SSH Key - Prompt for passphrase on only 1 of the entire list of Windows servers

Question

I generated ssh private and public key on Unix hostx.

I use this private key C:\\Temp\\id_rsa_tmp on several Windows hosts to establish ssh connections.

The same ssh command (having same user windowsuser, same private key C:\\Temp\\id_rsa_tmp, and similar file permissions) works on only one of two Windows hosts viz host1(works) and host2(doesn't work).

The command prompt with administrative priviledges was used on both the hosts to fire the ssh commands.

Can you tell me how can I get ssh to work on host2?

ssh command works on windows host1. Below are the details and debug:

ssh version:

C:\Users\windowsuser_app>ssh -V

OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5

working ssh command in debug mode on host2 output.

C:\Users\windowsuser_app>ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes  -i C:\Temp\id_rsa_tmp windowsuser@sshdestunixhost.ec2.internal -vvvv

OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5

debug3: Failed to open file:C:/Users/windowshost1user/.ssh/config error:2

debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2

debug2: resolving "sshdestunixhost.ec2.internal" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to sshdestunixhost.ec2.internal [10.236.111.132] port 22.

debug1: Connection established.

debug3: Failed to open file:C:/Temp/id_rsa_tmp.pub error:2

debug1: key_load_public: No such file or directory

debug1: identity file C:\\Temp\\id_rsa_tmp type -1

debug3: Failed to open file:C:/Temp/id_rsa_tmp-cert error:2

debug3: Failed to open file:C:/Temp/id_rsa_tmp-cert.pub error:2

debug1: key_load_public: No such file or directory

debug1: identity file C:\\Temp\\id_rsa_tmp-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8

debug1: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000

debug2: fd 3 setting O_NONBLOCK

debug1: Authenticating to sshdestunixhost.ec2.internal:22 as 'windowsuser'

debug3: hostkeys_foreach: reading file "/dev/null"

debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2

debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c

debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none

debug2: compression stoc: none

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com

debug2: compression stoc: none,zlib@openssh.com

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:G30hPfj8wcOy2j0J1HP27r4CVK8CQJYpnI+byFqkHdw

debug3: hostkeys_foreach: reading file "/dev/null"

debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2

debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2

debug3: hostkeys_foreach: reading file "/dev/null"

debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2

debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2

Warning: Permanently added 'sshdestunixhost.ec2.internal,10.236.111.132' (ECDSA) to the list of known hosts.

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey after 134217728 blocks

debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2

debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory

debug2: key: C:\\Temp\\id_rsa_tmp (0000000000000000), explicit

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,null>

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 53

debug3: input_userauth_banner

 

This system is for the use by authorized users only. All data contained

on all systems is owned by the company and may be monitored, intercepted,

recorded, read, copied, or captured in any manner and disclosed in any

manner, by authorized company personnel. Users (authorized or unauthorized)

have no explicit or implicit expectation of privacy. Unauthorized or improper

use of this system may result in administrative, disciplinary action, civil

and criminal penalties. Use of this system by any user, authorized or

unauthorized, constitutes express consent to this monitoring, interception,

recording, reading, copying, or capturing and disclosure.

 

IF YOU DO NOT CONSENT, LOG OFF NOW.

 

##################################################################

# *** This Server is using Centrify                          *** #

# *** Remember to use your Active Directory account          *** #

# ***    password when logging in                            *** #

##################################################################

 

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: C:\\Temp\\id_rsa_tmp

debug3: sign_and_send_pubkey: RSA SHA256:nnTbYix3EFZOXRjHsisNhaytryYKaxBR3ruB14DHQFo

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 52

debug1: Authentication succeeded (publickey).

Authenticated to sshdestunixhost.ec2.internal ([10.236.111.132]:22).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug3: send packet: type 90

debug1: Requesting no-more-sessions@openssh.com

debug3: send packet: type 80

debug1: Entering interactive session.

debug1: pledge: network

debug1: console supports the ansi parsing

debug3: Successfully set console output code page from:437 to 65001

debug3: Successfully set console input code page from:437 to 65001

debug3: receive packet: type 80

debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

debug3: receive packet: type 4

debug1: Remote: /home/windowsuser/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding

debug3: receive packet: type 91

debug2: channel_input_open_confirmation: channel 0: callback start

debug2: fd 3 setting TCP_NODELAY

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 1

debug3: send packet: type 98

debug2: channel 0: request shell confirm 1

debug3: send packet: type 98

debug2: channel_input_open_confirmation: channel 0: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug3: receive packet: type 99

debug2: channel_input_status_confirm: type 99 id 0

debug2: PTY allocation request accepted on channel 0

debug2: channel 0: rcvd adjust 2097152

debug3: receive packet: type 99

debug2: channel_input_status_confirm: type 99 id 0

debug2: shell request accepted on channel 0

Last login: Fri Aug 18 01:49:18 2023

debug2: client_check_window_change: changed

debug2: channel 0: request window-change confirm 0

debug3: send packet: type 98

$ success

ssh fails and prompts for passphrase on Windows host2. Below are its details:

ssh version:

C:\Temp>ssh -V

OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015

failing ssh output on host2 in debug mode:

C:\Users\windowsuser_app>ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes  -i C:\Temp\id_rsa_tmp windowsuser@sshdestunixhost.ec2.internal -vvvv

OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015

debug1: Reading configuration data /etc/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to sshdestunixhost.ec2.internal [10.236.111.132] port 22.

debug1: Connection established.

debug1: key_load_public: No such file or directory

debug1: identity file C:\\Temp\\id_rsa_tmp type -1

debug1: key_load_public: No such file or directory

debug1: identity file C:\\Temp\\id_rsa_tmp-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.8

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8

debug1: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000

debug2: fd 3 setting O_NONBLOCK

debug3: hostkeys_foreach: reading file "/dev/null"

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

debug2: kex_parse_kexinit: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none

debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:G30hPfj8wcOy2j0J1HP27r4CVK8CQJYpnI+byFqkHdw

debug3: hostkeys_foreach: reading file "/dev/null"

debug3: hostkeys_foreach: reading file "/dev/null"

Warning: Permanently added 'sshdestunixhost.ec2.internal,10.236.111.132' (ECDSA) to the list of known hosts.

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: C:\\Temp\\id_rsa_tmp (0x0), explicit

debug3: input_userauth_banner

 

This system is for the use by authorized users only. All data contained

on all systems is owned by the company and may be monitored, intercepted,

recorded, read, copied, or captured in any manner and disclosed in any

manner, by authorized company personnel. Users (authorized or unauthorized)

have no explicit or implicit expectation of privacy. Unauthorized or improper

use of this system may result in administrative, disciplinary action, civil

and criminal penalties. Use of this system by any user, authorized or

unauthorized, constitutes express consent to this monitoring, interception,

recording, reading, copying, or capturing and disclosure.

 

IF YOU DO NOT CONSENT, LOG OFF NOW.

 

##################################################################

# *** This Server is using Centrify                          *** #

# *** Remember to use your Active Directory account          *** #

# ***    password when logging in                            *** #

##################################################################

 

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: C:\\Temp\\id_rsa_tmp

Enter passphrase for key 'C:\Temp\id_rsa_tmp':

Please let me know if you need more data to help debug the failing ssh.