Connect by SSH tunneling

Connect by SSH tunneling

Postby imre.dudas » Thu 23 Jan 2014 17:08

Hello,

I want to connect to a MySQL database through SSH tunnel in the way that the SSH user would log in with a private key with passthrase.

I have a problem with this: If I want to convert the key to pem format for EntityFramework, the passthrase can be anything, it lets me login to the server. I wouldn't like it to be so. What I would like is that my code should contain the passthrase for the sake of higher safe. So far, If anyone could obtain the key, he could login to the server using SSH. That's the reason why I wouldn't like that.

What I did so far is the following:

On Linux server:

ssh-keygen -t rsa

I specify a passthrase when required.

Of course, I copy the public key into the file named authorized_keys .

I convert the rsa file to pem.

openssl rsa -in id_rsa -outform pem > server.key

This is the time when such a pem file is created that somehow contains the passthrase, because it is enough to replace the keys in order my client programs to login.

How should i convert my id_rsa file generated by ssh-keygen so that EntityFramework could use the key file and passthrase password when connecting?

Thank you in advance.

Best regards,

Imre
imre.dudas
 
Posts: 18
Joined: Thu 11 Mar 2010 20:36

Re: Connect by SSH tunneling

Postby Pinturiccio » Tue 28 Jan 2014 15:17

imre.dudas wrote:How should i convert my id_rsa file generated by ssh-keygen so that EntityFramework could use the key file and passthrase password when connecting?

You can use the id_rsa file in order to use a key with Entity Framework.

Please tell us what difficulties you encountered when working with a key in the id_rsa format.
Pinturiccio
Devart Team
 
Posts: 1893
Joined: Wed 02 Nov 2011 09:44

Re: Connect by SSH tunneling

Postby imre.dudas » Fri 31 Jan 2014 11:58

Pinturiccio wrote:
imre.dudas wrote:How should i convert my id_rsa file generated by ssh-keygen so that EntityFramework could use the key file and passthrase password when connecting?

You can use the id_rsa file in order to use a key with Entity Framework.

Please tell us what difficulties you encountered when working with a key in the id_rsa format.


I give an error: "invalid IV length" if i try id_rsa file.
imre.dudas
 
Posts: 18
Joined: Thu 11 Mar 2010 20:36

Re: Connect by SSH tunneling

Postby Pinturiccio » Mon 03 Feb 2014 15:01

We have reproduced the issue. We will investigate it and post here about the results as soon as possible.
Pinturiccio
Devart Team
 
Posts: 1893
Joined: Wed 02 Nov 2011 09:44

Re: Connect by SSH tunneling

Postby Pinturiccio » Thu 06 Feb 2014 15:51

We have investigated the issue. Key, generated by the ssh-keygen utility can cause difficulties, because these keys are encrypted using the AES algorithm. In order to use such key you need to convert it, for example, using OpenSSL, as you did before.

You have executed OpenSSL with the following parameters:
Code: Select all
openssl rsa -in id_rsa -outform pem > server.key

Such call removes the AES encryption and results in an unencrypted private key server.key. You need to add an encryption parameter to encrypt your key and use it with a passphrase:
Code: Select all
openssl rsa -in id_rsa -outform pem -des3 -out server.key

After starting this command, you will be prompted to enter the passphrase to remove the AES encryption. Then you will be prompted to enter a new passphrase to encrypt the key using DES. After this you will get the key that can be used with our provider.
Pinturiccio
Devart Team
 
Posts: 1893
Joined: Wed 02 Nov 2011 09:44


Return to dotConnect for MySQL