picked that public key. With Putty, I can connect to both droplets. The key is protected with a passphrase.

Then I uploaded my private key on my Nginx droplet in /home/agromedi/.ssh/id_rsa

When I login as the agromedi user and I want to connect to SSH. I use the private IP of the MySQL droplet and connect like this:

ssh root@10.129.33.50

Then it asked for my passphrase. I enter it and then it asked it again and again and then I get "Permission denied (publickey)". The rights on the file are 600 (I tried 400 also but nope).
I renamed the file to id_dsa. Nothing worked. With the -vvv option, I get more info that the passphrase is wrong. But I use the same private key on Putty with the same passphrase.... Or is the keyboard wrong in my console? Or maybe I'm doing something wrong?

Thanks

2 comments
  • Hi @stijnleenknegt Can you open nano or another simple text editor on your Nginx-droplet and try to write the passphrase - just to make sure it's not a problem with keyboard charset.

  • Opened nano and I use my numpad to enter the numeric values. They didn't show up in nano but on the keyboard with Shift key, I can enter numeric values. (I use AZERTY lay-out on my keyboard). I used it again with the Shift but still te same result.

2 Answers

@stijnleenknegt
Okay, it has probably something to do with that keyboard charset. In you passphrase, besides 0 to 9, are you only using a to z or are you also using symbols and local characters?
I don't know if it is your keyboard or the charset on the server that complicates this.

  • The chars '<' and '_' are in the passphrase also. It's strange because I have to use the same passphrase when I login to my Nginx droplet with Putty.

    • I'm wondering. Are you using the PPK format that PuTTY generates by default or are you converting the key to PEM format before uploading to server?
      It needs to be PEM format - you can use puttygen to convert it.

I created a key on my nginx with the same passphrase and appended the public key to my authorized_keys on my database droplet. Then I tried the ssh command again, it asked for my passphrase. And that works. The passphrase is the same..... Maybe I should created my keys with ssh-keygen instead of the putty key-gen.

Have another answer? Share your knowledge.