SFTP – Fix ‘Asks for Passphrase for Unencrypted Private Key’ Issue

linuxprivate-keyredhatsftp

Summary:

I want to SFTP a file from one server to another, authorizing with a private-key.

I believe the public key is installed correctly (WinSCP lets me log in with private key), and I deliberately did not create a passphrase when generating the key-pair…. but when I try to SFTP on the command line, I'm prompted for both the non-existent passphrase and the user password.

How can I SFTP with just the unwrapped private-key?

Details:

I have two servers:

  • toServer123

  • fromServer123

I want to SFTP a file from one server to another, using a private-key login.

  1. I generate a public-private key pair using puttyGen:

    • after providing the prompted random movement, I save the public and private key
    • I leave the passphrase field blank and choose 'yes' when prompted about unencrypted private key

  2. I install the public key on toServer123:

    • I create a user paultest with password 'password123'
    • I test that I can ssh into toServer123 as user paultest
    • I create /home/paultest/.ssh/authorized_keys and add the public key

    • The public key looks like:

      cat /home/paultest/.ssh/authorized_keys #=>

      ssh-rsa verylongstringoflettersandnumbersNoNewlines paultest@toServer123

    • I chmod permissions: authorized_keys (644), .ssh (700)

  3. I install the private key on the fromServer123:

    • I create dir: /home/support_user/sftp_proc (chmod 700)

    • I upload my_private_key.ppk (chmod 600) to /sftp_proc

    • I create file text.txt in /sftp_proc which just contains "this is a test"

  4. as support_user, I try to SFTP to toServer123 from fromServer123: 

    sftp -oIdentityFile=./my_private_key.ppk paultest@toServer123

What I expect:

I get logged into the server without further prompt, since I'm logging in with an unwrapped key file.

What I get: 

Connecting to toServer123...

Unauthorized access to or use of this system is prohibited.
All access and use may be monitored and recorded.

Enter passphrase for key './my_private_key.ppk':

I just hit enter, and get: 

paultest@toServer123's password:

Debugging steps:

  • If I provide the paultest password, the SFTP works – but I don't want to use a password, I want to log in with a private key

  • If I try to log in using winSCP and provide the private key, I am able to log in with just that – I get no passphrase or password prompts.

Question:

What am I doing wrong, if my goal is to log in without providing a password, and without being prompted for the non-existing passphrase?

Edit

my_private_key.ppk looks like: 

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20190528
Public-Lines: 6
LOTSOFLETTERSabcSYMBOLS//++ANDNUMBERS123==
Private-Lines: 14
EVENEVENMORELOTSOFLETTERSabcSYMBOLS//++ANDNUMBERS123==
Private-MAC: cf6c5c786f51a623b28eabe226c98dd6faa09787

Best Answer

AFAIK sftp expect different format of key. The keys of OpenSSH should look like:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAyGhJBM7lcIZgvTbLG4S2N1oHAIszqAKKysCQY17Fp0dHvL+A
8mVCYwKL0otQfS2FHmmeRfrpLQtaK7R/DFnxfXn8xczpY8Cn6sv+GUjztN0gacOK
Yyiymnfr4mKgSaRIaJDmi3ua8mlddvwtUJFkAt7WrVAgx0z4MkW5jR+riKnT69D+
<snip> 
YFbX0QKBgFTXQ+h79DR4ZwW/f5pop9v8H7GD+g/xRKadgFp4GTKA7RJx64XN/ok+
12+u6pApA8w+ah2K2yoaBIV1d3MatYfUwSJ+0esXTYczBeSXOg6YqrMqjZ4KH2wO
kOyu2/4Dq7VcuK4PSnF1wbd+ZPHffh+YOJIII4iU7fYoRMDHa3tW
-----END RSA PRIVATE KEY-----

So you should convert your ppk key to RSA key. Here is how to use putty utils to do it

Related Topic