Convert SSH2 Public Key to OpenSSH format
Overview
An SFTP user provides you with a public key, but they are not able to log in.
There can be a number of reasons for this. But one possibility is that the public key provided is in the wrong format (i.e. SSH2 format).
This article shows you how to convert the SSH2 formatted public key to the OpenSSH format that SFTP Gateway expects.
Inspect the existing public key
To view the public key of an existing SFTP user, do the following:
SSH into the server.
Run the commands:
sudo su
sshldap robtest
(Replace robtest with the actual username.)
You should something like this:
ssh-rsa AAAAB3NzaC1yc2...PJtaZWNuT5BJa8GhnzX09g6nhbk= robtest.key
The above example is a public key in the OpenSSH format, which is what SFTP Gateway expects.
If you see the words BEGIN SSH2 PUBLIC KEY, this is an SSH2 formatted public key, and
this needs to be corrected.
An SSH2 formatted public key looks something like this:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20200402"
AAAAB3NzaC1yc2EAAAABJQAAAgEAiL0jjDdFqK/kYThqKt7THrjABTPWvXmB3URI
.
.
.
AEQwc1bG+Z/Gc1Fd8DncgxyhKSQzLsfWroTnIn8wsnmhPJtaZWNuT5BJa8GhnzX0
9g6nhbk=
---- END SSH2 PUBLIC KEY ----
The sshldap command will remove the line-breaks and show all the text on a singe line.
Convert the public key format from SSH2 to OpenSSH
Try to find the original SSH2 public key that was provided from the user.
Otherwise, use the sshldap command to output the SSH2 public key. You may need to manually
insert line-breaks at the appropriate places.
Save the SSH2 public key to a file (e.g. ssh2.pub).
Then, run the following command:
ssh-keygen -i -f ssh2.pub
This takes the SSH2 formatted public key, and outputs an OpenSSH public key. For more information, see https://tutorialinux.com/convert-ssh2-openssh/
At this point, you can set the public key on the SFTP user:
sftpgw.sh update-user --username robtest --pub-ssh "ssh-rsa AAAAB3NzaC1yc2...PJtaZWNuT5BJa8GhnzX09g6nhbk= robtest.key"