Hi,
Newbie here and I’m trying to receive a file via webhook and then pass that data onward as a new file on a server using sftp (key-based).
I have generated RSA 3072-bit keypairs using both ssh-keygen and puttygen on my linux workstation. I have copied the OpenSSH public key of each pair to my authorized_keys file for the account I am using to access the server.
What is the correct format that Pipedream requires for the private key? Putty? OpenSSH?
I have tried both. I ‘cat’ and copy the public key on my workstation and then paste it into the private key field in the workflow/account object.
I consistently receive the following error when testing this step - with both Putty and OpenSSH private keys:
connect: Cannot parse privateKey: Unsupported key format
DETAILS
at SftpClient.fmtError (/tmp/__pdg__/dist/code/d1d364ce7a87b24841e535bcd4c2409ce742c01e385c321e9568af1c7c54868c/node_modules/.pnpm/ssh2-sftp-client@9.0.4/node_modules/ssh2-sftp-client/src/index.js:111:22)
at SftpClient.connect (/tmp/__pdg__/dist/code/d1d364ce7a87b24841e535bcd4c2409ce742c01e385c321e9568af1c7c54868c/node_modules/.pnpm/ssh2-sftp-client@9.0.4/node_modules/ssh2-sftp-client/src/index.js:249:37)
at Object.run (file:///tmp/__pdg__/dist/code/d1d364ce7a87b24841e535bcd4c2409ce742c01e385c321e9568af1c7c54868c/component.mjs:40:5)
at global.executeComponent (/var/task/launch_worker.js:139:22)
at MessagePort.messageHandler (/var/task/launch_worker.js:598:28)
Debug information is lean (it’s masked), but I do see the paths:
[x] Detailed/code mode
this.sftp.$auth.host
this.sftp.$auth.privateKey
this.sftp.$auth.username
also {"host":"*****","privateKey":"*****","username":"*****"}
While observing the log file on the target server, I do not see any authentication request, so I’m confident that the issue is either in my use of the “sftp_upload_file” (key-based auth).
How do I properly format and input the public key?
Is there an error in mapping within the system between the input fields to the underlying SftpClient Connect call? I’m having difficulty seeing that far - i.e. is somehow a host or username value accidentally being placed in the privateKey field at Connect?
Thanks in advance for any guidance you can provide.
– Mike
Hello @mikeneumann, first off, welcome to Pipedeam!
I’ve investigated this and it seems like the action SFTP Upload File (Key based auth) use Private key with OpenSSH format. So you might need to generate the key pair with Open SSH format (you should use RSA 2048 bit just to be sure it is compatible), config your SFTP server to use it, and copy the private key content to your SFTP Pipedream account.
For more detail, the action source code (publicly accessible here) uses ssh2-sftp-client library, which in turn uses ssh2 library, and ssh2 library accept the private key with OpenSSH format.
Hi @vunguyenhung,
Thank you for your reply. I re-tested this morning with a new OpenSSH 2048-bit RSA key pair. I am able to command-line/shell ssh with the desired user account to my server using this key. Therefore I’m certain that my key files are good and my server accepts OpenSSH 2048-bit RSA authentication.
I tried in PD with this new key and I get the same result.
BTW, I am pasting the full contents of the Private Key file into the Pipedream dialog.
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
...
4t3RKEUwp61SPm0AAAAOd2ViaG9va0BjbGllbnQBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
Any other suggestions or ways to debug this error?
Thank you,
– Mike
My target server does not permit password authentication for ssh/sftp. It also doesn’t allow RSA 1024 keys for authentication, so I spun up a dummy server that did not have these restrictions.
- I successfully gained shell access using an OpenSSH 1024-bit RSA key pair from my workstation - key is good and the server allows 1024-bit RSA access.
- I tried using the 1024-bit key as above, in Pipedream, but same result:
connect: Cannot parse privateKey: Unsupported key format
- I replaced the
sftp_upload_file (key-based auth) with sftp_password_based_auth_upload_file and the this way the workflow succeeds.
At this point I consider the sftp_upload file (key-based auth) to be broken in Pipedream, which is unfortunate. BTW, nearly all examples I see around are password-based.
I’m happy to test some more, but I need more guidance.
Thank you,
– Mike
Hello @mikeneumann, thank you so much for the very detailed information! I’ve created a ticket here and add it to our prioritized backlog. Our component dev will take a look at it soon!
1 Like