SFTP keys

I'm trying to connect to a server using SFTP but getting the following error:

Reading private key file "C:\key"
Unable to use this key file (OpenSSH SSH-2 private key)
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed

What would be the problem here? The key works with regular sftp command.

I opened the private key in PuTTY Key Generator and pressed "save private key", saved as .ppk file. Select that in Dopus and get the following error:

Opening Connection IP_address:22
Opening Connection IP_address:22
Server version: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Directory_Opus
Server version: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
Server supports delayed compression; will try this later
Doing Diffie-Hellman group exchange
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Directory_Opus
Server supports delayed compression; will try this later
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 [fingerprint]
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Host key fingerprint is:
ssh-rsa 2048 [fingerprint]
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Reading private key file "C:\key.ppk"
Unable to load private key (PuTTY key format too new)
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed
Reading private key file "C:\key.ppk"
Unable to load private key (PuTTY key format too new)
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed

I tried saving the private key as well as .pub but I don't think it opened the original public key, when I select the public key to open first, I get an error.

Sorry about that. Give this version of PuttyGen.exe a try:

PUTTYGEN.zip (470.6 KB)

(You can check the exe's digital signature to verify it's legitimate and signed by the PuTTY author. It's just an older version.)

Okay, now it does not complain about key version.

Opening Connection IP_address:22
Opening Connection IP_address:22
Server version: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Directory_Opus
Server supports delayed compression; will try this later
Doing Diffie-Hellman group exchange
Server version: SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Directory_Opus
Server supports delayed compression; will try this later
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 [fingerprint]
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Host key fingerprint is:
ssh-rsa 2048 [fingerprint]
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Reading private key file "C:\key.ppk"
Reading private key file "C:\key.ppk"
Offered public key
Offered public key
Server refused our key
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed
Server refused our key
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed

Since it says that it's reading the private key file, it does not say that it's reading the public key file and I don't see where to specify that...
Sftp I guess takes the file because it's a default name but since I converted this to another format I would assume I need to convert the other key as well... I'm not too familiar with this.

It might mean the server doesn't like any of the encryption methods Opus supports (there are newer ones we don't support yet).

It would usually list the available protocols, rather than just "publickey", but if that is the underlying issue then there isn't a solution at the moment for servers that need newer encryption methods.

Any of these supported? Should all be the default ones...

ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
casignaturealgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

Currently supported algorithms:

KEX:

  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • rsa2048-sha256
  • rsa1024-sha1

Cipher:

  • Blowfish-256 SDCTR
  • Blowfish-128 CBC
  • single-DES CBC
  • triple-DES SDCTR
  • triple-DES SDCTR
  • triple-DES CBC
  • AES-256 SDCTR
  • AES-256 CBC
  • AES-192 SDCTR
  • AES-192 CBC
  • AES-128 SDCTR
  • AES-128 CBC
  • Arcfour-256
  • Arcfour-128

MAC:

  • HMAC-SHA-256
  • HMAC-SHA1
  • HMAC-SHA1-96
  • HMAC-MD5

Looks like at least one or more of these are supported, and says in the log that it's using them.

Also, server logs on DEBUG3 just say:

error: Received disconnect from IP_address port 40261:14: No supported authentication methods available [preauth]
Disconnected from authenticating user <username> IP_address port 40261 [preauth]

Is there any way I can fix this?

I'm not sure how to solve that, sorry. If the key wasn't working via other methods then the error messages would make me think the server doesn't like public key authentication at all, but that can't be true if it is working in another client.

Guess I'll have to stay on Linux with that one. Alright, thank you.

@Leo I just found out that there's a port of OpenSSH for Windows, here:

I tested the ssh.exe and scp.exe in the latest release, they both work where PuTTY would not. Is it possible to include this in Dopus instead or in addition and provide a GUI?

It's quite strange if the server won't work with PuTTY, even the latest version of PuTTY (which is newer than what's in Opus). PuTTY is extremely common.

Swapping out the SSH library we use is non-trivial, although it is something we're considering for other reasons (as the PuTTY code is not really designed to be a library and quite time consuming to keep up-to-date). It's not something we would do for compatibility with one server (and where the issue isn't really understood yet), but it's something that may happen anyway. Not in the extremely near future, however, as it's not a trivial change.

1 Like

I was using a Linux jump host till now, did not realize there was a Windows port - accessing everything from the main workstation is much more convenient than moving files around to a network share and copying off of it on a different host. Not to mention I cannot use Dopus during maintenance because SMB gets locked up lol.

I don't know why PuTTY doesn't accept the original files in the first place but needs conversion, seems like a kludge in an otherwise reliable app. I think PuTTY is screwing up something with the keys or I'm using the conversion tool incorectly.

The rough timeline I presume means the next couple of years?

We have upgraded the version of PuTTY our SSH support is based on in 12.26.3 beta - this apparently should support the new OpenSSH-format keyfiles, if you'd like to give it a try.

Sorry for the delay.
I've previously been unable to get it working with PuTTY, which is still on the same version as it was then, so any solution based on PuTTY will probably not work as well. When importing the key into PuTTY Key Generator, it only asks/takes my private key as far as I can tell.

Either I'm using it incorrectly or PuTTY doesn't support it. OpenSSH port for Windows works beautifully (scp.exe or ssh.exe), but no integration in Dopus.

PuTTY’s keygen tool can load and convert both public and private keys, if I remember correctly.

They would be done separately, except you usually only need the private key on the client side. The server side has the other half and is unlikely to need that to be in PuTTY’s key file format.

(You may also be able to derive the public key from the private key. It’s been a while since I did any of this. But you shouldn’t need the public key at all on the client side.)

I don't see where to load the public keys in the key generator, it only offers loading of private key, it can SAVE public key, but not load it, which doesn't help. I tried loading public key under private but it rejects it, of course ("Couldn't load private key (SSH-2 public key (OpenSSH format))").

It can indeed derive the public key from private, but it cannot sign it. It needs to send the genuine public key to the server to verify against CA.

You don't need to load or convert a public key at all. You only need the private key on the client side.

Think of the private key as the password. The public key is just the thing that the server (or anyone else) can use to verify you have the private key (without needing to know what the private key is).

If you only have the public key then you can't use that to log into a server, no matter what format it's in or which software you use.

If I have just public key, then it doesn't work, I need the public key as well, the server does not have my public key, it just verifies that the CA has signed it, whatever the actual public/private key is. If I remove the public key, then it does not work with OpenSSH either.