Using "OPENSSH" private key file in string with SSH.NET in C# fails with "invalid private key file"

Question

I'm not experienced with SFTP or OpenSSH. I am trying to connect to a client's SFTP to upload a file.

I am using the SSH.NET library – https://github.com/sshnet/SSH.NET

Within my C# code I have the private key in a string variable:

var key = @"-----BEGIN OPENSSH PRIVATE KEY-----
// snipped
-----END OPENSSH PRIVATE KEY-----
";

MemoryStream keyStream = new MemoryStream(Encoding.UTF32.GetBytes(key));

Renci.SshNet.ConnectionInfo conn = new Renci.SshNet.ConnectionInfo(
    host, 
    port,
    username, 
    new AuthenticationMethod[]
    {
         new PrivateKeyAuthenticationMethod(username, new PrivateKeyFile[]
         {
            new PrivateKeyFile(keyStream, ""), 
         }), 
    });

But I get an error:

invalid private key file.

My question is, I have seen other keys which begin BEGIN RSA but my key begins BEGIN OPENSSH – is this the issue?

Answer 1

You have two problems with your code:

• The PrivateKeyFile class reads the key using StreamReader, which defaults to UTF8. Not UTF16. That's why the reading fails with the vague

  invalid private key file.

• If you correct the Encoding.UTF32 to Encoding.UTF8, it will still fail though. As you have rightly guesses that the SSH.NET does not support the OPENSSH format.

  The latest SSH.NET 2020.0.1 supports the OPENSSH format for ssh-ed25519 keys only. It will say:

  openssh key type: ssh-rsa is not supported

  Older versions did not support this format at all, they will say:

  Key 'OPENSSH' is not supported

  These OPENSSH keys are generated by recent versions of OpenSSH (7.8 and newer).

  You can use ssh-keygen to convert the key to the classic OpenSSH format:

  ssh-keygen -p -f file -m pem -P passphrase -N passphrase
  

  (if the key is not encrypted with a passphrase, use "" instead of passphrase)

  For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.

  ---

  On Windows, you can also use PuTTYgen (from PuTTY package):

  • Start PuTTYgen
  • Load the key
  • Go to Conversions > Export OpenSSH key.
    For RSA keys, it will use the classic format.

  ---

  If you are creating a new key with ssh-keygen, just add -m PEM to generate the new key in the classic format:

  ssh-keygen -m PEM
  

---

This works:

var key = @"-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAjQtUVe5ewYro8utRXqftODAg9zpqkP3+kmpVoIIXe27ga3jy
rUzJtCItx1jqjdZypcPrxB+8j2nUJj108Bw5y088OquGz/GhBk0uTN+/kQ7K4vnE
y7X4VuKDOloAAXRcyUZ621RWzM/Xp5M/lU6kuR+TtlMd1lpWmeKSNXhfP4gYaPMT
p/4+u247ng+HIwW9CLl5PGIO/AXImt/XyVMKMqw8IgGRKaYBBL2R9wLPBAYVzgHe
svfSDYdeNyh3XG+gbLgq2lmCYcq3wF//Ms3G/cTIm1ipeaeL89bTR9fYhLwQFdlp
UPy8wii/7jlfY/V+8EHQENNGZc3w0wPzP7EdkwIBJQKCAQBIbZoCnQA534xhEQ4b
2bEqsO5VcQZKdJd7nmNSbFE/YnM+G4OJbJ7tzFyyecSOBlaMeV1ktlnox6RK/Pbc
KiuEE+5+/iKiIiJBgZRQ/UayRd3OgEJ2cjNq4wUd9t1oh9yetX1b3zN97jB4pY9a
glSWailB81SC1HGo986KKQ5RDcA9cNa19uBEkUcTdcaph8wLcUDkT2PsavJt1wUF
0d8E3mKejDFMJJBt+642PdnrSK2N+3TtkEx2DxMAoQ5gPfaDWeN4QwbxDeNllfFM
BHj7ezL2N+U037fp/jAMyWVDaqN2leAakXkqQ73pdnvIsYHlxIvNTq0rFD64ELkT
ABq9AoGBAPG63tfV7Bzkd/iX5uIrjJY1UtbxhWMaoaF6tEJ+wZyEpcVEYWcFu0v2
20aFsdFWYFTe2vqkVcJpm3QjUJqBg6D7LWUBmy46VFlXhpvkp9g7I4xeRLT9xWVY
iwCgofyKw3Wa+aZWyBxt3DR2e+WKU5y4/dqAoprgGy3ChgSjM4DLAoGBAJVe2i3o
+3qUzeEIrxSf3H6HOT7fGaXsk+M8zDqrBjSki0sHMNedHMQ3tM/EUc6SnvWyPTZA
AlJSOllIg0eYxCzdiuJ1SUai4g9fp+u6HTkOzETJY7zfBhFM45AHkrh2r6z/u+Yk
yH57QeO+k2BgSDYZgdfX9cYW3C365BpqBCVZAoGBAOSp2bdpfnwyEJ8MO0SlvFa8
0dI+aWuVu30TNOT0cfTsLht4CRxDsSwus79AMpWW5YC3IitdLod4p865n0YLz4px
D0Pe7L0Gvn4Gr8PmIjs+3HAGJVFDFKv5z5jPTR9S1JHXyY+ChfFhALwBYHFZVgL0
LmboYnbT/gixFv13yO9zAoGAcQmCg5uN4DlB2rp2p9LsDLlbwOAvFcfJ3GVcSBK4
lopbkrlVZOWZOosFXvVuVyLZKKKPL/kWg3x/Ls8XPRmpNrV9285g9y8nnO5xPMQx
ylBjOvlEju32wPvqetVMb+sdKPjhOIqJ4yzX6p4OqcxSUnQq6IfA6O60ddKex+GG
mM0CgYAqm3oISjWhyq+4iN4C2eQXtAdAjkA7c0ZaHRFFapOI+ZqPXEi+oyhuPj4Z
ZeUcZkS9cYKkgRGDG33p1ZiR+iY7I6Qv8Seyu/oh75/lL0imiq7yKTmizL2WIow7
lT1yYNZJI/YNEdWPKOZl6kYsHliW8TaUk0yvDC/LPADabjvjzg==
-----END RSA PRIVATE KEY-----
";

MemoryStream keyStream = new MemoryStream(Encoding.UTF8.GetBytes(key));
new PrivateKeyFile(keyStream);

---

A related question: "Renci.SshNet.Common.SshException: Invalid private key file" when loading SSH private key from configuration string using SSH.NET.