Symptom:

When a SSH key pair is created within GoAnywhere MFT and then exported, it cannot be used inside WinSCP as it errors out when trying to set the key.

 

 

Cause:

The private key created by GoAnywhere is protected by a password that encrypts the key itself. WinSCP's internal mechanism cannot convert encrypted keys to its own format and therefore fails.

 

Solution:

To use the keys in WinSCP, we need to decrypt the key first and then use the built-in WinSCP converter.


  1. Copy the private key to a machine with OpenSSL installed
  2. Decrypt the key content using the following command:
    openssl rsa -in [original.key] -out [new.key]
  3. Import the key into WinSCP. When asked to convert, answer yes.


Important: 

If the password for the key is missing, create a new one. You cannot decrypt the key if you do not have the password.

Additional resources:

Installing OpenSSL on Windows 10 and updating PATH