Ssh private key using private vault

Hi,
The problem is that my credentials is only one specific entry and it mostly used to enter you AD credentials. Could you try to create an entry in the private vault instead?

David,

My mistake ... I always mix up the terminology regarding personel credentials and private vault.

What I meant to say is when using a private vault entry for the private key you can't specify a user for the private key to be used against. When using this private vault entry to override the credentials in the "master" session the private key does not work because the correct (for the private key) user isn't used.

Regards,
Jan-Pieter

If I understand correctly we would need to change the application to specify both; the private key and the credentials

David,

If the private vault entry for a private key has the option to also specify the credentials I think that will do the trick indeed.

Regards,
Jan-Pieter

When is this expected to be implemented?

Regards,
Jan-Pieter

I hope to include this in RDM 9.5 but I can't give you a time frame for now.

This is getting very urgent for us as we already have gone into production with systems only reachable with this kind of mechanism.

Now I'm creating an additional SSH Shell session in my private vault direclty specifying the username and the private key.

This is assigned to Hubert. He should begin this Monday.

Hello, Jan-Pieter,

We have added a "My Personal Private Key" entry, which works like the "My Personal Credentials" entry.
The change will be included in an upcoming build.

Regards

Hubert,

Thank you. I will test this when it becomes available.

I have another question however. Am I correct in assuming this way I can only have one private key entry for myself?

I think the best way to solve this issue and to have multiple personal private keys in the private vault is to adapt the credential entry for private keys to be able to specify a username also and when using this entry to pass both username together with the private key to the session it is specified for.

Regards,
Jan-Pieter

Hi,
You're right you will be able to specify one private key. We still have a todo to specify the private key and the username together. We also plan to support the user specific setting for the private key. Unfortunately we are about to release the version 10 and we won't have the time to implement those requests. We will do our best to do it after the final release.

David,

I understand.

Tnx,
Jan-Pieter

I have installed RDM 10 and tried the "My Personal Private Key" entry and I will share this temporary work around for only one environment (i.e. one user/private key combination).

Create a My personal credential entry (File\My Account Settings\My personal credentials) of type Username/Password and enter only your username (OK to save)
Create a My personal private key entry (File\My Account Settings\My personal private key) by pointing to the private key file or adding it as data (also enter passphrase if applicable or have login ask you for it).
Create a session under All entries, at Credentials choose My personal credentials (no need to select type as it always seems to choose Username/Password) and at Private Key tab choose My personal private key at Private key type.

Again this is only a work around for one single environment; should you have more than one private key you'll have to wait until the private key credential entry also allows you to specify the username (and use that username when connecting using the private key).
As soon as this is implemented you can use altering User specific settings for a session to specify the private key defined in your private vault.

Hi,
Hubert just did the user specific setting modification. This will be in the next minor update.

Is it in 10.0.1.0 and what exactly is (being) implemented? Using the private vault private key entry or an additional add-on to the work-around using my personal credential and my personal private key?

Hello Jan-Pieter,

As you said, there is the option to set a "My personal private key" which you can use when you choose a private key.

In addition to that, there is also a new override for the private keys. If you right click a connection and choose "Edit entry (user/local specific settings)", connections which support private keys will have the "settings" tab. This tab has an override for the private key, if supported.

I hope this helps you,

Regards

Ok, so I can create an entry stating to use my personal credential and then either have the private key of this session point to my personal private key or override the private key (via user/local specific setting) and have it point to the private key entry in the private vault.

This still only supports 1 environment using private keys (unless the userid is the same in all environments).

Are you still looking at the option to change the private key entries so they contain both the private key and the username for the private key? This would be the most logical and most flexible solution.

In your case you should not use My Personal Credentials or My Personal Private Key. Use only the user specific setting to override the default credentials and private key.

That is what I was trying initially however if you override the default credentials and private key you can't specify an alternative username so the private key seem to be tried together with my laptop credentials.
The private key entry should also contain a username/userid field.

I really don't understand. Why do you need an alternative user name. I must be missing something in your scenario. Is it the for pass phrase in the private key?

Even if I add a username and password, if I don't apply them at the right position it won't help. That's why I need to understand where you input your two different usernames.

We create a global session without a username and without a private key for everyone and let them use "user specific settings" to override the credentials from their private vault.
If you do this and specify a private key defined in the private vault it doesn't have a username and uses (as far as I can see) the username of my laptop (i.e. the computer RDM is running on). But a private key is always combined with a username and in our case a local username on the destination server. The pass phrase is just an extra protection on the private key and has nothing to do with it.

But where physically I should enter the username in the SSH configuration?

The private key entry should also have a username option and supply it to the host when connecting.

I have created an SSH Shell entry in my private vault stating the Username on the general tab and the private key on the Private Key tab and that works fine.
When you would create such an entry in the general sessions and override the credentials with a private key entry from the private vault it should use the extra username option together with the private key just like when you would have a SSH Shell entry stating the Username en Private Key directly.

Ok,
Thank you for the clarification

Hello,

For My Personal Private Key and private key credentials, a text field has been added to specify a username. It will override the username if specified, but will not if it's left empty.
The change will be available in an upcoming version.

Regards

Hubert,

I have just tested the beta version 10.0.6 and tested the username field for the private key.

When I take an ssh shell session entry, edit it for user specific settings, go to the Settings tab and enter a private key with username it works (i.e. connects to the server using the username/private key combination).
However when I add the same private key (with username) to the private vault and edit the same ssh shell session entry, edit it for user specific settings, go to the general tab, choose override credentials, choose Private Vault credential entry and choose the private key from the private vault the session does not connect.

Regards,
Jan-Pieter

Hello Jan-Pieter,

I am able to reproduce the bug. We will work on fixing this problem and adding support for private vault when selecting the private key type (File, Data, Credential repository, etc) as soon as possible.

Thank you for your feedback.

Regards,

Just keeping you informed: I upgraded to 10.1.1.0 and using the private key entry with user override defined in the private vault as user specific setting for a SSH Shell connection still doesn't seem to work.

Could you send some print screen to Hubert. We must have a different understanding on how you use it. You could use the private message or send it to hmireault at devolutions.net

I have sent some print screens to Hubert.

Thank you

Hello jan-pieter,

Thank you for the screenshots, it was easier to see what you meant.
The credentials override is not made for this specific case. Instead, in the next version, we will add an option for Private Vault entry selection in User/Local specific settings > Settings tab > Private key type. You will be able to select your private key entry from there. I have attached a screenshot to illustrate what it'll be like.
It will be available in the next version.

Regards,

I already suspected my lack of explaining was the main issue ;-)

Sounds like your solution will work just fine.
Is it possible to let me know which non-beta version will have (or has) this implemented?

We hope to release a minor update today or tomorrow.

This is now available.

I have just tested it and it works like a charm.

Thank you and happy holidays!
Jan-Pieter

User specific settings on a Group/Folder can't be configured with Private keys.
Which means private keys can't be inherited on sessions below the folder.
We need this, to avoid adding user specific settings on each session where we use private keys to login.

Hello Michael,

Does the current private key entry type work as a login method for you? If it does, the next version of RDM will include the "Private vault search" credential method in groups, which means you could achieve something like this:
1. Create a private key entry in your private vault, making sure to set its global availability to Available
2. In the group's properties, set the credential type to Private Vault Search, and enter the name of the private key entry you just made
When opening the connections set as inherited, it should use the private key entry as its credentials. The way the private vault search works, if it's unable to find an entry, it will prompt you with the private vault entry list so you can choose whichever one's applicable.

This should be a decent workaround for this issue for the moment.

Regards,

Not sure I understand it 100%, but as it is today in RDM, a private key is not a "credential", it is a specific settings on sessions supporting private key settings. This setting can be overridden by user specific settings on these types of sessions.

I can actually already choose a private key from my private vault as a credential on a session or on a folder, but it does not work.
Private keys only work in the "private key settings", not as credentials, and there by do they not work with credential inheritance, as they are not "Credentials" in RDM.

What we need is the ability to add the private key settings on a folder/group and enable inheritance on the private key settings on sessions.

So because of this observation, I'm not sure the Private Vault Search will change the fact, that private keys don't work as "normal" credentials.

Ah, you would be right. I forgot we don't allow the private key as normal credentials even if we can specify the username now. We'll check what we can do about this use case and add it to our todo list. Thanks for the detailed description!

Regards,

Sorry for the delayed response, but good news, we'll have support for private keys in credentials in the next version of RDM! Feedback is appreciated.

Regards,

Sorry to resurrect this thread, but I'm having a similar problem.

I'm on RDM 2023.1.23.0

I use private keys to connect to a given group of hosts. They have the same username, no password and a .ppk private key file used to connect to them.

I'm currently trying Devolutions as a suggestion, coming from mRemoteNG. In it, I am able to select a 'putty session' in which I saved a profile in Putty and loaded it into my group of hosts in mRemoteNG. All I had to do was to setup an autologin username in this profile and point to my .ppk file (Connection > SSH > Auth, just in case). Then, in mRemoteNG i have some settings that allow me to have every host under this folder (which has the putty session attached to it) to load the same configurations.

I imported my mRemoteNG connections and had to tweak some things, which is ok. But I'm having trouble to set my private key. I am able to make it work, but only if I set it individually to each connection.

When I set the folder, Connection > VPN/SSH/Gateway > Credentials, then:

1) Tried my personal credentials, pointing to the file in my computer. Works individually, but doesn't inherit.

2) Added a Private Key entry to my vault, uploading my private key file.

2a) Tried "Find by name (User Vault)", as mentioned in this thrad. No success whatsoever, not even individually. Doesn't look like it is able to find the key by name at all.

2b) Tried "Vault" and I'm able to select my private key. Works individually, but also doesn't inherit.



What do I need?

The private key settings being able to be inherited by child items, with no need to mess with the individual item properties after creating it in its folder. Is that possible to do?

Again, I'm sorry to resurrect it, but I thought it would be better, since it looks like the last update said it was possible to do.

Hello Philip,

Thank you for reaching out to us regarding this,

I see, from your description, I'm wondering if simply using the "Batch Edit" to perform the change to all your SSH entries in a single folder would work?

This would allow you to set the "Private Key Type" field in your entry "Properties" to "Vault" and point to the desired "Private Key" entry.

We have the following knowledge base article regarding this:
https://help.remotedesktopmanager.com/commands_batchedit.html

Let me know,

Best regards,

For existing connections, that would work, yeah, but for new entries I'd have to manually set its properties after creating it individually

Hello Philip,

Thank you for your reply,

I see, I've discussed this with our engineering department and unfortunately, it would not be possible to have the "Inherited" option for the "Private Key Type" field,

Perhaps using "Templates" with the Private Key already configured would save you some time when creating the entries, we have the following knowledge base article regarding this: https://help.remotedesktopmanager.com/file_templates.html

Let me know if you have further questions,

Best regards,