SFTP fails when using public key, invalid PEM structure #1741
Comments
I should also mention that the same set of public/private keys work for other servers. |
Make sure you select the private key enclosed with the PEM structure. |
Wow, I feel stupid. It was because I was trying to authenticate with the public key instead of the private key like I should have been. Cyberduck really ought to extend that error message to say "Are you sure you're using a private key?" I'm willing go bet that 99% of the time that's what a user does, but the error message doesn't make that immediately clear. Thanks! |
Replying to [comment:4 dkocher]: hello, i'm having same problem with 'invalid PEM structure' errors using a key. i'm using a private key. not sure why i can't connect. any advice greatly appreciated. |
Maybe you are using a key generated by Putty SSH. It must be in the OpenSSH format. |
I'm connecting to a SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.6 server using cyberduck 3.1.2 (4500), and get the error described above. I'm definitely using a private key (has the ------BEGIN... structure). I can connect with command-line ssh and sftp. I re-generated my server keys using ssh-keygen on the debian server, so I'm not using puttyssh. I get the error whether or not I try to authenticate using my client public key or by password (both work with the command-line client). I can provide logs and debugging info -- mail dylan richard muir at gmail.com, with dots in between the names. Thanks, |
I can connect using a local DSA private key, but by default cyberduck is trying to use ~/.ssh/identity as a private key. When I try to disable the use of this key, I think cyberduck may be using it anyway (hence the "no PEM stucture" error). I guess this is the cause of my problem. This bug should be "can't de-select a private key". DRM |
I can confirm this issue in 18ae38c in OS X 10.6.2. Giving it ~/.ssh/id_dsa (for example) fails, but copying that private key to ~/.ssh/identity and using that succeeds. |
I also confirm this bug. Versio 3.3 (5552) + Leopard 10.5.8 ppc |
Replying to [comment:13 ikke@…]:
Please post the exact error message. |
Sorry, I take it back. No bug after all. Idiot user instead... :( I selected the public key instead of private key. The Finnish translation has check box to use public key method, and after checking it it opens the browser for private key. It just doesn't mention that it's browsing private key instead of public key. Actually it doesn't mention what it's browsing. I didn't notice it asks for private key while clicking the public key method. I selected the public key id_dsa.pub. Only after while I noticed it mentiones the private key below the public key check-box. So confirming then that there is no bug after all :) . Since it checks the private key at connection time anyway, it could perhaps do it already at the time one selects the file and complain immediately. Then users like me would not waste your time... :) The exact error message would have been: "Invalid PEM structure, '-----BEGIN...' missing.". Sorry for trouble. |
Replying to [comment:15 ikke@…]:
It is easily mistakable because the authentication method is titled Public Key Authentication but what you have to choose from the browse dialog is the private key. We should set a prompt text in the panel. |
Thanks, that clears it up. As a counter offer :) , The Finnish translation would be trunk/fi.lproj/Credentials.strings, line 21: "Select the private key in PEM format" = "Valitse PEM-muotoinen henkilökohtainen avain"; |
Replying to [comment:6 dkocher]:
How can you check this? - which standard does my key use? As I get the same error "Invalid PEM structure, '-----BEGIN...' missing." I have Cyberduck Version 3.4.2 (5902) on OS X 10.5.8 |
Replying to [comment:20 pax@…]:
Any news on this ? I've generated my public key with: But I still have the "begin missing" error. I'd really like to use cyberduck as a sftp client. Version 3.42, osx 10.63 |
Replying to [comment:21 anonymous]:
|
I've had this a few times also due to server issues or key issues. Please change the error message! |
Cyber cannot login to my ssh server when using public key authentication. It fails with an error "Invalid PEM structure, '-----BEGIN...' missing"
I have verified that I can log into the sftp server in question using 'sftp' and 'WinSCP'. Additionally, Cyberduck can log into the ssh server when I am using password authentication.
The ssh server is a bit of a rarity, it's an embedded ARM-based NAS running Linux. I'm using OpenSSH 4.7p1 with it. Please contact me if you need more info or want to use my server to test. I can't find out how to get better logs out of Cyberduck.
The text was updated successfully, but these errors were encountered: