Cannot connect with SFTP plugin using a private key file

[mmatrosov]

I create a new SFTP connection and specify a private key file (*.pem). When I am trying to connect, the progress bar goes to "Getting supported authentication methods..." step and then disappears. Nothing happens then.

If I auth with Pageant, the connection works fine.

[Dalai]

Does your private key file (.pem) look like this

Code: Select all

-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----

?
Can you use the same key file in a different SSH client (like 'ssh' command on any Linux or maybe WinSCP)? How did you generate the key pair? Note that PuTTY (.ppk) files won't work.

Regards
Dalai

[sqa_wizard]

Do a doubleclick on the tiny window above the drive button bar to have a look at the created log located at:
c:\Users\<your name>\AppData\Local\Temp\_tc\wcftplog.txt

[mmatrosov]

Does your private key file (.pem) look like this?

Yes.

Can you use the same key file in a different SSH client (like 'ssh' command on any Linux or maybe WinSCP)?

Yes. I tried with windows ssh and with WinSCP.

How did you generate the key pair?

AWS generated it for me.

Do a doubleclick on the tiny window above the drive button bar to have a look at the created log located at:

Can't find anything like this, sorry.

c:\Users\<your name>\AppData\Local\Temp\_tc\wcftplog.txt

The _tc directory is there but it is empty.

[sqa_wizard]

It is a little bit tricky to see the log if the connection fails.
Just have to know that the log is continued with each connection (sftp or ftp).

First try your bad connection without success.
Next try another one which is save (e.g. FTP to ftp.mozilla.org (anonymous user) )
While this connection is established do a doubleclick on the tiny window above the drive button bar to have a look at the created log (incl. the failed sftp)

[mmatrosov]

First try your bad connection without success.
Next try another one which is save (e.g. FTP to ftp.mozilla.org (anonymous user) )
While this connection is established do a doubleclick on the tiny window above the drive button bar to have a look at the created log (incl. the failed sftp)

Ok, it worked. But there isn't much there:

Code: Select all

DISCONNECT \MYHOST
========================
Connecting to: 11.22.33.44
IP address: 11.22.33.44:22
Server fingerprint:
73 61 5A A6 0C 90 E3 CA DC 25 80 25 13 5A 5C 0C
Supported authentication methods: publickey,gssapi-keyex,gssapi-with-mic
========================

[NoSubstitute]

SFTP plugin works for me, as I just tested with an exported putty key, and I could connect fine, without the putty agent.

[UncleBO]

Hello.
I hope you can help me. Probably after updating to TC 10 (not sure however) my SFTP connection started reporting "Authentication of client certificate failed" after I enter correct passphrase in the corresponding window. Nothing happened to public/private files on my Windows 10 PC. When this isuue started to happen I've updateed to version 2.80 of SFTP plugin. Updating to the latest version didn't solve my problem. Putty connects OK using the same keyset.
Public key looks like "ssh-rsa AAAA........." while private key looks like
"-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,FDF6CAA8B0D04843

RVMQHLjD1rPeDzbaaOChBOo0Dhu2vi9sWjybiEQy6o5q5/lT9HljDOfEyrLwXnYS
many lines
-----END RSA PRIVATE KEY-----".
Any ideas?

[NoSubstitute]

That's what the keys should look like.
SFTP plugin (2.80) works fine for me.

[UncleBO]

2NoSubstitute
What TC and Windows versions do you run?

[NoSubstitute]

TC x64 10.00
Windows 10, 19043.1288

[Dalai]

2UncleBO
It looks like your private key has a password. Did you try a private key without password? As per my quick tests, it should also work with password, but I'd start with small steps.

Regards
Dalai

[UncleBO]

2Dalai
Thanks for answering. It worked OK with a password in private key earlier. I don't understand what happened and when. It maybe a server update (hosting provider is Pair) or my Windows 10 got an update which "confused" SFTP plugin. Anyway, I removed a password from my private key but that didn't help. By the way I got the same "Authentication of client certificate failed" error on another Windows 10 PC with TC10 with SFTP 2.80 as well. My colleague on Mac doesn't experience such behavior. And Putty on my PC connects OK with the same keyset while TC10 with SFTP 2.80 doesn't. I tried TC9.5 with SFTP 2.80 - no luck. I'm using Windows 10.0.19043.1288. Any more ideas?

[Dalai]

Did you try the SFTP plugin's XP version? You may need additional OpenSSL DLLs but it works without the Windows encryption (SChannel?) components.

BTW, I don't know how you use the same keyset in PuTTY since PuTTY uses its own .ppk files, not separate private/public key files in OpenSSH format like the SFTP plugin does. It might have been converted to the other format, and technically they have the same fingerprint, but IMO it's still not the same.

Regards
Dalai

[ghisler(Author)]

First, the SFTP plugin does support encrypted private keys, and it is advised to use them.

Second, it may be a mismatch between the used encryption method and host key. Your key is RSA, but your server may be using elliptic curves for the key exchange. You may need to create a new private key for the used encryption method.