Question
Vermon Ferre · Dec 9, 2020

Connecting to SFTP using only a private key

I am trying to connect to an external SFTP. They have our public key and I have the private key which is password protected. I have the credentials set to the sftp username and the password to the private key.

If I set the private key only, I get a username/password error connecting. If I set both the public and private key files, I get the error below:

ERROR #7510: SSH Error '-19': SSH Error [80101013]: Callback returned error [80101013] at Session.cpp:418,0

I have this working perfectly using filezilla, however I can't get it to work with EnsLib.FTP.PassthroughService. The SSL Configuration is !SFTP.

Can anyone help me out?

Thanks.

$ZV: 
Cache for Windows (x86-64) 2018.1.2 (Build 309_5_19701U) Tue Mar 10 2020 04:28:03 EDT
00
1 0 3 81

Replies

Hello Vermon,

To be clear, SFTP "private key authentication" is really key pair authentication, meaning you need both a private and public key configured. If you just have 1 or the other configured, your service will attempt username authentication instead. The need for both keys is intrinsic to SFTP and is not Caché specific.

Settings for the FTP Inbound Adapter > SSL Config

"Once you indicate you are using SFTP, you can then configure the SFTPPublicKeyFile and SFTPPrivateKeyFile settings. If you supply values for both SFTP Public Key File and SFTP Private Key File, the adapter attempts key pair authentication. It does this in conjunction with the username and password supplied via the Credentials setting, using the password in the Credentials as the passphrase for the private key."

I'd suggest reviewing the following article for suggestions on how you can debug why the key pair authentication is failing:

https://community.intersystems.com/post/using-and-debugging-netsshsession-ssh-connections

Hope that helps!

Vic,

First of all, thank you for your reply and for that link. I have tried a few things and it ended up that the issue was my private key. The private key was OPENSSH while the requirement was an RSA key. After converting to RSA, the connection went through fine.

For reference, I used the command 

ssh-keygen -p -P "old passphrase" -N "new passphrase" -m pem -f path/to/key

Great, glad you were able to figure that out. The page I linked documents that the private key need to be in PEM format (your command seems to be taking that into account) and public key in OpenSSH format, which presumably you already had correct.

Key formats are definitely a common gotcha!