Azure VM –generate-ssh-keys, no passphrase

I’ve created an Azure Ubuntu VM, using azure cli with the following command:
az vm create
–resource-group rgName
–name vmName-$RANDOM
–image UbuntuLTS
–admin-username adminName
–generate-ssh-keys

When attempting to ssh into the new vm with ssh adminName@, I’m presented with a login prompt to enter a passphrase.

Unfortunately, my linux user password does not unlock the private key. You can see I didn’t specify a passhphrase during the VM creation.

It looks like I created some Azure SSH keys previously and this vm build process put these new ssh keys in the same key store.

How do I determine which method from the docs I used to initially create the keys?

Standard for Generating Multiple WEP Keys From a Passphrase

I’ve been reading a lot about WEP recently and why it was bad. To make sure I understand it, I’ve been writing scripts to show how it works and highlight its vulnerabilities. But I want to have a full understanding from start to finish, and I can’t find what I need for the very beginning.

Since WEP can operate on four keys, something needs to be able to generate four keys. My router can do this based off a passphrase. If I put ‘badpw’ as the passphrase, I get the keys:

1: 02CB778981
2: C27236DFB1
3: C90C104FA2
4: A804571CC0

If I enter the same passphrase on http://www.wepkey.com/, I get the same four keys. So its clear that the same algorithm is used in both cases, but I can’t for the life of me find it.

So, what would the psudocode be to derive those four WEP keys from a passphrase?

gpg agent and caching symmetric encryption passphrase for writing

With public-key encryption, one can encrypt and decrypt a file repeatedly if gpg-agent caches the passphrase for the key. However, with symmetric encryption I’m always prompted for the passphrase when encrypting even if gpg-agent obviously has the passphrase cached because I’m not prompted when decrypting.

This is related to gpg2 –symmetric and passphrase, but there the OP wants to be prompted always, here I want to be never prompted. Can gpg/gpg-agent be configured to do that?

ssh with passphrase, fallback to Google Authenticator

With the introduction of Google Authenticator and the ability to use it with ssh I was wondering if someone has gone through a sshd_config setup which would

  • first expect a key
  • if this fails, fall back to an authentication with Google Authenticator

The idea being to usually connect seamlessly with a key and, usually in less friendly environments, connect with a two factor mechanism.

GNOME keyring daemon sometimes not asking for passphrase, need to provide it via command line

I use a CentOS 7.5 machine, set up with pubkey authentication to ssh to remote servers. Normally, as soon as I ssh to the first server, I get a GNOME graphical prompt asking to type my passphrase to unlock the secret key, so it is not asked anymore during the GNOME session.

However, sometimes I get asked for the passphrase directly in the terminal:

Enter passphrase for key '/home/dr01/.ssh/id_rsa': 

This is annoying as then I would have to type the passphrase every time I connect to a server. Therefore, in these cases I simply reboot the machine.


The GNOME Keyring daemon runs at boot as /usr/bin/gnome-keyring-daemon --start --components=pkcs11.

Restarting it has no effect:

[dr01@centos7 ~]$ /usr/bin/gnome-keyring-daemon -r 
** Message: Replacing daemon, using directory: /run/user/1001/keyring
GNOME_KEYRING_CONTROL=/run/user/1001/keyring
SSH_AUTH_SOCK=/run/user/1001/keyring/ssh

as afterwards it still asks for the private key’s password in the command line.

I’ve also tried to restart it with

/usr/bin/gnome-keyring-daemon -r --unlock

but it hangs. A strace prints this:

(...)
read(3, "335{232316.3533352216277321f326A3342722342227246V`262265300213@273>%3032"..., 120) = 120
getrusage(RUSAGE_SELF, {ru_utime={0, 2440}, ru_stime={0, 7321}, ...}) = 0
times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 429541253
futex(0x7f0889a5e548, FUTEX_WAKE_PRIVATE, 2147483647) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f088aa6a000
mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f088aa66000
mlock(0x7f088aa66000, 16384)            = 0
read(0, 

and it freezes after the read(0,.

How can I fix this issue?

Change LUKS passphrase, which device?

I have Ubuntu 18.04 installed on my UEFI machine. I want to change the passphrase of my luks encrypted volume. I already know the commands of how to do this. However I don’t know which device I need to choose for changing the key ? The EFI parition which is smaller than 1GB or the root partition which takes the whole space of the system ?

Recovering Encrypted Home Directory With Ecryptfs – Passphrase not working

My computer recently failed and I’m now trying to recover files off my external SATA SSD via LiveUSB.

  • I don’t remember encrypting my computer, but I’m receiving the ACCESS_YOUR_…. file when navigating to the partitions home folder through terminal
  • Using sudo ecryptfs-mount-private gives the error Encrypted private directory not setup properly
  • I then use sudo ecrpytfs-recover-private and it finds the encrypted folder that I am trying to access
  • I choose to login with my passphrase but always receive the error Unwrapping password and inserting into user session keyring failed [-5]

The thing is, I know that I am entering the correct login passphrase for this account. I only use one or two passphrases to get in, and I’ve tried every single password that I can think of using in the last few years.

Is there anything that I could be missing that would be causing this to happen? I’m stumped and cannot understand why I can’t get in. I do not have my mount passphrase, and really need the files off this computer.

Possibly relevant: this SSD is unable to be booted in the Lenovo computer that I took it from, but it does show up on both OS X and via USB. Could the configuration have gotten messed up somehow? My computer shut down randomly one day and simply refuses to boot into the SSD partition from the bootloader, although it does see it.

What steps can I take to further diagnose this problem and get into my folder? I am willing to try everything and will report back with outputs. Any help is very appreciated, and I will throw btc to anybody that can help me out. Thank you.