Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User private key broken?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      horace
      last edited by

      Hello!
      I was enabling SSH on my fresh installed pfsense 2.1 nanobsd and i generated a key for the admin. Unfortunatly puttygen dosn't recognize the key.

      This is a key generated in 2.0.3, works perfect

      –---BEGIN RSA PRIVATE KEY-----
      MIIEpAIBAAKCAQEA1FQrh66+eWSjwqvOgui3YSWAIHOVMLp8ANl16CDi5Zax7gr/
      tu4xqA6zsqKG8OKB/Wmgr8RjmQHwiUBKNZkb074ZXi9WFl60VtcanlHiIl+KPwSZ
      9FjvV9ZD+07BSL774Av4f1vSYq+vloQeyQCoIjhhBUEIvRM9RFCsYHG4jmytaB2j
      b5ut9uD1Eh0MPRXtbcbo9HPIiAbwMOdAraheXoVuayi9JoitHnjnmwdwb5AKB2lR
      wesTZw+rk/MKXYtE049MfOEQbRMJXSQtbBut6YeYKJuzeKwpcxckI76i3Yhi7iZk
      WC/93KcywpHTtssF2XH/cO1htb+UWkrJPNcy2QIDAQABAoIBAQCcfLBcXqiZNVgQ
      SKl6B+PnYEkPIcCJ2lc8FQl2HI69YRQf+dE/VEwarUM5W9mSPY5KY4f/IwG4qhpK
      Payz1fURWKC/rqmG8SN+gShoGLdOWBW+njiNQuKbXRpbZE7Fu6RNGuV5kAX9n7gM
      ebFquOYx2lV/FtBG8aAM8lwo9Idtx0k0ylMiUkss/OgAPdijs3mQubGAiCjXWQVu
      BDu1fsejA9uKmxWPgOCI2pAsdbQAdvvOzwnUvjzpOo474TtJJHV3Q4e+zbKGbKfH
      p69Wq+ENixkxoGTkWhmh0CUmvdMTK7llnYVr81zkkDP+csqK6NdkhIywvy442Fwh
      5W8ZvsQBAoGBAO/vuuNocrAZeMAV0/1+hlAe/LHfFqvJAgTZ3xZkx6ixJBTK+xXJ
      xz54VxgaP2wzrNuMaV2A/4kVa6OZvyY45OxC/TvddvklGHGpjaEDEx+BAoGBAOKL
      RcDxA5jKX7zLXcVgpeD3vrqJB4+6pbm1rBaJt3FCZ+HV8yaBEM61XkMJsnFyshcY
      C5wREMa2/iE002e7H1uPBCGkQjLOGvrMdK15uF74NyxVD6osaBW0O8s7wKj8k8SP
      G48elolwPIFGah9rQaAv5OxsHCiXvccTrD0+sL9ZAoGARdTd7cW+a2ZecHlp44Np
      j/QU06f8Ly8neUX32cqnGX/E4pBZF3Q7H+0Y5VD9TjjvpAjmwqb90nezmosS/BtP
      6VqZxMSbOuy/F52upxkF1LcDN3gNttfDmXjo0EkDYHiBvLxXBjG/LaSgWVMsAPHa
      HrE4hq3kLIsRXDNe1xfP/wECgYBaROicguzN+wW+8sIAngw64j0LkwKCUPssTqmt
      qV6BMNa39EqY8yDBXR+cUsbZ0bwI27n0jBBFPjFxBd2fHb7W+tvIk+0U1W+Gs+Vi
      InhGz10cuyAszNkEnPaeesbADzTKQ8PVeXi+dwyE7ovmzRQvQiZT1pg5zI0AQGSH
      Wu2OsQKBgQC8lZU75N4lfkmzY743K88ScLHjKpGuLo8ku5RqH38M4hxjDTrA/qFg
      Ir1UFPL3yExuE/XghQXjAYtBSpBR7tDZplXVQ+Pe+04uM1VPWW8l168FlOY0CXgX
      KcVtCst0LjVM0FQPTgAVJiDXpaZVJQ6Ma/V797nX9xpa1S+9OqSXeg==
      -----END RSA PRIVATE KEY-----

      And this is a key generated in 2.1

      –---BEGIN PRIVATE KEY-----
      MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIkEDRkKZdvPzD
      46c2kOa6s5JNtqrmuUdrb6xVhQ75K/vPp0tRFQRGo3stAlc02nYk1Wug+IXZhBXu
      gsgVO9ZDH/JugERc5Oz6yhVx/fwC5rk/0bvgtdBGwpMs3Gejx1HUsRFkA3GXtCfE
      T/IhasSzqhTwwvqXi5nwuHlbyTQ/VLTgwdhaVK63kjqmaLjtXelA6hvW5w7tBpc4
      O+/ZXJ6nBzCXNmqtuVabTyTt3ABnLacpx+7uvi/5KOHvdNTFMjT0zlp71+5ft7q8
      CVsK8mCEitsWJsQI8RZtGKAyoqqmOvek7OFzm4lNr1+RukE6A2gXW9fJmTfZ6dkq
      TF+xdveRAgMBAAECggEBAMH5gjcsxzpxxaVPUDGeAwkfE6jFupRbLY/i+bHcdpbW
      yzwSeO16fiAzjLYDRYSApTMKloWg1xOAhBWhtxGSRa+1/iqRM40Ee44yVHtjQZEs
      xI3MswCp1z4YgW8p27Ky25nxhvhLvFkUjEF5cJyRPpzlKkuQx/w5sDD4uabj+fwk
      olb4MFkUsk4tEmSeDhWiQj/xkp12o4b1JUiOXQLiz1XEl5CMfxzcXKdgzjgheXXh
      Rsi/dG9Jz8MqkQG2JMVtek+AMfp57xlfZpl0J2adkTACIKlJ2dn9MF0aIH6wy1KL
      CRZshRwRLTzd0IoCkIyN2BhmR/0dAph1aQPpWxcVUoECgYEA5RilzJ52lOkXUJK1
      8CaMhmkl3SWCsfS6ohY9WHz6Do0E574Rtqo3VFP2dvVI5sn4OKi5q7ohBmQAI1sy
      PaBAO22Qu47eVowquj7MOrL2hZ0CgYEA4B3SBivWTNipHeWf4FHfvR0HSnYg5irH
      O+SK+4D0LNs26EAC3/MEf6lKKHAYNA+Bm5ZtHSzMwtIug7opNPZ1mqd3wjanAj6p
      /hWlfeghQk5MFDDIK/P5VjPYNf/LAcl+os3X6sK59wOeL3uyVMT3+/ID2Mhcd/Kh
      KZwJyxpqsYUCfwR5dsOIVMiTxODN/LtRMoOo6hAVvpBj+AOjZirsgbXronJxCyLQ
      xY/59wYitc+v9Ju658wlF9en4jyuBWOrXRNC+npXQTY4kWyZApm31ypxlqbwD2iB
      6pK7ERVBtSrMxwxUP0wbVonJajdGkLSjbJ28hhcjszP9iNgaYeLDnA0CgYAuS7qw
      76lLIo580IxgKEmRpUd2SESvhzK02pcjMRY/leEXxPFTFb5eKLha9hzp1DIv07ki
      h7icnhJhv7j3adoNYn7IrcV+Hze6dvpCsgr8yXPJz/HpsnJVLkyBix+CdP8l3mO1
      6RfFQQgSQvkpra6UawAEbg877/D+yW70d7aGiQKBgQCFLuxQdFVxBVC0YOwFy2iv
      DqVsahCWDY5GpYMQ89p23YdXcfcYJqzEt4NfNxnl979xp0DaTsWTmGeDsizXTPOU
      sK8avhsuHlz9pX7Ckv6Y/TD9frL94NCW6FYISNhGVQ3TQc5lDsgxNupWcauQ6PAT
      LVlkom/WSabqx1nbkY+cEA==
      -----END PRIVATE KEY-----

      Puttygen says "Unrecognised key type"
      Did something change? I tried to add "RSA" in the new key description but puttygen says"ANS.1 decoding failure"

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Don't get me wrong, but now you can just revoke the key and move on. Other than that, the difference is that the first one is encrypted (RSAPrivateKey), the other is unencrypted (PKCS#8 PrivateKeyInfo)

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by

          This would be easier to figure out if we had your public IP.  ;D  ;D  ;D

          (When I upgrade or change pfsense or its keys but the IP stays same, I always have to blow away the earlier reference to the machine from before I did the update or change or else SSH just won't let me in til I do so.  Lucky for me the error message on ubuntu always tells me exactly what to blow away)

          1 Reply Last reply Reply Quote 0
          • H
            horace
            last edited by

            Don't worry, these box are for testing only :D
            I still don't understand how can i convert the key in order to use it with putty. Did i something wrong?

            EDIT: grammar

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              Not sure - Never had that happen.  Only errors I ever get is when I make changes and the IPs and keys no longer match and I get the usual "OMG you are being tricked" warning.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @horace:

                I still don't understand how can i convert the key in order to use it with putty. Did i something wrong?

                You can use pkcs8 or rsa tools shipped with openssl to convert between those two:

                http://linux.die.net/man/1/pkcs8
                http://linux.die.net/man/1/rsa

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.