ssh from within ssh session not using correct ssh private key

2
votes

In troubleshooting my other question, I've surmised that for some reason the default private key isn't being used.

On server, C:\Users\Administrator.ssh\config contains:

Host bitbucket.org
 IdentityFile ~/.ssh/id_rsa.ppk

I'm using plink to manage ssh keys while logged in. Running git commands works just fine when I'm actually at the computer logged in as Administrator. Another example: plink -T git@bitbucket.org works ok.

However when logged into the server via PuTTY, runing git commands fails, and so does plink -T git@bitbucket.org. However when I specify the private key with plink: plink -T -i C:\Users\Administrator\id_rsa.ppk git@bitbucket.org, it works.

The %userprofile% is correct when I log into PuTTY, my laptop's username and password are exactly the same. What's causing ssh to not pick up and use the ppk file specified in the config? My GIT_SSH session variable is also set to plink.exe both when logged in locally and when logged in via PuTTY. Adding to the frustration is that I can't specify the ppk file when issuing git commands.

UPDATE: As stated in a comment reply below, the main issue seems to be that pageant.exe isn't being used to send the key to the server that I'm trying to connect to. When logged in locally pageant initiates just fine but not when logged in via PuTTY. I've also read up on 'user agent forwarding' in PuTTY but that didn't seem to help. Maybe freeSSHd doesn't support it? If it did would that even make a difference?

UPDATE 2: Yeeeeaaaahhh...getting closer. I typed 'pageant' while logged into VNC viewer and it said 'pageant is already running'. So I said what the hell and typed it into the PuTTY console...nothing happened. So I figured it wasn't running and now is. So I then executed the plink -T -v git@bitbucket.org and lo-and-behold pageant was executed, but said it has 0 SSH keys installed. So this is the core issue. pageant is a user-session based app and it thinks the SSH user Administrator is not the same as local Administrator so it's not serving any keys. I also closed the PuTTY connection and noticed that the extra pageant process was still running. Bad news #1. Bad news #2 is that there's no limit to the number of pageant processes I can start from within PuTTY. What to do?

FINAL: Problem solved; see last edit of answer.

3
gitgithubsshputty

3 Answers

1
votes

Make sure you do have a HOME environment variable defined, referencing C:\Users\Administrator (or %USERPROFILE%) at all time, especially when you are logged on via PuTTY.

That will allows ssh to find your ssh config file.

Also make sure to use the same ssh implementation when generating ssh keys and when using ssh with git: see "Git with SSH on Windows".
If your private keys are passphrase-protected, see "Why git can't remember my passphrase under Windows".

1
votes

Here's my "Solution":

1) Remove the passphrase from the private key file. pageant doesn't allow input of the password as a command line argument and so I can't utilize it over putty. Sucks, but what else can I do?

2) In the freeSSHd app, type C:\WINDOWS\system32\cmd.exe /K "pageant C:\Users\Administrator\.ssh\id_rsa.ppk" in the Command Shell box to have the ssh user execute pageant so pageant will recognize when they request the key. This causes another pageant exe process to be running in the background and it won't close when you close the ssh connection but there's only so much I can do in one night. If I could somehow get the PID of the process it spawns and then somehow run a script on close that closes it, that'd be great.

3) It now works.

Addendum: The freeSSHd service CANNOT run under a local user account, it has to be the SYSTEM account; otherwise it just immediately closes the successful connection. Why? No idea. I think this is the biggest hurdle...maybe the ssh user is essentially running under the system account and thus doesn't have access to the already running pageant process running under "Administrators".

Better Answer Update: I got rid of freeSSHd and installed Cygwin with openssh. Select "Yes" to ALL sshd config options, don't listen to other tutorials online that say "no" to certain options. Don't run sshd under the SYSTEM account. Let it create a new user account and use that one. The biggest benefit is that now when I run 'pageant' through PuTTY, it doesn't matter how many times I do it because it won't spawn any more than two processes! One for the actual local Administrator account that was already running and the other for the quirky "SSH Administrator" account (which is just called Administrator). Even when logging in from different computers it won't spawn any more processes. Problem solved.

0
votes

If it can't find the key in whatever location it expects, you can also add parameters -v, -i like:

plink -v -ssh -2 -i /whatever/location/id_rsa -l git gitserver.acme.com

First, the -v (verbose) will help to pinpoint the issue. Then you can go on with the -i parameter to make sure that it finds the key and it's valid.

Then you go about with %userprofile%.

I also think your directory should be c:\Users\Administrator.ssh - probably you did a typo where you forgot to add a backslash.