the keys generated by puttygen are not directly usable for SSH

Correct. But PuTTYgen, the key generator, part of PuTTY, can also convert PuTTY keys to other formats. The format of the PuTTY keys is documented in https://the.earth.li/~sgtatham/putty/0.82/htmldoc/AppendixC.html, so you could extract all required data and convert to other formats in a different tool.

Alexander

I have now changed the key-files.

Public-Key:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCV5LKBeYj97VRCpS0JDzErTSIMV1xjaV
+laNotc1kphN7QEWMT1WDWKtYlSIBFxQoAfavKfXHsVR/ugvjuYrbjee6IxiU3r43TT+en
+udXpklfLwzv8fibLy0c1pLepyPzxBGSNN2FL+Z+BnGjBprxr+b0x/Q5xLulB8KEZPWGhY
+Pu1seV5ShVQDEvAoHiTj4sixv07u4OCyveSSrIv+gdAEZAObb589eC5IsBGc/LSJnL9DC
+FeqNbUsZ9eGNUw+pD+KtEaUwsyWPr39sb1wnZOB1IstnLWGX5Baa/TgqsyJv+zt6PfCai
+zj7gKZklJdoUXaeQkeEnGj/Th0W3hzMSrp rsa-key-for-test-purposes
[download]

Private-Key:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAleSygXmI/e1UQqUtCQ8xK00iDFdcY2lZWjaLXNZKYTe0BFjE
9Vg1irWJUiARcUKAH2ryn1x7FUf7oL47mK243nuiMYlN6+N00/np7nV6ZJXy8M7/
H4my8tHNaS3qcj88QRkjTdhS/mfgZxowaa8a/m9Mf0OcS7pQfChGT1hoWD7tbHle
UoVUAxLwKB4k4+LIsb9O7uDgsr3kkqyL/oHQBGQDm2+fPXguSLARnPy0iZy/QwhX
qjW1LGfXhjVMPqQ/irRGlMLMlj69/bG9cJ2TgdSLLZy1hl+QWmv04KrMib/s7ej3
wmos4+4CmZJSXaFF2nkJHhJxo/04dFt4czEq6QIDAQABAoIBAHTpnWWpkvVkIH2e
8gKH6/T3Q6BWn4QWjo/zzT2LExbC6NEfH/ixZYmcUNBSnOg3U1GuDDHKY2JU8+oL
ltZeYbx+uCJlEvbzQZN48UKCNQWxg3zaJ1nFAGOuysXH/34+3lN0NPopyYoPIZOp
dKtp3ecojoURCh5y4wYEL9sBfNmegK7h71DTI9nmtyEhGBZ7WqgPlXhO2HG4HciK
ouAuQy6j2aWmbIOj0lXxgw/DOzffDrtAv5lj9tiOv9MMubKxOueks3+Nl1jGSahT
kuliy1rBgE/+bwxdjkS+seHwxa307MQMfS04YwqGlNNJvRw3qeQFGK85lCIYTWWp
JJhRe/UCgYEA1gxjSF0BzWv/dbZwlDbFYAHfw8mYArWXYFI6XHvOJd+MG8sfuS8t
uxRK5NYk6TWcTB+DSJAP7ve+5xtgCHUs96copdBOTTlL4wBNiUmee8n0nTozE2XS
EGKFRRpCarWQhk7Do/vl5PYym+m2emZ/TYj2RMtZPXAc01gaWhJcOVMCgYEAs0Vo
8bECrGlHbWdYWdWeSsvlvvXOXBsBjJZDV7JVVbuJmiZ7P4P5lDwA2OT11opxkfO/
+vGaoKMe+oPCvvwO7b0D0nd5jmP/NVK7zfY9J5DyhPAom5FJl3R2ljXdepcgzwBB
yEF33VI96nszWTXJD3FFuXLrWTG50zGql+cnd1MCgYAbOdgnDC1+g44q2tnXAGB6
pcJglPPQ5GgsyEjEGrtN9fFMV7nhRC787MfZ86MeRsNqq1d3k1tzee++Va0RZlYh
6hExhh1vlSoh5Zf3LnYKKNYEabK1dO4TR3TMJVrtV8raSop4AUJsrSQi0Md1KjRn
GFS6y2K+fdQszbgMXOl+IQKBgE2u4zXwfXcWu+P1p3xuLAS/bFQekgipjzdLmezz
kzTuakdJK5kvaERK6BcUyE7qeSJE3MkyTs4TQYZO+GHoOdPdVz2plhwUyu9hZY5v
iLqPffgLVZ1sDNa7mfOnbc0Eliv9MYREkltumvPz5SFgRDsT26Hr4X4qJRsWZ5Uh
jqGPAoGBAIruWGp8FyOBMfjGB69yp5OqKUzGkCGa6tHqoeGpLoQmrPbNNsUGYjcH
nHFjMWA2abdPsZYh3Fk/SVdrqinuE8r6xQ0IZfIp5cBCaJkYvfNvZkODbPd/hKGE
3BaNiDkQP6W9fZO9aWOF/iBUQd52QThXMdx5EoDh6+gUl1OASVBE
-----END RSA PRIVATE KEY-----
[download]

But I get the error:

When trying the same connection via ssh-command from the shell, it works!

Any additional hints?

This sounds like it is an authentication error from the remote end. Somehow, the remote end thinks that "you" ($ENV{USER}) are not the one connected to the public+private keypair.

Maybe $ENV{USER} is different from your expectations, or your program does something wrong.

I would look at what ssh does by connecting using ssh -i ~/.ssh/the-new-private-key -v -v -v and comparing that with my expectations, and very closely comparing that with the output of your program with $ssh2->trace(-1);.

It looks like, libssh2 is compiled without trace. So there is no trace information when running the script. Anyhow. The shell output says:

OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.c
+onf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ava
+dmin/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/av
+admin/.ssh/known_hosts2'
debug2: resolving "f42240te" port 22
debug3: resolve_host: lookup f42240te:22
debug3: ssh_connect_direct: entering
debug1: Connecting to f42240te [192.168.1.100] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file .ssh/t_zertifikat_t_test_openssh.key type 0
debug1: identity file .ssh/t_zertifikat_t_test_openssh.key-cert type -
+1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
debug1: Remote protocol version 2.0, remote software version lancom
debug1: compat_banner: no match: lancom
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to f42240te:22 as 'newroot'
debug3: record_hostkey: found key type ED25519 in file /home/avadmin/.
+ssh/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/avadmin/.ss
+h/known_hosts:6
debug3: load_hostkeys_file: loaded 2 keys from f42240te
debug1: load_hostkeys: fopen /home/avadmin/.ssh/known_hosts2: No such 
+file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
+ directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file o
+r directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-
+ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org
+,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x2
+5519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-h
+ellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-gr
+oup14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sh
+a2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh
+.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01
+@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512
+-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,e
+cdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed2
+5519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-
+sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-
+ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-
+ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hm
+ac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-e
+tm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
+,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hm
+ac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-e
+tm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
+,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group14-sha256,diffie-hellman-g
+roup16-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256
+,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,c
+urve25519-sha256,curve448-sha512,sntrup761x25519-sha512@openssh.com,e
+xt-info-s,kex-strict-s-v00@openssh.com
debug2: host key algorithms: ssh-ed448,ssh-ed25519,ecdsa-sha2-nistp256
+,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: aes256-gcm@openssh.com,aes128-gcm@openssh.com,ch
+acha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: aes256-gcm@openssh.com,aes128-gcm@openssh.com,ch
+acha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@opens
+sh.com,hmac-sha2-256-etm@openssh.com
debug2: MACs stoc: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@opens
+sh.com,hmac-sha2-256-etm@openssh.com
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
+ <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
+ <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:tp83MDA3OfhZO/mehm31fDcjuJ
+XaZJm8u7qt6SjC7lM
debug3: record_hostkey: found key type ED25519 in file /home/avadmin/.
+ssh/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/avadmin/.ss
+h/known_hosts:6
debug3: load_hostkeys_file: loaded 2 keys from f42240te
debug1: load_hostkeys: fopen /home/avadmin/.ssh/known_hosts2: No such 
+file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
+ directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file o
+r directory
debug1: Host 'f42240te' is known and matches the ED25519 host key.
debug1: Found key in /home/avadmin/.ssh/known_hosts:5
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .ssh/t_zertifikat_t_test_openssh.key RSA SHA
+256:Gh84ZfAUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed448,ssh-ed25519,ecd
+sa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512
+,rsa-sha2-256>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password,keyboard-interacti
+ve,publickey
debug3: start over, passed a different list password,keyboard-interact
+ive,publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/t_zertifikat_t_test_openssh.key RSA 
+SHA256:Gh84ZfAUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: .ssh/t_zertifikat_t_test_openssh.key RSA S
+HA256:Gh84ZfAUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU explicit
debug3: sign_and_send_pubkey: using publickey with RSA SHA256:Gh84ZfAU
+IrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:Gh84Zf
+AUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to f42240te ([192.168.1.100]:22) using "publickey".
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: filesystem
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env SHELL
debug3: Ignored env HISTCONTROL
debug3: Ignored env HISTSIZE
debug3: Ignored env PWD
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env MOTD_SHOWN
debug3: Ignored env HOME
debug1: channel 0: setting env LANG = "de_DE.UTF-8"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env TERM
debug3: Ignored env LIBVIRT_DEFAULT_URI
debug3: Ignored env USER
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env PS2
debug3: Ignored env PS1
debug3: Ignored env SSH_CLIENT
debug3: Ignored env PS4
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PATH
debug3: Ignored env HISTFILESIZE
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env SSH_TTY
debug3: Ignored env OLDPWD
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 65280 rmax 16384
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
[download]

Although - this does not tell me very much! Probably there is something incompatible others can identify!

Regards Kallewirsch

I hope this is not the actual private key you are using but just an example!

Publishing your private keys is a bad idea. Heck, even insufficient randomness in key generation can compromise your systems and your private data.

Never publish a private key you are actually using. If you need to have a keypair for an example or similar, generate a new one and never actually use it in anything else than that example source code. Better yet, ONLY provide the command line for the users to generate their own pair, something like this:

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 36500 -nodes -ou
+t exampleserver.crt -keyout exampleserver.key
[download]

Or, in the case of openssh:

ssh-keygen
[download]

PerlMonks XP is useless? Not anymore: XPD - Do more with your PerlMonks XP
Also check out my sisters artwork and my weekly webcomics