18

I am attempting to connect to an Amazon EC2 Server via Mac Terminal. I have a PPK file that does not have a password attached to it, but when I try to connect I get a popup box that says "Enter the password for the SSH Private Key."

So we tried creating a PPK that has a password - but it does not accept the password, it still rejects the connection.

I have a Windows user who is able to connect using the same PPK on Putty.

Has anyone experienced this issue?

Chris
  • 5,485
  • 15
  • 68
  • 130

7 Answers7

24

The mac is looking for a .pem key. The ppk is generated specifically for putty. If you don't have the original ppk key.

Download puttygen.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Then go to conversions -> export OpenSSH key. Save the output as a .pem file and try using that with the mac.

If this doesn't work can you post the command you're running from mac. Its possible you've got some extra parameter or something.

bwight
  • 3,300
  • 17
  • 21
  • Additionally some ppk keys are password protected its possible that that's also what they're referring to. – bwight Feb 23 '12 at 20:06
  • 1
    Thank you for the response but I get the same "Enter your password for the SSH key" popup no matter if I use the .ppk or .pem – Chris Feb 24 '12 at 00:51
  • used puttygen, imported the existing ppk file. entered a passphrase of my choice, and saved as openssh key (using the procedure listed above). ssh -i user@server ... prompted for passphrase. Entered the one I had chosen. Worked! Thanks – Kiran Subbaraman Dec 27 '12 at 11:02
  • 2
    You are spot on. However for Mac OS install putty (via brew for me) and run the command `puttygen myppkey.ppk -O private-openssh -o mypemkey.pem` – Thihara Oct 08 '15 at 02:07
  • I had exactly the same problem as described and this solution worked for me!!!!! Thanks!!!! – ipalibowhyte Oct 08 '15 at 18:42
19

Maybe your problem is with permissions for your key. I know in linux its required to change the permissions.

Taken from the website http://om4.com.au/ssh-rsa-key-pairs-passphrases-leopard/

  1. Clear the contents of your ~/.ssh directory and set the directory permissions to 700 (directories need to be "executable") $ rm ~/.ssh/* $ chmod 700 ~/.ssh

  2. Generate your rsa key pair (there are variations for this, but this is the version I used): $ ssh-keygen -t rsa

  3. Set the permissions for all files in ~/.ssh to 600 $ chmod 600 ~/.ssh

  4. Copy your id_rsa.pub key to your server’s .ssh/authorized_keys file

  5. Add your passphrase to your keychain using this command: $ ssh-add -K (you will see Enter passphrase for [your system]/.ssh/id_rsa: )

abd3721
  • 1,374
  • 1
  • 11
  • 10
bwight
  • 3,300
  • 17
  • 21
  • 7
    Setting the directory permissions to 600 effectively turns it off as a directory. It acts like you have no keys inside it at all. Do you mean for us to chmod 700 .ssh/ and chmod 600 its contents? – James Tomasino Nov 07 '12 at 18:26
  • 1
    (OS X 10.10.5 Yosemite) – the ssh-add command may give you the error *Illegal option -K*, you need to use `/usr/bin/ssh-add -K ~/.ssh/id_rsa` - there are two different versions (with a lower and uppercase *K* option that do entirely different things) and only the one in /usr/bin will permanently store your passphrase in your Keychain - otherwise when you logout or reboot it'll forget it again (this is intentional security on Linux systems.) To verify permanent storage, open the *KeyChain Access* app and search for 'id_rsa', it should show up immediately.) – William Turrell Mar 03 '16 at 14:29
  • 1
    @JamesTomasino I edited the post to correct the directory permissions. – abd3721 May 13 '16 at 20:02
  • Worked after using ssh-add without the -K option in the .ssh directory. – Riley Dec 15 '16 at 11:19
  • 3
    Don't suggest people to wipe out ~/.ssh , someone is going to actually lose keys. Just change permissions on files and directories. – anddam Dec 22 '16 at 10:01
  • 3
    I just needed the last command that allowed me to add the pass to my keychain. I recommend trying that first since it allows you to keep the existing keys. – vinnybad Dec 23 '16 at 22:42
4

The error Enter your password for the SSH key x can result from using a key of the wrong format (such as a ppk key) in ssh or sftp. This is because it is interpreted as an encrypted ssh key and so prompts for the passphrase, when actually there is no passphrase.

In OS X I was able to simulate this error by simply typing the following into the command line:

sftp -o IdentityFile=randomtextfile mysftpserver.com

The solution is to convert the file using puttygen as suggested by bwight.

Emil
  • 7,220
  • 17
  • 76
  • 135
Benedict
  • 41
  • 1
2

In addition to the other answers, the issue might come from the fact you haven't specified which user you want to connect as.

For example ssh -i francky.pem 208.52.170.43 will ask you for your password on Mac, whereas ssh -i francky.pem root@208.52.170.43 shouldn't. Note that on Linux you don't specify the user.

Dónal
  • 185,044
  • 174
  • 569
  • 824
Franck Dernoncourt
  • 77,520
  • 72
  • 342
  • 501
0

I was running into the exact same problem in MAC, I found a quite simple way of getting rid of it. Instead of using ssh -i IP address, use the following> ssh user@IP

Hope you already found the answer after this long time :)

reza
  • 1
0

In my case, the problem was the file's break type. Try this:

1.- Open the .pem file with TextWrangler

2.- At Bottom of app, verify if the Break Type is "Windows(CRLF)".

pmartinezd
  • 31
  • 1
0

This issue had me pulling my hair out for 20 min or so. Realized that I was able to connect successfully from another terminal window. In my case I just had to close out the current terminal window and use another or new window. Very strange, but may help you out.

Neil H
  • 356
  • 1
  • 6