Hello,
I want to connect to a MySQL database through SSH tunnel in the way that the SSH user would log in with a private key with passthrase.
I have a problem with this: If I want to convert the key to pem format for EntityFramework, the passthrase can be anything, it lets me login to the server. I wouldn't like it to be so. What I would like is that my code should contain the passthrase for the sake of higher safe. So far, If anyone could obtain the key, he could login to the server using SSH. That's the reason why I wouldn't like that.
What I did so far is the following:
On Linux server:
ssh-keygen -t rsa
I specify a passthrase when required.
Of course, I copy the public key into the file named authorized_keys .
I convert the rsa file to pem.
openssl rsa -in id_rsa -outform pem > server.key
This is the time when such a pem file is created that somehow contains the passthrase, because it is enough to replace the keys in order my client programs to login.
How should i convert my id_rsa file generated by ssh-keygen so that EntityFramework could use the key file and passthrase password when connecting?
Thank you in advance.
Best regards,
Imre
Connect by SSH tunneling
-
- Devart Team
- Posts: 2420
- Joined: Wed 02 Nov 2011 09:44
Re: Connect by SSH tunneling
You can use the id_rsa file in order to use a key with Entity Framework.imre.dudas wrote:How should i convert my id_rsa file generated by ssh-keygen so that EntityFramework could use the key file and passthrase password when connecting?
Please tell us what difficulties you encountered when working with a key in the id_rsa format.
-
- Posts: 18
- Joined: Thu 11 Mar 2010 20:36
Re: Connect by SSH tunneling
I give an error: "invalid IV length" if i try id_rsa file.Pinturiccio wrote:You can use the id_rsa file in order to use a key with Entity Framework.imre.dudas wrote:How should i convert my id_rsa file generated by ssh-keygen so that EntityFramework could use the key file and passthrase password when connecting?
Please tell us what difficulties you encountered when working with a key in the id_rsa format.
-
- Devart Team
- Posts: 2420
- Joined: Wed 02 Nov 2011 09:44
Re: Connect by SSH tunneling
We have reproduced the issue. We will investigate it and post here about the results as soon as possible.
-
- Devart Team
- Posts: 2420
- Joined: Wed 02 Nov 2011 09:44
Re: Connect by SSH tunneling
We have investigated the issue. Key, generated by the ssh-keygen utility can cause difficulties, because these keys are encrypted using the AES algorithm. In order to use such key you need to convert it, for example, using OpenSSL, as you did before.
You have executed OpenSSL with the following parameters:
Such call removes the AES encryption and results in an unencrypted private key server.key. You need to add an encryption parameter to encrypt your key and use it with a passphrase:
After starting this command, you will be prompted to enter the passphrase to remove the AES encryption. Then you will be prompted to enter a new passphrase to encrypt the key using DES. After this you will get the key that can be used with our provider.
You have executed OpenSSL with the following parameters:
Code: Select all
openssl rsa -in id_rsa -outform pem > server.key
Code: Select all
openssl rsa -in id_rsa -outform pem -des3 -out server.key