Connecting to SFTP using only a private key

Question

Question

Vermon Ferre · Dec 9, 2020

I am trying to connect to an external SFTP. They have our public key and I have the private key which is password protected. I have the credentials set to the sftp username and the password to the private key.

If I set the private key only, I get a username/password error connecting. If I set both the public and private key files, I get the error below:

ERROR #7510: SSH Error '-19': SSH Error [80101013]: Callback returned error [80101013] at Session.cpp:418,0

I have this working perfectly using filezilla, however I can't get it to work with EnsLib.FTP.PassthroughService. The SSL Configuration is !SFTP.

Can anyone help me out?

Thanks.

$ZV: Cache for Windows (x86-64) 2018.1.2 (Build 309_5_19701U) Tue Mar 10 2020 04:28:03 EDT

Discussion (4)0

Log in or sign up to continue

Vic Sun · Dec 10, 2020

Hello Vermon,

To be clear, SFTP "private key authentication" is really key pair authentication, meaning you need both a private and public key configured. If you just have 1 or the other configured, your service will attempt username authentication instead. The need for both keys is intrinsic to SFTP and is not Caché specific.

Settings for the FTP Inbound Adapter > SSL Config

"Once you indicate you are using SFTP, you can then configure the SFTPPublicKeyFile and SFTPPrivateKeyFile settings. If you supply values for both SFTP Public Key File and SFTP Private Key File, the adapter attempts key pair authentication. It does this in conjunction with the username and password supplied via the Credentials setting, using the password in the Credentials as the passphrase for the private key."

I'd suggest reviewing the following article for suggestions on how you can debug why the key pair authentication is failing:

https://community.intersystems.com/post/using-and-debugging-netsshsession-ssh-connections

Hope that helps!

0 0

Vermon Ferre · Dec 10, 2020

Vic,

First of all, thank you for your reply and for that link. I have tried a few things and it ended up that the issue was my private key. The private key was OPENSSH while the requirement was an RSA key. After converting to RSA, the connection went through fine.

For reference, I used the command

ssh-keygen -p -P "old passphrase" -N "new passphrase" -m pem -f path/to/key

0 0

score 0 · Answer 1 · 2020-12-10T14:56:23-05:00

Great, glad you were able to figure that out. The page I linked documents that the private key need to be in PEM format (your command seems to be taking that into account) and public key in OpenSSH format, which presumably you already had correct.

Key formats are definitely a common gotcha!

score 0 · Answer 2 · 2022-01-05T17:26:31-05:00

Brooke Bell · Jan 5, 2022

Make sure you Prive Key Path is set to the the same SSH file path in Filezilla.

0 0