how to add a key to a port-forwarding command executed in command line

dilbertone · November 28, 2014, 12:35am

hello and good evening dear linux experts

run ssh for port forwarding to a server:

this command is workin;

ssh -p123 -L 8899:127.0.0.1:2233 vhost@www2.myhost.org

but i get asked for the public key:

(ECDSA) to the list of known hosts. Permission denied (publickey).

well how to add the (public) key

love to hear from you

greetings

hendersj · November 28, 2014, 12:59am

On Thu, 27 Nov 2014 23:36:01 +0000, dilbertone wrote:

> (ECDSA) to the list of known hosts. Permission denied (publickey).
>
> well how to add the (public) key

man ssh

Have a look at the “Authentication” settings, particularly around the
“authorized_keys” file.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

dilbertone · November 28, 2014, 2:42pm

hi there - good day Jim

i can run things from command line.

eg, run ssh for port forwarding to a server:

this command is workin;

ssh -p123 -L 8899:127.0.0.1:2233 vhost@www2.myhost.org

but i get asked for the public key:

(ECDSA) to the list of known hosts. Permission denied (publickey).

well how to add the (public) key -

a either on command line or
b. run the above mentioned code on putty?

love to hear from you

hendersj · November 28, 2014, 11:48pm

On Fri, 28 Nov 2014 13:46:01 +0000, dilbertone wrote:

> but i get asked for the public key:
>
> (ECDSA) to the list of known hosts. Permission denied (publickey).
>
> well how to add the (public) key -

The key is generated on the side that you’re connecting from, and it goes
in the ~/.ssh/authorized_keys file on the target (for the user that
you’re authenticating as).

I don’t now putty, so you’ll have to look at the putty help to see how
you generate the key.

Then you need to get it over to the system you’re connecting to and add
it to the file I indicated above.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

dilbertone · November 29, 2014, 12:56am

hello dear Jim, good day. great to hear from you again

many many thanks for the quick answer.

note, the key is on my machine here - on the notebook i am in front of - right now.

this pub-key is -afaik - the same that i use when i log to the server with the sftp with Filezilla.

so - i have the key here on my machine.

what do i have to do to log in with the key.

see the results of my trials


linux-70ce:/home/martin # ssh -p525 -L 7799:127.0.0.1:7799 vhost@www2.myhost.org
The authenticity of host '[www2.myhost.org]:525 ([xxx.yy.zz.www]:525)' can't be established.
ECDSA key fingerprint is 33:1e:c5:d7:22:11:7c:aa:46:be:83:dc:eb:ee:13:00.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '[www2.myhost.org]:525,[xxx.yy.zz.www]:525' (ECDSA) to the list of known hosts.
Permission denied (publickey).
linux-70ce:/home/martin # ssh -p525 -L 7799:127.0.0.1:7799 vhost@www2.myhost.org
Permission denied (publickey).

well - the question is: how to “call” the key?

how to do that - evoking the key on command-line

jim i love to hear from you

greetings

dilbert

hendersj · November 29, 2014, 7:54am

On Sat, 29 Nov 2014 00:06:01 +0000, dilbertone wrote:

> what do i have to do to log in with the key.

As I said, you need to take the key, get it onto the target machine
somehow (ftp, sftp, whatever), and then on the target machine, add it to
~/.ssh/authorized_keys.

You aren’t doing that step, which is why the key doesn’t work. The
target server doesn’t know that the key is valid until you add it to the
authorized_keys file.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

dilbertone · November 29, 2014, 10:16am

hello dear Jim

well probably i am wrong and do not understand you correct - but to explain the history of things a bit more

i have access to the server since years -

with sftp and filezilla - so i am using a safe connection for years now. - the sftp uses a pub-key which is stored on the target computer.
since i have trouble in accessing the webmin on the target machine (issues of dns resolving of acresses like the following dslb-167-006-031-008.174.007.pools.vodafone-ip.de - my admin assumes that the "-"signs were causing the issues - we sent a bug report to the bug-team of webmin)

now - i try to port forward and get tunneled to the server
-note; i assume that i can use the pub-key wich is allready in use. Can ´t i?

if so - then i only need to take this key as authorized_keys file.

question: can i do this

if i have to explain more - just let me know.

hendersj · November 29, 2014, 9:03pm

On Sat, 29 Nov 2014 09:26:02 +0000, dilbertone wrote:

> now - i try to port forward and get tunneled to the server -note; i
> assume that i can use the pub-key wich is allready in use. Can ´t i?

If the server has the public key, then yes, it should work. Is it the
same user as the one you’re using for sftp? Those keys are user-centric,
so if, for example, you connect to user1@host1 with the key, you can’t
use user2@host1 unless the key is also in user2’s authorized_keys file.

> if so - then i only need to take this key as authorized_keys file.
>
> question: can i do this

Check and see if the key is there. It sounds like it isn’t, because the -
L switch doesn’t change the behaviour at all.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C