Happy New Year and welcome back! Hopefully this will be an easy one, but I cannot figure it out. I am being asked to make an sFTP connection to a server, and provide both a password AND a SSH private key.
I have generated a private key using PuTTY on my laptop, and copied it to the server where I am using Automise. As it is a PuTTY file, the key file extension is .ppk, but I tried changing the file extension to .pem to see if it would work - no luck.
I am getting a “Private Key is invalid” message. Are private keys specific to the machine that they were generated on?
Just thought of something else: PuTTY has several options for the type of SSH key being generated - RSA, DSA, ECDSA, EdDSA, SSH-1 (RSA)
Happy New year. As it turned out, this was not an easy one
The first issue I encountered when testing this was the same one you found “Private Key is invalid”. Putty changed the ppk file format in 2021 and the library we use does not support ppk v3 (the new default). The work around is the change the export format to v2, from the Key menu, “Parameters for saving key files…” change PPK file version 2
Then export the ppk again. You also need to export the public key and give that to your sftp server admin to copy into the authorized_keys file for you user (assuming the server is openssh).
The next challenge you might encounter (I did) is
Error: FTP Error Code 114.
Failed to connect to remote server. Code [96258] Message [Unknown error (0x17802)]
looking at the logs on the server (Server Software : OpenSSH_8.9p1 Ubuntu-3ubuntu0.5)
cat /var/log/auth.log | grep "userauth_pubkey"
Jan 3 22:23:27 hostname sshd[93401]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Some googling tells me that openssh doesn’t like the putty v2 keys
After adding
PubkeyAcceptedAlgorithms=+ssh-rsa
to /etc/ssh/sshd_config
and restarting sshd I was able to login using the private key with Automise.
You might encounter some pushback from the server admin on this and unfortunately at this stage we don’t have a fix for this - we are in the process of rewriting the sftp actions using a different library for v6 but that isn’t ready for testing just yet.
Lastly, one alternative is to use the WinSCP action, however that requires that you learn how to use the WinSCP scripting commands
Your research helped an awful lot. Part of the issue was that the connection was being blocked by our IT firewall software, which you had no way of knowing, but even after that I ran into the exact issues that you mentioned. However, I was able to work with the folks on the server side to resolve the issues. I sent them the public key generated by PuTTYgen, and we got the process to work. Many thanks for your hard work and detailed answers.
