Ask a Question

SSH Key Invalid Key Format

0 votes
by (180 points)

I'm trying to connect to a remote sftp server using a SSH key. When I call 

var privateKey = new SshPrivateKey(_options.Certificate, _options.CertificatePassword);

I get a CryptographicExcpetion with the message:

Invalid key format - no beginning

The key has the following format.

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "Created by ****** Pro"
AAAAB3NzaC1 .... more key data ....
---- END SSH2 PUBLIC KEY ----

Is there something wrong with this key format or what do I need to do to correct this issue.

Applies to: Rebex SFTP

1 Answer

0 votes
by (148k points)

Your are trying to load a public key into SshPrivateKey class. This is not supposed to work. Try loading a corresponding private key.

For loading public keys, use SshPublicKey class instead:

var publicKey = new SshPublicKey(_options.Certificate);
by (180 points)
Thanks!  That makes sense when I switch to use SSHPublicKey and call

_client.LoginAsync(username, publicKey)

I receive AuthentictaionRequest event must be registered first.  Is there a step that needs to go between the new public key creation and the login?
by (148k points)
LoginAsync(string userName,  method does not accept instances of SshPublicKey (because private key is needed to perform SSH key authentication). But the your code with SshPublicKey actually matched the LoginAsync(string userName, object state) overload, which is not intended for key authentication, but for "interactive" authentication that needs AuthenticationRequest events. However, this is not what you need to use for key-based authentication - you need the private key instead.
Please check out https://www.rebex.net/doc/api/Rebex.Net.Sftp.LoginAsync.html
by (180 points)
Should the private key be provided by the host server, or is that something I would generate from the public key?
by (148k points)
If you trying to authenticate a user using a key (instead of password), the user is supposed to generate a private/public key pair. The public key would then have to be associated with the user account at the server, and the private key kept by the user and not shared with the server administrator or anyone else (when SshPrivateKey is supplied to LoginAsync method, it is not sent to the server, it's just used to perform a key-based authentication using an asynchronous cryptography algorithm such as RSA).
...