Summary:
I want to SFTP a file from one server to another, authorizing with a private-key.
I believe the public key is installed correctly (WinSCP lets me log in with private key), and I deliberately did not create a passphrase when generating the key-pair…. but when I try to SFTP on the command line, I'm prompted for both the non-existent passphrase and the user password.
How can I SFTP with just the unwrapped private-key?
Details:
I have two servers:
-
toServer123
-
fromServer123
I want to SFTP a file from one server to another, using a private-key login.
-
I generate a public-private key pair using puttyGen:
- after providing the prompted random movement, I save the public and private key
- I leave the passphrase field blank and choose 'yes' when prompted about unencrypted private key
-
I install the public key on toServer123:
- I create a user paultest with password 'password123'
- I test that I can ssh into toServer123 as user paultest
- I create /home/paultest/.ssh/authorized_keys and add the public key
-
The public key looks like:
cat /home/paultest/.ssh/authorized_keys
#=>ssh-rsa verylongstringoflettersandnumbersNoNewlines paultest@toServer123
-
I chmod permissions: authorized_keys (644), .ssh (700)
-
I install the private key on the fromServer123:
-
I create dir: /home/support_user/sftp_proc (chmod 700)
-
I upload my_private_key.ppk (chmod 600) to /sftp_proc
-
I create file text.txt in /sftp_proc which just contains "this is a test"
-
-
as support_user, I try to SFTP to toServer123 from fromServer123:
sftp -oIdentityFile=./my_private_key.ppk paultest@toServer123
What I expect:
I get logged into the server without further prompt, since I'm logging in with an unwrapped key file.
What I get:
Connecting to toServer123...
Unauthorized access to or use of this system is prohibited.
All access and use may be monitored and recorded.
Enter passphrase for key './my_private_key.ppk':
I just hit enter, and get:
paultest@toServer123's password:
Debugging steps:
-
If I provide the paultest password, the SFTP works – but I don't want to use a password, I want to log in with a private key
-
If I try to log in using winSCP and provide the private key, I am able to log in with just that – I get no passphrase or password prompts.
Question:
What am I doing wrong, if my goal is to log in without providing a password, and without being prompted for the non-existing passphrase?
Edit
my_private_key.ppk looks like:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20190528
Public-Lines: 6
LOTSOFLETTERSabcSYMBOLS//++ANDNUMBERS123==
Private-Lines: 14
EVENEVENMORELOTSOFLETTERSabcSYMBOLS//++ANDNUMBERS123==
Private-MAC: cf6c5c786f51a623b28eabe226c98dd6faa09787
Best Answer
AFAIK
sftp
expect different format of key. The keys of OpenSSH should look like:So you should convert your ppk key to RSA key. Here is how to use putty utils to do it