Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SFTP fails when using public key, invalid PEM structure #1741

Closed
cyberduck opened this issue Feb 4, 2008 · 21 comments
Closed

SFTP fails when using public key, invalid PEM structure #1741

cyberduck opened this issue Feb 4, 2008 · 21 comments

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented Feb 4, 2008

48d63ca created the issue

Cyber cannot login to my ssh server when using public key authentication. It fails with an error "Invalid PEM structure, '-----BEGIN...' missing"

I have verified that I can log into the sftp server in question using 'sftp' and 'WinSCP'. Additionally, Cyberduck can log into the ssh server when I am using password authentication.

The ssh server is a bit of a rarity, it's an embedded ARM-based NAS running Linux. I'm using OpenSSH 4.7p1 with it. Please contact me if you need more info or want to use my server to test. I can't find out how to get better logs out of Cyberduck.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 4, 2008

48d63ca commented

I should also mention that the same set of public/private keys work for other servers.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 4, 2008

@dkocher commented

Make sure you select the private key enclosed with the PEM structure.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 4, 2008

anonymous commented

Wow, I feel stupid. It was because I was trying to authenticate with the public key instead of the private key like I should have been. Cyberduck really ought to extend that error message to say "Are you sure you're using a private key?" I'm willing go bet that 99% of the time that's what a user does, but the error message doesn't make that immediately clear.

Thanks!

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 21, 2008

carol commented

Replying to [comment:4 dkocher]:

hello, i'm having same problem with 'invalid PEM structure' errors using a key. i'm using a private key. not sure why i can't connect. any advice greatly appreciated.
best, carol

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 21, 2008

@dkocher commented

Maybe you are using a key generated by Putty SSH. It must be in the OpenSSH format.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 20, 2009

drm commented

I'm connecting to a SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.6 server using cyberduck 3.1.2 (4500), and get the error described above.

I'm definitely using a private key (has the ------BEGIN... structure). I can connect with command-line ssh and sftp.

I re-generated my server keys using ssh-keygen on the debian server, so I'm not using puttyssh. I get the error whether or not I try to authenticate using my client public key or by password (both work with the command-line client).

I can provide logs and debugging info -- mail dylan richard muir at gmail.com, with dots in between the names.

Thanks,
DRM

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 20, 2009

DRM commented

I can connect using a local DSA private key, but by default cyberduck is trying to use ~/.ssh/identity as a private key. When I try to disable the use of this key, I think cyberduck may be using it anyway (hence the "no PEM stucture" error). I guess this is the cause of my problem. This bug should be "can't de-select a private key".

DRM

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Apr 27, 2009

@dkocher commented

#2934 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Apr 27, 2009

@dkocher commented

#3134 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Dec 21, 2009

227b147 commented

I can confirm this issue in 18ae38c in OS X 10.6.2. Giving it ~/.ssh/id_dsa (for example) fails, but copying that private key to ~/.ssh/identity and using that succeeds.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 9, 2010

2037dc9 commented

I also confirm this bug. Versio 3.3 (5552) + Leopard 10.5.8 ppc

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 9, 2010

@dkocher commented

Replying to [comment:13 ikke@…]:

I also confirm this bug. Versio 3.3 (5552) + Leopard 10.5.8 ppc

Please post the exact error message.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 9, 2010

2037dc9 commented

Sorry, I take it back. No bug after all. Idiot user instead... :(

I selected the public key instead of private key. The Finnish translation has check box to use public key method, and after checking it it opens the browser for private key. It just doesn't mention that it's browsing private key instead of public key. Actually it doesn't mention what it's browsing. I didn't notice it asks for private key while clicking the public key method. I selected the public key id_dsa.pub. Only after while I noticed it mentiones the private key below the public key check-box.

So confirming then that there is no bug after all :) . Since it checks the private key at connection time anyway, it could perhaps do it already at the time one selects the file and complain immediately. Then users like me would not waste your time... :)

The exact error message would have been: "Invalid PEM structure, '-----BEGIN...' missing.". Sorry for trouble.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 9, 2010

@dkocher commented

Replying to [comment:15 ikke@…]:

Sorry, I take it back. No bug after all. Idiot user instead... :(

I selected the public key instead of private key. The Finnish translation has check box to use public key method, and after checking it it opens the browser for private key. It just doesn't mention that it's browsing private key instead of public key. Actually it doesn't mention what it's browsing. I didn't notice it asks for private key while clicking the public key method. I selected the public key id_dsa.pub. Only after while I noticed it mentiones the private key below the public key check-box.

So confirming then that there is no bug after all :) . Since it checks the private key at connection time anyway, it could perhaps do it already at the time one selects the file and complain immediately. Then users like me would not waste your time... :)

The exact error message would have been: "Invalid PEM structure, '-----BEGIN...' missing.". Sorry for trouble.

It is easily mistakable because the authentication method is titled Public Key Authentication but what you have to choose from the browse dialog is the private key. We should set a prompt text in the panel.

Loading

@cyberduck cyberduck closed this Jan 9, 2010
@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 10, 2010

@dkocher commented

We provide a message text in the open dialog as of 4c157c7.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 10, 2010

@dkocher commented

Replying to [comment:17 dkocher]:

We provide a message text in the open dialog as of 4c157c7.

It says Select the private key in PEM format. Localization pending. See 31337cb.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 12, 2010

2037dc9 commented

Thanks, that clears it up. As a counter offer :) , The Finnish translation would be

trunk/fi.lproj/Credentials.strings, line 21:

"Select the private key in PEM format" = "Valitse PEM-muotoinen henkilökohtainen avain";

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 5, 2010

5047493 commented

Replying to [comment:6 dkocher]:

Maybe you are using a key generated by Putty SSH. It must be in the OpenSSH format.

How can you check this? - which standard does my key use?
I honestly don't remember how I have created it.

As I get the same error "Invalid PEM structure, '-----BEGIN...' missing."

I have Cyberduck Version 3.4.2 (5902) on OS X 10.5.8

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 14, 2010

anonymous commented

Replying to [comment:20 pax@…]:

Replying to [comment:6 dkocher]:

Maybe you are using a key generated by Putty SSH. It must be in the OpenSSH format.

How can you check this? - which standard does my key use?
I honestly don't remember how I have created it.

As I get the same error "Invalid PEM structure, '-----BEGIN...' missing."

I have Cyberduck Version 3.4.2 (5902) on OS X 10.5.8

Any news on this ? I've generated my public key with:
openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/mykey.public -pubout -outform PEM

But I still have the "begin missing" error. I'd really like to use cyberduck as a sftp client. Version 3.42, osx 10.63

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 14, 2010

anonymous commented

Replying to [comment:21 anonymous]:

Replying to [comment:20 pax@…]:

Replying to [comment:6 dkocher]:

Maybe you are using a key generated by Putty SSH. It must be in the OpenSSH format.

How can you check this? - which standard does my key use?
I honestly don't remember how I have created it.

As I get the same error "Invalid PEM structure, '-----BEGIN...' missing."

I have Cyberduck Version 3.4.2 (5902) on OS X 10.5.8

Any news on this ? I've generated my public key with:
openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/mykey.public -pubout -outform PEM

But I still have the "begin missing" error. I'd really like to use cyberduck as a sftp client. Version 3.42, osx 10.63
Oh well never mind. It was a problem on the server side. The error message is kinda misleading tho...

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Apr 28, 2012

Theparadigm commented

I've had this a few times also due to server issues or key issues. Please change the error message!

Loading

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants