I recently tried to login to my droplet through ssh ssh root#360productions.com and am unable to gain any access to the server what so ever. The error I keep receiving Permission denied (publickey).
I have tried the following.
Used ssh-add inside of the ssh directory to add id_rsa no success
Created new ssh key and performed ssh-add no success
Tried to copy over to server cat ~/.ssh/id_rsa.pub | ssh root#360productions.com "cat >> ~/.ssh/authorized_keys" no success
Inside the settings of my account I changed the ssh values no success
I am thinking the issue has something to do with the droplet holding onto a public key that I don't have anymore on my machine. How can I gain access again to the server successfully through ssh?
When I run a debug i get this output. Trying to deceiver what's going wrong in here.
OpenSSH_7.5p1, LibreSSL 2.5.4
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug1: Connecting to 360productions.com [2604:a880:2:d0::45:a001] port 22.
debug1: Connection established.
debug1: identity file /Users/Basecamp/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Basecamp/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Basecamp/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Basecamp/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Basecamp/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Basecamp/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Basecamp/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/Basecamp/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 360productions.com:22 as 'Basecamp'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:CI6GGFMyR17U6SoUOCwCMXBXc6JtxsuAxRX5Wdvt79Q
debug1: Host '360productions.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/Basecamp/.ssh/known_hosts:30
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Basecamp/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/Basecamp/.ssh/id_dsa
debug1: Trying private key: /Users/Basecamp/.ssh/id_ecdsa
debug1: Trying private key: /Users/Basecamp/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
How can I update the server with the correct public key?
You should specify the private key with the ssh -i option. For example:
ssh -i /home/user/.ssh/id_rsa user#host.com
If your authorized keys doesn't have the corresponding public key, you can login via the Digital Ocean website. There is a "Access" link that allows you to type in your password. You can fix the authorized_keys file from there.
Again, you need to add the public key (id_rsa.pub) to authorized_keys on the server, and specify the private key (id_rsa) with the -i option to ssh.
You won't be able to ssh in order to append the new public key if another public key isn't already there and specified with -i.
Also, you may have to specify /root/.ssh/authorized_keys, I'm not sure that ~/.ssh will work with root. Also verify the file is owned by root and has 600 permissions.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 months ago.
Improve this question
I'm working with Homestead and vagrant on my local setup. My Homestead.yaml file looks like this:
---
ip: "192.168.56.56"
memory: 4096
cpus: 2
provider: virtualbox
authorize: ~/.ssh/id_rsa.pub
keys:
- ~/.ssh/id_rsa
folders:
- map: ~/projects
to: /home/vagrant/projects
type: "nfs"
sites:
- map: volley.admin
to: /home/vagrant/projects/volleyadmin/public
type: laravel
php: "7.1"
databases:
- volleyadmin
features:
- mysql: true
- mariadb: false
- postgresql: false
- ohmyzsh: false
- webdriver: false
services:
- enabled:
- "mysql"
# - disabled:
# - "postgresql#11-main"
#ports:
# - send: 33060 # MySQL/MariaDB
# to: 3306
# - send: 4040
# to: 4040
# - send: 54320 # PostgreSQL
# to: 5432
# - send: 8025 # Mailhog
# to: 8025
# - send: 9600
# to: 9600
# - send: 27017
# to: 27017
I did vagrant up and vagrant ssh and everything looks to work. The problem is that I can't connect to my database with Sequel Ace.
My configuration looks like this:
MySQL password: secret
SSH password: secret
When I try to connect I get the following response:
Used command: /usr/bin/ssh -v -N -S none -o ControlMaster=no -o ExitOnForwardFailure=yes -o ConnectTimeout=10 -o NumberOfPasswordPrompts=3 -o UserKnownHostsFile="/Users/nielsvroman/Library/Containers/com.sequel-ace.sequel-ace/Data/.keys/ssh_known_hosts_strict" -F /Applications/Sequel Ace.app/Contents/Resources/ssh_config -o TCPKeepAlive=no -o ServerAliveInterval=60 -o ServerAliveCountMax=1 vagrant#192.168.56.56 -L 50489:127.0.0.1:3306
OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Applications/Sequel Ace.app/Contents/Resources/ssh_config
debug1: /Applications/Sequel Ace.app/Contents/Resources/ssh_config line 1: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.56.56 [192.168.56.56] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /Users/nielsvroman/.keys/id_rsa type -1
debug1: identity file /Users/nielsvroman/.keys/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.56.56:22 as 'vagrant'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:r6W0RoVMAo3PNslyC8hel/ZlozmmV4vIpdulB7LmOEc
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.56.56' is known and matches the ED25519 host key.
debug1: Found key in /Users/nielsvroman/Library/Containers/com.sequel-ace.sequel-ace/Data/.keys/ssh_known_hosts_strict:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: Operation not permitted
debug1: Will attempt key: /Users/nielsvroman/.keys/id_rsa explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/nielsvroman/.keys/id_rsa
no such identity: /Users/nielsvroman/.keys/id_rsa: No such file or directory
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
vagrant#192.168.56.56: Permission denied (publickey,password).
The SSH Tunnel could not authenticate with the remote host. Please check your password and ensure you still have access.
Your Homestead.yaml file indicates that your ssh key file is in its typical location: ~/.ssh/id_rsa. However, the debug output shows that ssh is looking in another location for the key:
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/nielsvroman/.keys/id_rsa
no such identity: /Users/nielsvroman/.keys/id_rsa: No such file or directory
^^^^^
It's looking in ~/.keys instead of ~/.ssh. The key isn't present in that location, so ssh doesn't find it and doesn't present it to the remote system.
According to the "user command" line in your debug output, ssh is being run using a nonstandard config file, /Applications/Sequel Ace.app/Contents/Resources/ssh_config. It's likely that this file contains some configuration options which cause ssh to look in the .keys directory for key files instead of the .ssh directory.
The simple solution would be to copy your key files (id_rsa and _id_rsa.pub) from your .ssh directory into this .keys directory. The key files aren't large, and there's no real problem with having them in more than one place.
Alternately, you could edit this special ssh config file to make it look for key files in the usual place. It would be necessary to identify the configuration options that are causing ssh to look in the other directory, and change or remove them. It looks like this special config file is part some software that you installed? Changing the config file might affect how the software works, or it could create extra work for you to re-edit the file every time the software is updated.
I personally had the same issue in late 2022. The fix was that I had to use same IP as in the Homestead.yaml file as the host address (which is 192.168.56.56 by default).
I installed a Cloud Datalab notebook on a Cloud Dataproc cluster following the instructions listed in the official documentation
After creating the cluster, I then created a SSH tunnel to the master node in the Cloud Shell and connected to the cluster interface using the Cloud Shell. Instructions. I could access the Jupyter notebooks after this. I used the -v verbose option to see the SSH connection logs:
gcloud compute ssh cluster-datalab-m --project=abcxyz-123 --zone us-west1-a \
-- -v -4 -N -L 8080:cluster-datalab-m:8080
But after some time, I got a popup saying "A connection to the notebook server could not be established. The notebook will continue trying to reconnect. Check your network connection or notebook server configuration." and my cluster stopped responding to any commands.
When I looked at the SSH output on the Cloud Shell, I saw that multiple channels were being requested at this point.
A preview of SSH logs just during the break point:
debug1: channel 1: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 1: free: direct-tcpip: listening port 8080 for cluster-datalab-m port 8080, connect from 127.0.0.1 port 52832 to 127.0.0.1 port 8080, nchannels 3
debug1: channel 2: free: direct-tcpip: listening port 8080 for cluster-datalab-m port 8080, connect from 127.0.0.1 port 52833 to 127.0.0.1 port 8080, nchannels 2
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 1: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 8080 for cluster-datalab-m port 8080, connect from 127.0.0.1 port 52837 to 127.0.0.1 port 8080, nchannels 3
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 2: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 3: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 4: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 5: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
debug1: channel 6: new [direct-tcpip]
debug1: Connection to port 8080 forwarding to cluster-datalab-m port 8080 requested.
I closed this SSH connection manually and then tried to SSH into the master node by clicking the SSH button on the Compute Engine console but even that was taking lot of time and didn't complete successfully.
I looked at this stackoverflow question but I couldn't find any /etc/sshguard folder in the master node so I don't think that is the issue for my case. The master node was running Debian 8.10.
Is there any way to ensure that the SSH connection (and the Jupyter notebook) works continuously?
We've updated the documentation at cluster web interfaces. Using cloud shell works for Datalab, but not Jupyter. Cloud Shell Preview only supports HTTP, but Jupyter uses websockets.
Instead, you should follow the instructions for setting up a SOCKS proxy and pointing Chrome at it. There's a handy bash script called launch-jupyter-interface.sh that does that for you. You'll just need to modify it to point to your Chrome installation.
The Jupyter tutorial also mentions using that script.
I am setting up a reverse tunnel from localhost (win7) to remoteServer (Debian). On localhost I run:
plink.exe -R 12345:localhost:22 username#remoteServer.com.
But when I try to connect back from RemoteServer to localhost I an error:
root#remoteServer:~# ssh -v -p 12345 127.0.0.1
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 12345.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
root#remoteServer:~#
I have enabled GatewayPorts yes in sshd_config and restarted sshd.
I run cmd.exe with Admin rights.
solved. Needed to install SSH server on localhost (win7). plink.exe is just a client.
tldr: I get the following error with a client/server setup with ssl:
Specifically: ssl configuration error: UseCertificateChainFile: SSL errors: PEM routines:PEM_read_bio:no start line SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
The details:
I am hosting something similar to a mysql server on ec2 (specifically mongosqld)
I need to connect to it via ssl, so I create certs using openssl on the machine using this set of instructions provided by mysql: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html
I run the server with the following command
mongosqld --schema=schema.drdl \
--addr=0.0.0.0:3307 \
--auth \
--sslMode=allowSSL \
--sslCAFile=ca.pem \
--sslPEMKeyFile=server-key.pem
And on my machine, I attach to the server like so:
mysql --protocol tcp \
--host my.host.on.amazon.com --port 3307 \
--enable-cleartext-plugin \
--ssl-cert mongosqlcerts/client-cert.pem
--ssl-key mongosqlcerts/client-key.pem
--ssl-ca mongosqlcerts/ca.pem
On the client side I get the following error:
SSL connection error: error:00000001:lib(0):func(0):reason(1)
On the server logs, a bit more helpful:
mongosqld starting: version=v2.3.1 pid=11461 host=ip-xx-xx-xx-xx
I CONTROL [initandlisten] git version: fa3535342a4c5abe36e3cc28a2ecf72864dfc6fe
I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
I CONTROL [initandlisten] options: {schema: {path: "schema.drdl"}, net: {bindIp: [0.0.0.0], ssl: {mode: "allowSSL", PEMKeyFile: "server-key.pem", CAFile: "ca.pem"}}, security: {enabled: true}}
I NETWORK [initandlisten] waiting for connections at [::]:3307
I NETWORK [initandlisten] waiting for connections at /tmp/mysql.sock
I NETWORK [conn1] connection accepted from 108.20.XXX.XXX:63353 #1 (1 connection now open)
E NETWORK [conn1] handshake error: ERROR 1043 (08S01): recv handshake response error: ERROR 1043 (08S01): ssl configuration error: UseCertificateChainFile: SSL errors: PEM routines:PEM_read_bio:no start line
SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
2017-12-01T22:24:50.394+0000 I NETWORK [conn1] end connection 108.20.XXX.XXX:63353 (0 connections now open)
Specifically: ssl configuration error: UseCertificateChainFile: SSL errors: PEM routines:PEM_read_bio:no start line
SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
Can anyone help me parse that error.
Thanks friends!
I got it!
so for the sslPEMKeyFile argument in mongosqld as stated in the docs you need to
Specifies the .pem file containing both the TLS/SSL certificate and key for MySQL clients. Specify the file name of the .pem file using relative or absolute paths.
So when I used openssl to create ca, server-cert and key files, I needed to create a new file that combined the private-key and the server-cert
so I created a new file called combined.pem with the following text in it:
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
and started the server with that and it worked!!!
I'm using vagrant and I'm using the following config to connect to my database.
SSH Password ist the private_key file in the /.vagrant/machines/default/virtualbox/ folder. This worked without any problems, but since I've updated to El Capitan, I can't connect.
I'm getting those details
Querious was unable to create an SSH connection because the remote host denied permission.
Double-check that the SSH user name and password (or public key, if using key-based authentication) are correct.
OpenSSH_6.9p1, LibreSSL 2.1.7
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/tzfrs/work/Server/194.6.226.31/.vagrant/machines/default/virtualbox/private_key type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/tzfrs/work/Server/194.6.226.31/.vagrant/machines/default/virtualbox/private_key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 127.0.0.1:2222 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64#openssh.com none
debug1: kex: client->server aes128-ctr umac-64#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:kBFNbCLWp1m4X03xMWxWeCjaQUEa426OsJ5IC/PNisM
debug1: Host '[127.0.0.1]:2222' is known and matches the RSA host key.
debug1: Found key in /Users/tzfrs/.ssh/known_hosts:11
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/tzfrs/work/Server/194.6.226.31/.vagrant/machines/default/virtualbox/private_key
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: permanently_drop_suid: 502
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
As requestes this is the output of vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /Users/tzfrs/work/Server/194.6.226.31/.vagrant/machines/default/virtualbox/private_key
IdentitiesOnly yes
LogLevel FATAL
What do I have to do to make it work again?
I had the same problem, connecting with PSequel to the Postgresql database in the Vagrant box. Two variations of the same solution:
Vagrant key
Execute vagrant ssh-config
You'll see a line IdentityFile containing something like /Users/stefbastiaansen/vm/precise-pangolin/.vagrant/machines/default/virtualbox/private_key
Connect to ssh -p 2222 -i /Users/yourusername/vm/precise-pangolin/.vagrant/machines/default/virtualbox/private_key vagrant#127.0.0.1 in a new terminal window
You'll get the notice that the authenticity of the host (127.0.0.1:2222) could not be confirmed, and the question if you're sure you wanted to continue connecting. Answer yes.
Then open PSequel (Postgres) or Sequel Pro (MySQL) and configure it for SSH tunneling.
Host: 127.0.0.1
Port: 2222
User: vagrant
Identity File: /Users/yourusername/vm/precise-pangolin/.vagrant/machines/default/virtualbox/private_key
Connect.
Your own key
Copy your public key to the clipboard: pbcopy < ~/id_rsa.pub
ssh vagrant
Add your public key to ~/.ssh/authorized_keys on the vagrant box
Open up a new terminal window
ssh -p 2222 vagrant#127.0.0.1
You'll get the notice that the authenticity of the host (127.0.0.1:2222) could not be confirmed, and the question if you're sure you wanted to continue connecting. Answer yes.
Then open PSequel (Postgres) or Sequel Pro (MySQL) and configure it for SSH tunneling.
Host: 127.0.0.1
Port: 2222
User: vagrant
Identity File: ~/.ssh/id_rsa
Connect.
It's the confirmation step that needs to happen before you can connect via ssh.