I have several devices I want to access via SSH using PRTG’s SSH sensors. In the device settings, in the Credentials for Linux/Solaris/Mac OS (SSH/WBEM) Systems section, I want to paste a Private Key. Which format do I need and how does this all work?
This article applies to PRTG Network Monitor 13 or later, as well as to previous (deprecated) versions
HowTo Use a Private Key with SSH Sensors in PRTG
SSH credentials are set on device level (or above). On the PRTG device you want to use the SSH sensors on, please open the Settings tab and go to the Inherit Credentials for Linux/Solaris/Mac OS (SSH/WBEM) Systems section. You can either Login via Password or Login via Private Key.
When using a private key, it has to be in OpenSSH RSA format and may not be encrypted!
In this article we will show how to use your existing .ppk SSH key with PRTG, converting it using PuTTYGen. We assume that
- you already have generated an “RSA Private Key” (which currently exists in .ppk format) and
- there exists a responding public key on the target system already (usually in the user’s /.ssh/authorized_keys file).
Note: If you do not yet have a private/public key pair for your systems, you can use PuttyGen to generate those keys as well, but this article will not explain how to do this.
Step 1: Save Your Existing PPK Key File
Save your existing RSA Private Key in .ppk format to a text file named mykey.txt. For example, your PPK key may look like this:
Step 2: Download PuTTYGen
Go to the PuTTY Download Page, download, and execute puttygen.exe.
Step 3: Load PPK SSH Key File
In PuTTY Key Generator, click on the Load button and load your mykey.txt file. You will see a success message.
Step 4: Export OpenSSH Key File
Make sure you leave the passphrase fields empty, so the key is not encrypted during export.
Please make sure you select an RSA Type of key. PRTG does not support DSA keys!
Then, from the main menu of PuTTY Key Generator, select Conversions | Export OpenSSH key.
Confirm the warning message by clicking on Yes.
Save the key to a file named mykey-openssh.txt. Open this file in a text editor and make sure there is no line such as
If there is, the key is in encrypted format and will not work with PRTG!
A correct key will look like this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Step 5: Enter OpenSSH Key in PRTG
Open your mykey-openssh.txt key file and copy its contents to the clipboard. Copy the entire key, including the
-----BEGIN RSA PRIVATE KEY----- and
-----END RSA PRIVATE KEY----- lines.
In the PRTG web interface, in the device’s Settings tab, in the Credentials for Linux/Solaris/Mac OS (SSH/WBEM) Systems section, set the login method to Login via Private Key.
Then paste the entire key, including the BEGIN and END lines, into the Private Key field. Save your settings.
Once pasted and saved, the private key will be shown as
Note: If you do not insert a private key for the first time, but change an existing private key, you need to restart your PRTG core server service in order for the private key change to take effect! You can restart services in PRTG's web interface under Setup | System Administration | Administrative Tools, or in previous PRTG versions in the PRTG Server Administrator tool.
That’s it, your SSH sensors will now connect to your devices and query monitoring data.
Is it possible to use this Sensor with Password AND Keyfile?
No, either keyfile or password. Both is not possible.