Overview
For my current project, I needed to connect to a remote server via Secure File Transfer Protocol (SFTP) using a username, RSA private key, and passphrase. The goal was simple: read files from a remote folder and download them locally.
Using SFTP to connect to remote servers and exchange files might seem a bit old-school, but trust me in the financial sector, it’s still surprisingly common.
I’d recommend using SSH.NET for this it’s one of the most popular SSH libraries for .NET and it’s available on NuGet.ect to a secure FTP server (SFTP)
More info about SSH.NET here.
Connecting to the server
Once installed SSH.NET on your project, take a look at this code:
In the first lines we’ll define the server URL and port, plus the username, the RSA certificate’s private key file, and the passphrase.
private static void SFTP_Connect_And_Download_Sample()
{
var host = "sftp_server_address.com";
var port = 999;
var username = "your_username";
var passphrase = "your_passphrase";
var privateKeyLocalFilePath = @"your_localpath\...\PrivateKeyOpenSSH.ppk";
var remoteFolderPath = "/";
var localFolderPath = @"D:\localfiles\";
var key = File.ReadAllText(privateKeyLocalFilePath);
var buf = new MemoryStream(Encoding.UTF8.GetBytes(key));
var privateKeyFile = new PrivateKeyFile(buf, passphrase);
var connectionInfo = new ConnectionInfo(
host, port, username,
new PrivateKeyAuthenticationMethod(username, privateKeyFile));
using (var client = new SftpClient(connectionInfo))
{
client.Connect();
var files = client.ListDirectory(remoteFolderPath);
foreach (var file in files)
{
Console.WriteLine(file);
using (var targetFile = new FileStream(
Path.Combine(localFolderPath, file.Name), FileMode.Create))
{
client.DownloadFile(file.FullName, targetFile);
targetFile.Close();
}
}
client.Disconnect();
}
}Note: Make sure to use the full path for your privateKeyLocalFilePath variable.
The key part here (line 7) is creating a file that contains the private key. I’d suggest using FileZilla or a similar tool to test the connection first and save the key to a file. Your file should look something like this:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key-KBL-20171006
Public-Lines: 6
AAB3NzaC1yc2EAAAJQAAAQEAnHp1CA4xF04ZdOQ/rsxJoW9fPJ2RD
FgMNVIqsUsjeRbIoZ2y8SMD9b7MMB0lpKXgJ2dYDgOnh2q
j4VTpEoI2JWh4NdQgSH0O+2oLmQnwgDPT7Kva095ggEQiqScX4+31aY02/nz
mK86sxq/sUsW/UqgS+pPViRQLVzDXFf8XIYSSZngmV+Rk108BQ==
Private-Lines: 14
khHfZWB0vBIFtKc4s98xGDFhwZNJQByUTtE7um0tcU4cwy1QTPf3GIuN
vyhHxIGx3LBtFJqzbZVJtOJVSYjkBTGbNc62D0uJCxYVf8PUUStI6GbOkkyDW/Vt
beWZ3s/DugsImjcbPxdEz/2X86uzd5U5v4/wGKQr8GWJtNksMcJ
k7JgRYGA/t0cSE2980MxhZOBg2Gn7+0A6mWgSf2Rr7hpcqsou1
hmc1HYtN7Oj4WT7hvRt8ZAC3/ekTdJ4K3K7vKglSHoQ
tnimHaanJHz4RGBb78Alllk+OYk3TN0Etcwod3401cLpjYYeq6veZLA/KfCHuiJ+
+Zqoy//NY9egfXd1hB0kmiemwO8wGfLS7ppS/WvPOknW9I8SNMllR1vmO3Hk6S3x
KfAG03ZWNoKDLvAIUllNyMpf9p8oKLF2ny4bJKsfNtr4Y0ejQJUFkC
uNz1S4VJ8j1fRcIjx4yT121B9BDfp486RUmnEgsOFEtmVyHPfNxYzDXq2MjTf4l/
MI5cKWHrDbDC/Cu3YvkF3gekLAb/j9Cie/feHmSnbuZ2VEr6zUt10yaH4hPejCOw
FYDZb0I8xxxWJZ6BbpLWDqeD0Oiss8UnDhha/iKvodA9LIG0T
VRlScvGvuzClGYkc7UIWIoARvdxp46YlGMu4mWGeVkNcrxXnmUkdKyNqGjAGJoK/
Private-MAC: d288fffe72914eb62ed60a7e50fd8ce775Bonus (trick)
I spent way too much time troubleshooting this, getting SSH exceptions about “Invalid private key file” even though the same key file worked perfectly in FileZilla. What the heck was going on? 🤔
Turns out the private key needs to be compatible with SSH.NET specifically. So, you’ll need to convert it using PuTTY Key Generator (the same tool you probably used to create the certificate). Once you have it open in PuTTY, just export your key to OpenSSH format and use that new .ppk file instead of the previous one.
When you open the converted file, you’ll notice it now starts with:
—–BEGIN RSA PRIVATE KEY—–And ends with:
—–END RSA PRIVATE KEY—–Now you’ve got a valid SSH private key that should work like a charm! 🎉
Hope this helps you out!
Resistance is futile.