Credentials / SSH PSK / Key based Authentication

I want to use SSH Key Based Authentication and generated a Key-Pair with PuTTYgen. The used Key-Pair was verified that it works with PuTTY.

When using the default export format of PuTTYgen says on running a task, that it is an invalid private key file:

If I try OpenSSH Key Format (FORCE NEW FORMAT) CTW accepts the key, but it can’t authenticate with it. Putty doesn’t seem to be able to use it, too, though, not because it can’t auth, but doesn’t know how to use it.

The OpenSSH Key Format (old) produces an error, that the key type ssh-rsa is not supported:

(imagin an image posted here, forum only allows me to post one pic)

I crawled through the documentation and the forums, but couldn’t find a hint as to what the key is supposed to be stored as. Could anybody assist me?

Edit: I crossreferenced this entry on stackoverflow and tried to convert one PSK and even tried to make a fresh one. All to no-avail.

EDIT2: I found that the “old”/pem format uses SHA-1, which inherently isn’t accepted by the target server anymore for obvious reasons. It also seems that the uses library of SSH.NET is not the latest from 2020 , since CTW doesn’t seem to accept the ssh-ed25519 crypto either.

Did you try a PEM format file key? It shouldn’t really matter what the key type, is just the file format (i,e. one you can open in a text editor).

Yes, I tried a multitude of hashing algorythms (with the PEM file format). Some like

ssh-keygen -m PEM -o -a 100 -t ed25519

are not working with CTW itself:

Export failed with error: Renci.SshNet.Common.SshException: cipher name aes256-ctr for openssh key file is not supported

Others, even sha2-512 generated ones (in PEM format!) are refused by the server, as it seems that CTW just tries to establish them with ssh-rsa(-sha1) nevertheless.

DSA/DSS is refused by openssh on the server too (1:8.9p1-3ubuntu0.1)

Feb 17 09:30:08 server sshd[75122]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedAlgorithms [preauth]
Feb 17 09:30:08 server sshd[75122]: Connection closed by authenticating user [...]
Feb 17 10:04:47 server sshd[75270]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Feb 17 10:04:47 server sshd[75270]: Connection closed by authenticating user [...]

System in Question is a freshly setup Ubuntu 22.04 LTS

Thanks, this appears to be a limitation of the library we use: aes256-ctr not supported for private keys · Issue #742 · sshnet/SSH.NET · GitHub

The issue linked suggests it’s specifically the key encryption (used to read the key, not the key type itself) that’s the problem and using -Z aes256-cbc when outputting the key should fix that.

This actually worked. Mind if I suggest that this should be added somewhere in the documentation? Thats a very specific combination of file format and cipher.

Also on that note, are you using the latest library from 2020?


Hi, we’re using the latest release that’s available on nuget. We also sponsor the project on GitHub to try to encourage new releases. It would be possible for us to package our own build and that may be necessary to get the latest features. It’s likely we will need to improve our ssh support in the near future as we expand our linux support.

Well, we just started using CTW, but that would be a welcome addition for sure. But I guess not that many people are using it with Linux Machines, yet.

Thank you for your support though.

1 Like