0

I have a C# .NET Windows service project, where am trying to open an SFTP connection to a SFTP server and put a file to the server.

I have SFTP hostname, username and key file (.key file). I do have a passphrase here.

Please help me with something to use SFTP in C# and .Net

I tried to do it in the below mentioned way :-

using (SSHClient sshClient = new SSHClient(getKeyConnection(HostName, UserName, Port, Myprivatekey.key,PassPhrase)))
            {
                Console.WriteLine("Connecting to server.");
                sshClient.OperationTimeout = TimeSpan.FromSeconds(60);
                sshClient.Connect();
                Console.WriteLine("Is Connected to server " + sshClient.IsConnected);

            }

Where my GetkeyConnection menthod is looks like :

public static ConnectionInfo getKeyConnection(string host, string username, int port, string privateKeyFile,string password)
        {
            Console.WriteLine("Getting key Connection Info to establish Private Key SFTP");
            return new ConnectionInfo(host, port, username, privateKeyObject(username, privateKeyFile,password));
        }

My privateKeyObject uses

private static AuthenticationMethod[] privateKeyObject(string username, string publicKeyPath,string password)
        {
            Console.WriteLine("Private key object method called.");
            PrivateKeyFile privateKeyFile = new PrivateKeyFile(publicKeyPath,password);      
            PrivateKeyAuthenticationMethod privateKeyAuthenticationMethod = new PrivateKeyAuthenticationMethod(username, privateKeyFile);
            return new AuthenticationMethod[] { privateKeyAuthenticationMethod };
        }

When I am trying to connect i am getting invalid private key file. Any idea how we can do this.

We have X.509 certificates which is signed with intermediate CA and is installed on our SFTP server. and we have a private key file and a passphrase which i am sending in my Authentication method. For SFTP we are using Renci nuget package

Neha Rastogi
  • 1
  • 4
  • 1
    SFTP is a subset of HTTPS. Both uses TLS for authentication which is done before the request is send from client to server. TLS the server sends a certificate block with possible names a certificates and then client checks stores to see if any certificate is matches the list of certificates sent from the server. The key file is the certificate. So all you need to do is load the certificate in the stores in client. I assume the server already has the certificate in the certificate block. – jdweng Feb 03 '22 at 11:38
  • 1
    SSH is a different protocol than SFTP and you should not be using both. SSH is when you are making a secure shell connection and SFTP is when you are making a secure file transfer. Both SSH and SFTP require a Username and Password besides the certificate. – jdweng Feb 03 '22 at 11:41

2 Answers2

0

Renci requires the private key to be in an openssl format. That exception is normally the result of an invalid key file format or a missing file. You can use putty gen, openssl tools or the Java keytool utility to convert the key to the proper format.

Note: "Renci.SshNet.Common.SshException: Invalid private key file" when loading SSH private key from configuration string using SSH.NET

Charlie
  • 26
  • 2
  • I tried doing the same previously with PuttyGen, Winscp, to convert the file in Openssl format but as soon i load a privat key file it prompted with format not supported. – Neha Rastogi Feb 04 '22 at 08:24
  • I ran a test with a self signed certificate containing a private key, by exporting the certificate to a PFX. Then used openssl to convert the private key in the pfx to a PEM keystore which can be manipulated by openssl: "openssl pkcs12 -in test.pfx -out test.pem -nocerts -nodes" Then run the RSA/EC conversion to convert the key to the correct RSA format the Renci component is expecting: "openssl ec -aes256 -in test.pem -out key.pem -passout pass:test1234" Then you place the key.pem file into the directory your private key is expected to be in. – Charlie Feb 13 '22 at 17:49
  • This header should be at the top of the file once it's been converted: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED – Charlie Feb 13 '22 at 17:55
  • Thanks @charlie is was done i just converted my private key into TSA private Key by running a command in openssl. – Neha Rastogi Feb 24 '22 at 07:00
0

When we generate a X509 Certificate it generate a Private key which needs to be converted into RSA private key by running a below mentioned command.

openssl rsa -in server.key -out server_new.key

Make sure you open openssl in Administrator mode. Which means your key file should start with --- Begin RSA Private Key----

Neha Rastogi
  • 1
  • 4