Using "OPENSSH" private key file in string with SSH.NET in C# fails with "invalid private key file"
Asked Answered
M

3

18

I'm not experienced with SFTP or OpenSSH. I am trying to connect to a client's SFTP to upload a file.

I am using the SSH.NET library – https://github.com/sshnet/SSH.NET

Within my C# code I have the private key in a string variable:

var key = @"-----BEGIN OPENSSH PRIVATE KEY-----
// snipped
-----END OPENSSH PRIVATE KEY-----
";

MemoryStream keyStream = new MemoryStream(Encoding.UTF32.GetBytes(key));

Renci.SshNet.ConnectionInfo conn = new Renci.SshNet.ConnectionInfo(
    host, 
    port,
    username, 
    new AuthenticationMethod[]
    {
         new PrivateKeyAuthenticationMethod(username, new PrivateKeyFile[]
         {
            new PrivateKeyFile(keyStream, ""), 
         }), 
    });

But I get an error:

invalid private key file.

My question is, I have seen other keys which begin BEGIN RSA but my key begins BEGIN OPENSSH – is this the issue?

Martinmartina answered 14/1, 2021 at 17:11 Comment(1)
yes, best practice is to store the key within the Azure app settings but even better would be KeyVault for much security! Then you can also further authenticate with KV with certain certs or identities to ensure no unauth access. I would put it in KeyVaultObla
C
38

You have two problems with your code:

  • The PrivateKeyFile class reads the key using StreamReader, which defaults to UTF8. Not UTF16. That's why the reading fails with the vague

    invalid private key file.

  • If you correct the Encoding.UTF32 to Encoding.UTF8, it will still fail though. As you have rightly guesses that the SSH.NET does not support the OPENSSH format.

    The latest SSH.NET 2020.0.1 supports the OPENSSH format for ssh-ed25519 keys only. It will say:

    openssh key type: ssh-rsa is not supported

    Older versions did not support this format at all, they will say:

    Key 'OPENSSH' is not supported

    These OPENSSH keys are generated by recent versions of OpenSSH (7.8 and newer).

    You can use ssh-keygen to convert the key to the classic OpenSSH format:

    ssh-keygen -p -f file -m pem -P passphrase -N passphrase
    

    (if the key is not encrypted with a passphrase, use "" instead of passphrase)

    For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10 and 11. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.


    On Windows, you can also use PuTTYgen (from PuTTY package):

    • Start PuTTYgen
    • Load the key
    • Go to Conversions > Export OpenSSH key.
      For RSA keys, it will use the classic format.

    If you are creating a new key with ssh-keygen, just add -m PEM to generate the new key in the classic format:

    ssh-keygen -m PEM
    

This works:

var key = @"-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAjQtUVe5ewYro8utRXqftODAg9zpqkP3+kmpVoIIXe27ga3jy
rUzJtCItx1jqjdZypcPrxB+8j2nUJj108Bw5y088OquGz/GhBk0uTN+/kQ7K4vnE
y7X4VuKDOloAAXRcyUZ621RWzM/Xp5M/lU6kuR+TtlMd1lpWmeKSNXhfP4gYaPMT
p/4+u247ng+HIwW9CLl5PGIO/AXImt/XyVMKMqw8IgGRKaYBBL2R9wLPBAYVzgHe
svfSDYdeNyh3XG+gbLgq2lmCYcq3wF//Ms3G/cTIm1ipeaeL89bTR9fYhLwQFdlp
UPy8wii/7jlfY/V+8EHQENNGZc3w0wPzP7EdkwIBJQKCAQBIbZoCnQA534xhEQ4b
2bEqsO5VcQZKdJd7nmNSbFE/YnM+G4OJbJ7tzFyyecSOBlaMeV1ktlnox6RK/Pbc
KiuEE+5+/iKiIiJBgZRQ/UayRd3OgEJ2cjNq4wUd9t1oh9yetX1b3zN97jB4pY9a
glSWailB81SC1HGo986KKQ5RDcA9cNa19uBEkUcTdcaph8wLcUDkT2PsavJt1wUF
0d8E3mKejDFMJJBt+642PdnrSK2N+3TtkEx2DxMAoQ5gPfaDWeN4QwbxDeNllfFM
BHj7ezL2N+U037fp/jAMyWVDaqN2leAakXkqQ73pdnvIsYHlxIvNTq0rFD64ELkT
ABq9AoGBAPG63tfV7Bzkd/iX5uIrjJY1UtbxhWMaoaF6tEJ+wZyEpcVEYWcFu0v2
20aFsdFWYFTe2vqkVcJpm3QjUJqBg6D7LWUBmy46VFlXhpvkp9g7I4xeRLT9xWVY
iwCgofyKw3Wa+aZWyBxt3DR2e+WKU5y4/dqAoprgGy3ChgSjM4DLAoGBAJVe2i3o
+3qUzeEIrxSf3H6HOT7fGaXsk+M8zDqrBjSki0sHMNedHMQ3tM/EUc6SnvWyPTZA
AlJSOllIg0eYxCzdiuJ1SUai4g9fp+u6HTkOzETJY7zfBhFM45AHkrh2r6z/u+Yk
yH57QeO+k2BgSDYZgdfX9cYW3C365BpqBCVZAoGBAOSp2bdpfnwyEJ8MO0SlvFa8
0dI+aWuVu30TNOT0cfTsLht4CRxDsSwus79AMpWW5YC3IitdLod4p865n0YLz4px
D0Pe7L0Gvn4Gr8PmIjs+3HAGJVFDFKv5z5jPTR9S1JHXyY+ChfFhALwBYHFZVgL0
LmboYnbT/gixFv13yO9zAoGAcQmCg5uN4DlB2rp2p9LsDLlbwOAvFcfJ3GVcSBK4
lopbkrlVZOWZOosFXvVuVyLZKKKPL/kWg3x/Ls8XPRmpNrV9285g9y8nnO5xPMQx
ylBjOvlEju32wPvqetVMb+sdKPjhOIqJ4yzX6p4OqcxSUnQq6IfA6O60ddKex+GG
mM0CgYAqm3oISjWhyq+4iN4C2eQXtAdAjkA7c0ZaHRFFapOI+ZqPXEi+oyhuPj4Z
ZeUcZkS9cYKkgRGDG33p1ZiR+iY7I6Qv8Seyu/oh75/lL0imiq7yKTmizL2WIow7
lT1yYNZJI/YNEdWPKOZl6kYsHliW8TaUk0yvDC/LPADabjvjzg==
-----END RSA PRIVATE KEY-----
";

MemoryStream keyStream = new MemoryStream(Encoding.UTF8.GetBytes(key));
new PrivateKeyFile(keyStream);

A related question: "Renci.SshNet.Common.SshException: Invalid private key file" when loading SSH private key from configuration string using SSH.NET.

Cataplasm answered 14/1, 2021 at 18:31 Comment(2)
Thanks Martin for your helpMartinmartina
If you are doing this on windows make sure the key file is using Unix file endings (\n) not Windows (\r\n) or ssh-keygen throws an errorBohman
K
-1

Had this problem as well.

Be sure to set your stream to position 0 using seek method or setting position = 0.

Looked in the SSH.Net code. When I don't set the position, it reads the stream and generates an empty string -- which is an invalid key, cleary. A better error would be nice . . .

Kwei answered 6/3, 2023 at 17:17 Comment(2)
What better error would you expect?Cataplasm
This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From ReviewShakira
E
-2

Sorry to say that spend hour in this open ssh issue..final fixed it by upgrading my ssh.net lib from 2016 to 2020.. it was my mistake didn't tried it before

Ecospecies answered 30/6, 2022 at 11:44 Comment(1)
What's what my answer says already.Cataplasm

© 2022 - 2025 — McMap. All rights reserved.