Cyberduck Mountain Duck CLI

#1264 closed defect (fixed)

sftp /scp connection with rsa key does not work

Reported by: thierry34 Owned by: dkocher
Priority: high Milestone: 3.4.2
Component: sftp Version: 2.7.3
Severity: blocker Keywords: sftp ssh scp rsa pathphrase
Cc: thierry.charles@…, joel.fisler@… Architecture:
Platform:

Description

Hi,

I think that the authentification process is not working when ssh need a passphrase (rsa in my case) for sftp over ssh or scp. It works fine with in terminal command line ssh and command line sftp (asking for the passphrase because the ssh server is confirgured this way). Do you plan to enable this possibility in the near future/release ?

Regards,

Thierry

Attachments (1)

cyberduck_error.png (33.4 KB) - added by dkocher on Dec 19, 2007 at 11:23:06 PM.

Download all attachments as: .zip

Change History (25)

comment:1 Changed on Sep 19, 2007 at 8:14:18 PM by dkocher

Can you confirm this bug when running version 2.8?

comment:2 Changed on Nov 19, 2007 at 1:10:12 PM by fisler

  • Cc joel.fisler@… added

I do have the same problem: login via ssh works perfectly, via cyberduck I get an "publickey authentication failed" error (I even tried copy-pasting password to be sure that I use the same as with ssh). my passphrase has blanks in it, maybe thats the problem? but if I store the key in the keychain and go there to have a look at the password I can see the correct passphrase stored there (by cyberduck) so whats the problem?

comment:3 Changed on Dec 4, 2007 at 9:05:15 PM by dkocher

  • Milestone set to 2.8.3
  • Resolution set to worksforme
  • Status changed from new to closed

I have tested against the latest nightly build also using a password with whitespace.

comment:4 Changed on Dec 10, 2007 at 7:22:37 PM by fisler

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I am sorry, I still get the error. I am pretty sure that it is a Cyberduck error because with Fetch, ssh and other tools it works perfectly. Check the error screenshot here

Changed on Dec 19, 2007 at 11:23:06 PM by dkocher

comment:5 Changed on Dec 19, 2007 at 11:26:22 PM by dkocher

This may be related to the issue with corrupted Keychain passwords (see #1354). Try deleting any passwords in the Keychain of the server you are trying to connect to. To modify saved passwords in the Keychain, open /Applications/Utilities/Keychain Access.app.

comment:6 Changed on Dec 19, 2007 at 11:27:44 PM by dkocher

Addendum: For private key passwords, these are stored as SSHKeychain for the Name of the application password in the Keychain.

comment:7 Changed on Dec 23, 2007 at 8:11:56 PM by dkocher

  • Resolution set to worksforme
  • Status changed from reopened to closed

comment:8 Changed on Jan 7, 2008 at 4:09:52 PM by fisler

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I am very sorry to post again. Should I just shut up and stop using Cyberduck? It does not work for me. In every other Application it works but not with Cyberduck. I tried the latest nightly build again from January 3rd.

In the Screenshot I posted there is the command line and error issued. I tried the command and got the following:

sftp root@…:22

Connecting to www.olat.org... Couldn't stat remote file: No such file or directory File "/root/22" not found.

So I tried it again without the port:

sftp root@…

Connecting to www.olat.org... sftp> exit

Might the port be a problem? Then I thought the problem might be the domain mapping... (who knows, anything possible). So i tried directly with the hostname "idlnx46.uzh.ch". Didnt work either. Also I was not sure why Cyberduck wants a Name for the key. All you usually enter is the passphrase. Of course there is the username to login on the sftp server but this information I enter in my Bookmark (Lesezeichen). I use "root". After that I shoud just be asked about the passphrase. This is a bit confusing...

I will add two screenshots to illustrate what I mean. Just let me know when I should shut up and stop testing :-)

comment:9 Changed on Jan 7, 2008 at 4:17:40 PM by fisler

I cannot upload the screenshots, I sent them to dkocher.

By the way: It has nothing to do with the keychain because I am not storing the password there.

comment:10 Changed on Jan 21, 2008 at 4:22:41 PM by dkocher

Have you tried deleting all passwords with the name SSHKeychain from the Keychain?

comment:11 Changed on Jan 23, 2008 at 6:59:10 PM by dkocher

  • Milestone 2.8.4 deleted

comment:12 Changed on May 15, 2009 at 11:15:52 AM by DukBerCy

I wonder if scp functionality will be added soon. Cannot find a comfortable way to scp files to remote machines on Mac. SFTP with Public Key will not work due to the following error:

" I/O Error: Connection failed Invalid PEM structure, '-----BEGIN...' missing"

Does not work even if the SFTP Setting is set to: "SCP (Secure Copy)" instead of "SFTP (SSH Connection)"

Thank you.

comment:13 follow-up: Changed on May 15, 2009 at 11:22:00 AM by DukBerCy

In FileZilla and WinSCP you are able to point to a Private Key, which is used instead of a password for SCP filetransfer. FileZilla 3.2.4.1 on Mac will work, CyberDuck 3.2 cannot connect due to: " I/O Error: Connection failed Invalid PEM structure, '-----BEGIN...' missing"

comment:14 in reply to: ↑ 13 ; follow-up: Changed on May 15, 2009 at 12:11:04 PM by dkocher

Replying to DukBerCy:

In FileZilla and WinSCP you are able to point to a Private Key, which is used instead of a password for SCP filetransfer. FileZilla 3.2.4.1 on Mac will work, CyberDuck 3.2 cannot connect due to: " I/O Error: Connection failed Invalid PEM structure, '-----BEGIN...' missing"

Try to create a key using the ssh-keygen program from the OpenSSH distribution. The one you are using is not a supported format.

comment:15 in reply to: ↑ 14 Changed on May 15, 2009 at 12:11:51 PM by dkocher

Replying to dkocher:

Replying to DukBerCy:

In FileZilla and WinSCP you are able to point to a Private Key, which is used instead of a password for SCP filetransfer. FileZilla 3.2.4.1 on Mac will work, CyberDuck 3.2 cannot connect due to: " I/O Error: Connection failed Invalid PEM structure, '-----BEGIN...' missing"

Try to create a key using the ssh-keygen program from the OpenSSH distribution. The one you are using is not a supported format.

Also refer to help/en/howto/ssh.

comment:16 Changed on Jul 19, 2009 at 3:48:55 PM by anonymous

I can confirm this. rsa pubkeys don't seem to work with cyberduck. Same error message as on the attached image. Perhaps this is an java issue don't work mit muCommander either.

comment:17 follow-up: Changed on Nov 15, 2009 at 10:08:41 PM by sidd

after updating to cyberduck 3.3 (5552) i cannot login via sftp and id_rsa key anymore (same symptom on 4 different servers). i recently changed my key, but via ssh and sftp in terminal everything works fine on all servers. i tried to get rid of the error by reselecting my ir_rsa key from ~/.ssh, but no luck: cyberduck still echoing "publickey authorization failed". what am i missing? any hints?

comment:18 in reply to: ↑ 17 ; follow-up: Changed on Nov 15, 2009 at 11:21:33 PM by sidd

Replying to sidd:

i recently changed my key, but via ssh and sftp in terminal everything works fine on all servers. i tried to get rid of the error by reselecting my ir_rsa key from ~/.ssh, but no luck: cyberduck still echoing "publickey authorization failed".

can answer the question myself. needed to setup new SSHKeychain in keychain.app since my pw changed because of new rs_ida key. wasnt aware that cyberduck isn't echoing that and just grabs the wrong, "old" pw from keychain.

should have investigated one step further before posting here. keep up the good work!

comment:19 in reply to: ↑ 18 Changed on Nov 15, 2009 at 11:40:28 PM by dkocher

Replying to sidd:

Replying to sidd:

i recently changed my key, but via ssh and sftp in terminal everything works fine on all servers. i tried to get rid of the error by reselecting my ir_rsa key from ~/.ssh, but no luck: cyberduck still echoing "publickey authorization failed".

can answer the question myself. needed to setup new SSHKeychain in keychain.app since my pw changed because of new rs_ida key. wasnt aware that cyberduck isn't echoing that and just grabs the wrong, "old" pw from keychain.

should have investigated one step further before posting here. keep up the good work!

Thanks for sharing that information here.

comment:20 follow-up: Changed on Feb 17, 2010 at 3:53:56 PM by Babypoohbearnme@…

ATTENTION: This is how you can fix it

Make sure you have the following component:

  1. Community sources.
  2. BSD Subsystem
  3. Open SSH (very important that you this on your phone, if not, then dl it on cydia/installer/etc.)

Then try the steps again.

comment:21 in reply to: ↑ 20 Changed on Mar 5, 2010 at 1:39:43 PM by gerbsen@…

Hi, I do have the same problem, connect via ssh or sftp on the command line works. but in cyberduck i get "Publickey authentication failed". I have tested this on the newest nightly build.

cheers daniel

comment:22 follow-up: Changed on Mar 10, 2010 at 4:11:40 PM by tismer@…

This problem has been present for years. If a passphrase is present, the connection works once, and never again. Instead of using the credentials which the system already has (through ssh-add -K), cyberduck decodes without passphrase later on and complains about wrong PEM structure.

This made me finally switch over to forklift, where such problems do not exist.

cheers - chris

comment:23 in reply to: ↑ 22 Changed on Mar 27, 2010 at 5:34:15 PM by dkocher

  • Milestone set to 3.4.2
  • Resolution set to fixed
  • Status changed from reopened to closed

Replying to tismer@…:

This problem has been present for years. If a passphrase is present, the connection works once, and never again. Instead of using the credentials which the system already has (through ssh-add -K), cyberduck decodes without passphrase later on and complains about wrong PEM structure.

This made me finally switch over to forklift, where such problems do not exist.

cheers - chris

This should be fixed as of r5865.

comment:24 Changed on May 15, 2011 at 4:51:03 PM by peterhil

Using RSA keys with Passphrase does not work on CyberDuck 4.0.2 (8610)! Regression bug? I'm moving to another program...

Note: See TracTickets for help on using tickets.
swiss made software