@ansgar Private key can have (and usually have) a password to protect them (it's usually called "Passphrase").
And remote systems may be setup to allow access only with private keys, without requiring a password.
For instance, here's how I've been able to connect to a remote MySQL instance in such a server:
- Launch plink in a cmd.exe session:
plink.exe MyRemoteHost -ssh -N -P 22 -l MyUserName -i "private-key.ppk" -L 127.0.0.1:3307:127.0.0.1:3306 -noagent
- Here's the output:
Using username "MyUserName".
Passphrase for key "XYZ":
(where XYZ is the optional key comment saved in the private key file)
I enter the private key passphrase and I'm ready to connect to the remote MySQL instance via 127.0.0.1:3307
One important thing to be noted (for @borislavsabev) is that the private key myst be in PuTTY format, not in OpenSSH format.
My private key file (in PuTYTY format) is something like this:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: XYZ
Public-Lines: 6
...some chars...
Private-Lines: 14
...some chars...
Private-MAC: ...some chars...
whereas private keys in OpenSSH format are usually something like
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: ...some chars...
...some chars...
-----END RSA PRIVATE KEY-----
You can use PuTTYgen to convert your private key to/from putty <-> openssh format (as well as to create new private keys).