Scheduled opening/closing of ports

Discuss and get help to configure CacheGuard to protect Web servers
Douglas
Posts: 55
Joined: 15 Feb 2018 12:04

Re: Scheduled opening/closing of ports

Post by Douglas »

Just used Putty Key Generator. Saved the private key on the machine that generated it and yes its the same machine trying to change the firewall rule state. Do I have to do anything else with the private key than that?
I left Key passphrase empty, until I get this working. That's not the cause is it?
Douglas
Posts: 55
Joined: 15 Feb 2018 12:04

Re: Scheduled opening/closing of ports

Post by Douglas »

Might a screenshot of the public key from "admin ssh key" assist?
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Scheduled opening/closing of ports

Post by david »

Well, if you used putty to generate the SSH keys, please try to connect to your CG using putty (instead of using the ssh command) to check if the password is still requested or not.

Actually the place where the private SSH is stored is important. I don't know where putty saves a private key but under a Linux machine (if you used the command ssh under Linux), the private ssh key is stored in the ${HOME}/.ssh/ directory and it is named id_rsa (for an RSA key).

BR,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Douglas
Posts: 55
Joined: 15 Feb 2018 12:04

Re: Scheduled opening/closing of ports

Post by Douglas »

Thanks, followed this
https://devops.profitbricks.com/tutoria ... ivate-keys
and now getting "Server refused our key".
Is "SSH2" ok?
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Scheduled opening/closing of ports

Post by david »

Yes it's SSH2. Did you get the "Server refused our key" message from puTTY or another SSH client? Can you please copy the output of the following command and paste it here?

Code: Select all

admin ssh key
Normally puTTY generates DOS format textual files (shown with a ^M at the end of each line by the Linux vi editor). DOS (and Windows) uses carriage return and new line ("\r\n") characters as a line ending while Linux uses just a new line character ("\n").

Also the content formats of SSH key files generated by puTTY are not the same as the format used under Linux. As CG is based on Linux, it expects to receive Linux/UNIX format textual files (without ^M at the end of each line) and the content of SSH keys should be in the following format:

For the public: ssh-rsa <the-public-key-content>
(on a single line and without the ^M at the end of the line):

For the private key (if the SSH client is a Linux/UNIX machine):
-----BEGIN RSA PRIVATE KEY-----
<the-content-of-the-line-1>
<the-content-of-the-line-2>
...
<the-content-of-the-line-n>

-----END RSA PRIVATE KEY-----

You can use the command dos2unix under a Linux machine to convert DOS files to UNIX files. You can also manually remove all ^M characters from files generated by puTTY using the vi editor.

What is your OS at the client part? Is it a Linux or a Windows machine?

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Scheduled opening/closing of ports

Post by david »

Also FYI the puTTY Key Generator program allows you to convert the generated private key to an OpenSSH key format. If you plan to use a Linux machine as the SSH client side that can help.

BR,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Douglas
Posts: 55
Joined: 15 Feb 2018 12:04

Re: Scheduled opening/closing of ports

Post by Douglas »

admin ssh key 0: ---- BEGIN SSH2 ...IN SSH2 PUBLIC KEY ----
1: Comment: "rsa-ke...ent: "rsa-key-20180810"
2: AAAAB3NzaC1yc2EA...Wu7cYIDYoz7tLjSOEas2V4s
3: J3c72r60C9gitV6r...QRCmdA6IWOyIm/2Gr+xXa1h
4: 3an8xE6f1rUP+AOU...3sxGCAwiNlYdkoJadWh+pt+
5: M5RCdLQi05PQ5iA6...4FWk/v/k1UNm0KJzsvHUuBg
6: o6oTAYZHQdtOSZvF...Ob+wuhEXHkNMxJBdB/e9+fE
7: +5T+PvrKu57b5F1+...NT68O36sE+M8C52zNRyuQ==
8: ---- END SSH2 PU...ND SSH2 PUBLIC KEY ----

Windows.
Douglas
Posts: 55
Joined: 15 Feb 2018 12:04

Re: Scheduled opening/closing of ports

Post by Douglas »

Sorry should have said "Server refused our key" message was from puTTY.
SSH client side will be Windows.
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Scheduled opening/closing of ports

Post by david »

Hi,

Thank you for your post. Well I see! The issue comes from a wrong format used in your public SSH key file as described in my last post. As your public key is not in an OpenSSH format and contains new lines, it has been considered as a file containing multiple SSH public keys (9 public keys in your case numbered from 0 to 8).

Please use the following command to erase all imported SSH keys:

Code: Select all

admin ssh key raz
Therefore edit your SSH public key file and convert it into an OpenSSH format. In you case it should be as follows:
ssh-rsa AAAAB3NzaC1.......NT68O36sE+M8C52zNRyuQ==

And finally re-import the SSH public key file in its OpenSSH format.

BR,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Scheduled opening/closing of ports

Post by david »

Are you going to use puTTY as your SSH client under windows your another SSH client?

I ask this question because it's mandatory that your SSH client uses the right SSH private key in the right format (OpenSSH or other format) and found at the right place on your client machine.

BR,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply