GoAnywhere exported SSH key cannot be imported into WinSCP

Modified on Wed, 16 Mar, 2022 at 5:14 PM

Symptom:

When a SSH key pair is created within GoAnywhere MFT and then exported, it cannot be used inside WinSCP as it errors out when trying to set the key.

 

 

Cause:

The private key created by GoAnywhere is protected by a password that encrypts the key itself. WinSCP's internal mechanism cannot convert encrypted keys to its own format and therefore fails.

 

Solution:

To use the keys in WinSCP, we need to decrypt the key first and then use the built-in WinSCP converter.


  1. Copy the private key to a machine with OpenSSL installed
  2. Decrypt the key content using the following command:
    openssl rsa -in [original.key] -out [new.key]
  3. Import the key into WinSCP. When asked to convert, answer yes.


Important: 

If the password for the key is missing, create a new one. You cannot decrypt the key if you do not have the password.

Additional resources:

Installing OpenSSL on Windows 10 and updating PATH

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article