When a SSH key pair is created within GoAnywhere MFT and then exported, it cannot be used inside WinSCP as it errors out when trying to set the key.




The private key created by GoAnywhere is protected by a password that encrypts the key itself. WinSCP's internal mechanism cannot convert encrypted keys to its own format and therefore fails.



To use the keys in WinSCP, we need to decrypt the key first and then use the built-in WinSCP converter.

  1. Copy the private key to a machine with OpenSSL installed
  2. Decrypt the key content using the following command:
    openssl rsa -in [original.key] -out [new.key]
  3. Import the key into WinSCP. When asked to convert, answer yes.


If the password for the key is missing, create a new one. You cannot decrypt the key if you do not have the password.

Additional resources:

Installing OpenSSL on Windows 10 and updating PATH