PuTTY’s keygen tool can load and convert both public and private keys, if I remember correctly.
They would be done separately, except you usually only need the private key on the client side. The server side has the other half and is unlikely to need that to be in PuTTY’s key file format.
(You may also be able to derive the public key from the private key. It’s been a while since I did any of this. But you shouldn’t need the public key at all on the client side.)
I don't see where to load the public keys in the key generator, it only offers loading of private key, it can SAVE public key, but not load it, which doesn't help. I tried loading public key under private but it rejects it, of course ("Couldn't load private key (SSH-2 public key (OpenSSH format))").
It can indeed derive the public key from private, but it cannot sign it. It needs to send the genuine public key to the server to verify against CA.
You don't need to load or convert a public key at all. You only need the private key on the client side.
Think of the private key as the password. The public key is just the thing that the server (or anyone else) can use to verify you have the private key (without needing to know what the private key is).
If you only have the public key then you can't use that to log into a server, no matter what format it's in or which software you use.
If I have just public key, then it doesn't work, I need the public key as well, the server does not have my public key, it just verifies that the CA has signed it, whatever the actual public/private key is. If I remove the public key, then it does not work with OpenSSH either.
Hi,
I'm currently in the trial period for DOpus, using 2.27, but I was having the same issues with public key / private key auth via SFTP that were happening on previous versions.
If I try to load the host's provided OpenSSH SSH-2 key directly, I get the expected error:
Unable to use this key file (OpenSSH SSH-2 private key (new format))
If I use the current version of puttygen.exe to load this key file and save it as a .ppk in the host's required DSA format, then DOpus throws these errors in the console:
Unable to load key (PuTTY key format too new)
...
Disconnected: No supported authentication methods available (server sent: publickey)
This occurs whether the private key file has a key passphrase assigned or not.
Using the old version of puttygen.exe linked in Leo's post from Jul 26, 2021 to generate the local private key in .ppk format does however work, even with a passphrase assigned to the key.
While I'm grateful to have a working solution, it's not ideal to have to keep an old version of puttygen around just for DOpus. May I please ask if you're planning to support the new format of ppk key file in the future?
Thanks for reporting that. We'll look into it. I'm surprised that the new puttygen format isn't working after the updates in 12.27.
In Puttygen, select the Parameters for saving key files command from the Key menu:
And change the key version to 2:
I have retested this with new Putty version, it now works with Putty as well, what am I supposed to do to get it working with Dopus 13? I still see only a place to configure one file in settings... Is this still unsupported?
Which error are you seeing? There have been a couple of different issues discussed in this thread.
Reading key file "C:\Test.ppk"
Unable to load key (PuTTY key format too new)
Unable to load key file "C:\Test.ppk" (PuTTY key format too new)
Using username "root".
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed
However only one file is able to be selected, unless I'm missing something...
The key needs to be saved out in V2 format, as Jon showed above.
Load it into PuttyGen, set the format to V2, then save it back out again.
You only need to select one file: the V2 version of the key.
Saving a V2 version of it doesn't break the V3 version; you can use them both in different software (or can probably use the V2 key in everything if you want only one file).
Using v2 format:
Reading key file "C:\Test.ppk"
Using username "root".
Offered public key
Server refused our key
Server refused our key
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed
I have this same issue. I tried OpenSSH and format is too new:
Unable to use this key file (OpenSSH SSH-2 private key (new format))
Unable to use key file "C:\Users\Atenosis\Documents\SuperPuTTY\vm1.txt" (OpenSSH SSH-2 private key (new format))
Then I tried PuTTYgen and it is also too new:
Unable to load key (PuTTY key format too new)
Unable to load key file "C:\Users\Atenosis\Documents\SuperPuTTY\rsa.ppk" (PuTTY key format too new)
Finally, I tried saving the key to PuTTy v2 rather than v3, but my server won't accept v2 keys.
Reading key file "C:\Users\Atenosis\Documents\SuperPuTTY\vm1.rsa-v2.ppk"
Using username "akutra".
Offered public key
Server refused our key
Server refused our key
Also, I tried the keys with FileZilla, PuTTy, SuperPuTTy as well as Ubuntu SSH from the bash shell and the keys work fine, but the server does not accept v2 keys.
AFAIK key version is just the local file format. It shouldn’t make a difference to the server. It may be rejecting it for a different reason.
We’ll be replacing the SFTP code with a new library that supports new key formats, if that is the issue.
Even if the key version issue is solved, I still won't be able to connect as there is no way to specify the second file...
There's only ever one private key that needs specifying. The other file in the pair is a public key which isn't relevant on this side of the connection; that's what the server uses to identify your account.
It doesn't work without the other file In Putty either, needs both. Server needs the other one to verify I've been allowed to access.
What is this second file? What generated it, and how was it made? Where do you put it into Putty?
That second file is the signed public key of the SSH client. It was generated by OpenSSH and you put it in the authentication credentials in PuTTY:
Ah, thanks. I hadn't encountered that before. From reading the Putty docs, it's an alternative to making the server trust the actual key, by allowing the server to trust any key signed by a certificate authority.
Hopefully we can add support for that when we switch to the new SFTP library. I haven't looked at this particular detail with it yet, but the library we're going to use seems comprehensive.