SFTP Gateway Private Key Line Breaks
Overview
When using certain browsers like Safari, the private key that you download from the user management website is formatted incorrectly (missing line breaks). This causes an error when trying to connect as that SFTP user.
The fix is to use Google Chrome instead, which downloads the private key with the appropriate line breaks.
Another option is to re-introduce the line breaks using a bash script.
Encountering private key errors related to formatting
When you use a browser like Safari, the private key that you download from the user management website is missing line breaks. This is due to a bug in our website code.
Examine the private key
When you open up the private key file, you will notice that the contents are all on a single line.
-----BEGIN RSA PRIVATE KEY-----MIIEogIBAAKCAQEAypnRsezlPKouDXqZxvD77lW83avmu2QCkpvL2lBaDPvcVNeO5q73+pWFxxTHZ
A properly formatted private key looks like this:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAypnRsezlPKouDXqZxvD77lW83avmu2QCkpvL2lBaDPvcVNeO5q
...
cKg=
-----END RSA PRIVATE KEY-----
FileZilla won't let you set the key file
Whenever you try to set the Key file
in FileZilla using the Browse button, your change does not stick.
And if you were to manually type in the path for your Key file
, nothing happens when you hit the Connect button.
Both of these are the result of the private key being formatted incorrectly.
You get an invalid format error at the command line
When you attempt to SFTP to the server using the CLI, you get the following error:
Load key "robtest-2.key": invalid format
robtest@34.196.58.62: Permission denied (publickey).
The error Permission denied (publickey)
can happen for a number of reasons.
But the error invalid format
indicates there's a problem with the private key itself.
Use Google Chrome
One workaround to this problem is to just use Google Chrome. Chrome properly parses the line breaks in the private key file download.
However, Chrome might have self-signed SSL issues if you are running MacOS Catalina. See this article.
Bash Script
Another workaround is to re-introduce the line breaks using a bash script.
(1) Create a file private-key-linebreak.sh
with the following contents:
#!/bin/bash
PRIVATE_KEY=$1
# Require a file name parameter
if [[ -z ${PRIVATE_KEY} ]]; then
echo ""
echo "Usage: $0 <private-key-file>"
echo ""
exit 0
fi
# remove the header and footer
KEY_CONTENTS=$(cat $PRIVATE_KEY | sed 's/-----BEGIN RSA PRIVATE KEY-----//' | sed 's/-----END RSA PRIVATE KEY-----//')
# create a new key
NEW_FILE=copy-of-$PRIVATE_KEY
cat /dev/null > $NEW_FILE
# add the header
echo "-----BEGIN RSA PRIVATE KEY-----" >> $NEW_FILE
REMAINING_CONTENTS=$KEY_CONTENTS
# add lines to the new file, 66 characters at a time
while [ ${#REMAINING_CONTENTS} -gt 0 ]; do
FIRST_66=${REMAINING_CONTENTS::66}
echo $FIRST_66 >> $NEW_FILE
REMAINING_CONTENTS=${REMAINING_CONTENTS:66:${#REMAINING_CONTENTS}}
done
# add the footer
echo "-----END RSA PRIVATE KEY-----" >> $NEW_FILE
echo ""
echo "Created new file $NEW_FILE"
echo ""
(2) Make the file executable by running:
chmod +x private-key-linebreak.sh
(3) Then run the script:
./private-key-linebreak.sh private.key
You should see a new properly formatted private key named copy-of-private-key-linebreak.sh