OpenSSH SSH2 private key :: Support Forum

Kino Guest

OpenSSH SSH2 private key

2004-06-24 23:59

I can't connect using SSH2 private key :( But it works with Secure CRT & SecureFX programs. Did I do something wrong or WinSCP don't support this method?

Authentication log (see session log for details):
Using username "test".
Unable to use key file "C:\Documents and Settings\user\Desktop\.ssh\id_dsa" (OpenSSH SSH2 private key)
No supported authentication methods left to try!

Connection has been unexpectedly closed. Server sent command exit status 0.

. Looking up host "192.168.0.22"
. Connecting to 192.168.0.22 port 22
. Server version: SSH-2.0-OpenSSH_3.5p1 FreeBSD-20030924
. We claim version: SSH-2.0-WinSCP-release-3.6.1
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-dss 1024 dd:b9:a8:29:0a:d8:22:3c:cc:52:36:f9:32:e8:51:cf
. Initialised AES-256 client->server encryption
. Initialised AES-256 server->client encryption
! Using username "test".
. Reading private key file "C:\Documents and Settings\user\Desktop\.ssh\id_dsa"
. Unable to use this key file (OpenSSH SSH2 private key)
! Unable to use key file "C:\Documents and Settings\user\Desktop\.ssh\id_dsa" (OpenSSH SSH2 private key)
! No supported authentication methods left to try!
. No supported authentications offered. Disconnecting
* (ESshFatal) Authentication failed.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 42,164
Location:: Prague, Czechia

Re: [problem] OpenSSH SSH2 private key

2004-06-25

You need to convert your OpenSSH key to PuTTY format. Use PuTTYgen tool.
https://winscp.net/eng/docs/ui_puttygen#other_formats

Edit 2022: WinSCP now can convert the key on its own, when you select OpenSSH key in session settings:
https://winscp.net/eng/docs/ui_login_authentication#private_key

Reply with quote

Kino Guest

Re: [problem] OpenSSH SSH2 private key

2004-06-25 15:33

Thanx :)

Reply with quote

DoNoEvil Guest

Re: [problem] OpenSSH SSH2 private key

2012-08-06 22:15

puttygen id_dsa -o id_dsa.ppk

will convert the OpenSSH key to one PuTTY understands.

Reply with quote

PLEP Guest

Unsupported cipher

2015-05-29 14:50

Hi Martin,

I'm using Core FTP and on the other side they are using WinSCP.
I tried to convert a SSH private key to a PuTTY using PuTTYgen.
I got a error message "Couldn't load private key (unsupported cipher)"

Need help. Thanks

Reply with quote

martin◆ Site Admin

Re: Unsupported cipher

2015-06-02

@PLEP: What cipher does your key use?
Can you post the key header?

Reply with quote

PLEP Guest

Re: Unsupported cipher

2015-06-02 14:03

Hi

Cipher method when using 'Generate key pair' on Core FTP server side (not possible to change it)

Here is the header:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CFB

Thanks

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 42,164
Location:: Prague, Czechia

Re: Unsupported cipher

2015-06-05

@PLEP: Are you sure you do not confuse server's host key with your account private key? Account private keys should not be generated on server-side.

Anyway, PuTTYgen does not support this cipher indeed. You would need to re-encrypt the key using another tool before you will be able to import the key to PuTTYgen.

Reply with quote

Don Sanches Guest

Re: Unsupported cipher

2016-02-03 10:42

Seem to have solved this. Under some *NIX system (Linux or, as in my case, FreeBSD) change directory to where the private key is. Lets say it is named private.key.
Run this:

ssh-keygen -p

It is basically for changing the password for the private key.
It asks now for the filename, enter: private.key
Then it asks for the current password, enter it
Then it asks for the new password twice, you can enter something new or just the same one.
It will re-write the file private.key but now it is coded with AES-128-CBC which PUTTY DOES understand! Now it can be imported by PuTTYgen.
This way I solved the problem with the key coded with DES-EDE3-CFB which nothing could understand except one non-freeware program!

Reply with quote

Mathieu Guest

Converting CFB to CBC using OpenSSL

2020-02-04 16:53

I had the same problem with my SFTP server (Solarwinds Serv-U) generating CFB keys that cannot being understood by PuTTYgen.
Please refer to this page:
https://web.archive.org/web/20221210015643/https://parkwharf.com/blog/cipher-feedback-encryption-woes-on-windows/

With a simple command you can convert from CFB to CBC:

openssl dsa -in my-useless-CFB.key -out hopefully-useful.key -outform pem

Note: change dsa by rsa if your CFB key is using RSA

Converted successfully with PuTTYgen 0.73

Reply with quote

Keith Guest

Kiteworks also generating private keys that PuTTYgen can't import

2024-05-17 22:30

The private key file generated by Kiteworks (for SFTP/SSH connection) starts with

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC

Using WinSCP 6.3.3 with PuTTYgen 0.81, we use PuTTYgen to try to load the private key file.
We get PuTTYgen error:

Couldn't load private key (unsupported cipher)

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 42,164
Location:: Prague, Czechia

Re: Kiteworks also generating private keys that PuTTYgen can't import

2024-05-20

@Keith: PuTTYgen indeed does not support AES-256-CBC-encrypted keys. Probably because afaik that format is never used by OpenSSH.

But you might be able to use OpenSSH ssh-keygen to convert the key to a format that PuTTYgen understands.
Try: