SFTP keys

Hi,

I'm currently in the trial period for DOpus, using 2.27, but I was having the same issues with public key / private key auth via SFTP that were happening on previous versions.

If I try to load the host's provided OpenSSH SSH-2 key directly, I get the expected error:

Unable to use this key file (OpenSSH SSH-2 private key (new format))

If I use the current version of puttygen.exe to load this key file and save it as a .ppk in the host's required DSA format, then DOpus throws these errors in the console:

Unable to load key (PuTTY key format too new)
...
Disconnected: No supported authentication methods available (server sent: publickey)

This occurs whether the private key file has a key passphrase assigned or not.

Using the old version of puttygen.exe linked in Leo's post from Jul 26, 2021 to generate the local private key in .ppk format does however work, even with a passphrase assigned to the key.

While I'm grateful to have a working solution, it's not ideal to have to keep an old version of puttygen around just for DOpus. May I please ask if you're planning to support the new format of ppk key file in the future?

Thanks for reporting that. We'll look into it. I'm surprised that the new puttygen format isn't working after the updates in 12.27.

In Puttygen, select the Parameters for saving key files command from the Key menu:

And change the key version to 2:

I have retested this with new Putty version, it now works with Putty as well, what am I supposed to do to get it working with Dopus 13? I still see only a place to configure one file in settings... Is this still unsupported?

Which error are you seeing? There have been a couple of different issues discussed in this thread.

Reading key file "C:\Test.ppk"
Unable to load key (PuTTY key format too new)
Unable to load key file "C:\Test.ppk" (PuTTY key format too new)
Using username "root".
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed

However only one file is able to be selected, unless I'm missing something...

The key needs to be saved out in V2 format, as Jon showed above.

Load it into PuttyGen, set the format to V2, then save it back out again.

You only need to select one file: the V2 version of the key.

Saving a V2 version of it doesn't break the V3 version; you can use them both in different software (or can probably use the V2 key in everything if you want only one file).

Using v2 format:

Reading key file "C:\Test.ppk"
Using username "root".
Offered public key
Server refused our key
Server refused our key
Disconnected: No supported authentication methods available (server sent: publickey)
SSH: Fatal: Disconnected: No supported authentication methods available (server sent: publickey)
Connection closed

I have this same issue. I tried OpenSSH and format is too new:

Unable to use this key file (OpenSSH SSH-2 private key (new format))
Unable to use key file "C:\Users\Atenosis\Documents\SuperPuTTY\vm1.txt" (OpenSSH SSH-2 private key (new format))

Then I tried PuTTYgen and it is also too new:

Unable to load key (PuTTY key format too new)
Unable to load key file "C:\Users\Atenosis\Documents\SuperPuTTY\rsa.ppk" (PuTTY key format too new)

Finally, I tried saving the key to PuTTy v2 rather than v3, but my server won't accept v2 keys.

Reading key file "C:\Users\Atenosis\Documents\SuperPuTTY\vm1.rsa-v2.ppk"
Using username "akutra".
Offered public key
Server refused our key
Server refused our key

Also, I tried the keys with FileZilla, PuTTy, SuperPuTTy as well as Ubuntu SSH from the bash shell and the keys work fine, but the server does not accept v2 keys.

AFAIK key version is just the local file format. It shouldn’t make a difference to the server. It may be rejecting it for a different reason.

We’ll be replacing the SFTP code with a new library that supports new key formats, if that is the issue.

Even if the key version issue is solved, I still won't be able to connect as there is no way to specify the second file...

There's only ever one private key that needs specifying. The other file in the pair is a public key which isn't relevant on this side of the connection; that's what the server uses to identify your account.

It doesn't work without the other file In Putty either, needs both. Server needs the other one to verify I've been allowed to access.

1 Like

What is this second file? What generated it, and how was it made? Where do you put it into Putty?

That second file is the signed public key of the SSH client. It was generated by OpenSSH and you put it in the authentication credentials in PuTTY:

image

1 Like

Ah, thanks. I hadn't encountered that before. From reading the Putty docs, it's an alternative to making the server trust the actual key, by allowing the server to trust any key signed by a certificate authority.

Hopefully we can add support for that when we switch to the new SFTP library. I haven't looked at this particular detail with it yet, but the library we're going to use seems comprehensive.

Yeah, that's it, it's very convenient because there's only one-time setup, it trusts the CA and you can add as many additional keys as you like without configuration on the server side. Would be great to be able to use Dopus for it finally!

1 Like

I look forward to the new SFTP library and I hoping it supports the newer keys. Any Idea how far along that is? Mostly because I really like DOpus and would like faster SFTP transfer. I prefer just to use DOpus rather than multiple tools.

I'm using dopus 13.4 and I've this problem of not beaing able to use my ppk key for authentication to ssh/sftp server (amazon AWS istance). Can this module be updated? I've bought this functionality to not use WinSCP. Thank you in advance.

I'm using DOpus and sftp to an AWS EC2 instance and it is working well.