3

Summary:

I want to SFTP a file from one server to another, authorizing with a private-key.

I believe the public key is installed correctly (WinSCP lets me log in with private key), and I deliberately did not create a passphrase when generating the key-pair.... but when I try to SFTP on the command line, I'm prompted for both the non-existent passphrase and the user password.

How can I SFTP with just the unwrapped private-key?

Details:

I have two servers:

  • toServer123

  • fromServer123

I want to SFTP a file from one server to another, using a private-key login.

  1. I generate a public-private key pair using puttyGen:

    • after providing the prompted random movement, I save the public and private key
    • I leave the passphrase field blank and choose 'yes' when prompted about unencrypted private key

  2. I install the public key on toServer123:

    • I create a user paultest with password 'password123'
    • I test that I can ssh into toServer123 as user paultest
    • I create /home/paultest/.ssh/authorized_keys and add the public key

    • The public key looks like:

      cat /home/paultest/.ssh/authorized_keys #=>

      ssh-rsa verylongstringoflettersandnumbersNoNewlines paultest@toServer123

    • I chmod permissions: authorized_keys (644), .ssh (700)

  3. I install the private key on the fromServer123:

    • I create dir: /home/support_user/sftp_proc (chmod 700)

    • I upload my_private_key.ppk (chmod 600) to /sftp_proc

    • I create file text.txt in /sftp_proc which just contains "this is a test"

  4. as support_user, I try to SFTP to toServer123 from fromServer123: 

    sftp -oIdentityFile=./my_private_key.ppk paultest@toServer123

What I expect:

I get logged into the server without further prompt, since I'm logging in with an unwrapped key file.

What I get: 

Connecting to toServer123... Unauthorized access to or use of this system is prohibited. All access and use may be monitored and recorded. Enter passphrase for key './my_private_key.ppk':

I just hit enter, and get: 

paultest@toServer123's password:

Debugging steps:

  • If I provide the paultest password, the SFTP works - but I don't want to use a password, I want to log in with a private key

  • If I try to log in using winSCP and provide the private key, I am able to log in with just that - I get no passphrase or password prompts.

Question:

What am I doing wrong, if my goal is to log in without providing a password, and without being prompted for the non-existing passphrase?

Edit

my_private_key.ppk looks like: 

PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20190528 Public-Lines: 6 LOTSOFLETTERSabcSYMBOLS//++ANDNUMBERS123== Private-Lines: 14 EVENEVENMORELOTSOFLETTERSabcSYMBOLS//++ANDNUMBERS123== Private-MAC: cf6c5c786f51a623b28eabe226c98dd6faa09787
Improve this question
4
  • 1
    What does the ./my_private_key.ppk look like? Commented May 29, 2019 at 6:33
  • @MartinPrikryl I added the format of the .ppk file to the question - does that look correct? Commented May 29, 2019 at 9:09
  • OK, then the answer by @Romeo is correct. Commented May 29, 2019 at 9:12
  • 1
    @MartinPrikryl Right you are - I converted the private key and it worked! Commented May 29, 2019 at 9:16

1 Answer 1

Reset to default
7

AFAIK sftp expect different format of key. The keys of OpenSSH should look like:

-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAyGhJBM7lcIZgvTbLG4S2N1oHAIszqAKKysCQY17Fp0dHvL+A 8mVCYwKL0otQfS2FHmmeRfrpLQtaK7R/DFnxfXn8xczpY8Cn6sv+GUjztN0gacOK Yyiymnfr4mKgSaRIaJDmi3ua8mlddvwtUJFkAt7WrVAgx0z4MkW5jR+riKnT69D+ <snip> YFbX0QKBgFTXQ+h79DR4ZwW/f5pop9v8H7GD+g/xRKadgFp4GTKA7RJx64XN/ok+ 12+u6pApA8w+ah2K2yoaBIV1d3MatYfUwSJ+0esXTYczBeSXOg6YqrMqjZ4KH2wO kOyu2/4Dq7VcuK4PSnF1wbd+ZPHffh+YOJIII4iU7fYoRMDHa3tW -----END RSA PRIVATE KEY-----

So you should convert your ppk key to RSA key. Here is how to use putty utils to do it

Improve this answer
5
  • If a wrong key format is used, it would say "invalid format", and not prompt for a passphrase Commented May 29, 2019 at 6:58
  • 2
    OK, I get "invalid format" with OpenSSH 7.7. But if I use an older version of OpenSSH, like 5.3, I indeed get a prompt for a passphrase. +1 Commented May 29, 2019 at 9:13
  • 1
    You nailed it - format of the private-key was incorrect. The default private-key generated by puttyGen worked in software like WinSCP, but not in whatever version of SFTP was installed on my server. Thank you! :) Commented May 29, 2019 at 9:16
  • @MartinPrikryl don't worry I will. I am competing the task first, In case there's any extra information I can add into the question before I close it. Commented May 29, 2019 at 10:09
  • 1
    @MartinPrikryl, fine, I won't add anything else. it's marked answered now. Thanks for your help. Please stop messaging me. Commented Jun 10, 2019 at 13:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.