What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How can I use private keys for my SSH sensors with PRTG?

Votes:

0

Your Vote:

Up

Down

I have several devices I want to access via SSH using the SSH sensors of PRTG. In the device settings, section Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems, I want to paste a Private Key. Which format do I need and how does this all work?

credentials help howto linux private-key prtg putty ssh unix

Created on Feb 29, 2012 3:14:31 PM by  Daniel Zobel [Product Manager]

Last change on Jul 15, 2019 6:55:44 AM by  Maike Guba [Paessler Support]



3 Replies

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies as of PRTG 22.x.76


How to use a private key with SSH sensors in PRTG

SSH sensors in PRTG require credentials for Linux/Solaris/macOS (SSH/WBEM) systems. You can either use a password or a private key to authenticate against the corresponding system. If you want to use a private key, make sure that you meet the following requirements:

  • Provide the key in OpenSSH PEM format.
  • The key may not be encrypted. PRTG does not support password-protected keys.
  • The key must be an RSA, ECDSA, or ED25519 key. PRTG does not support DSA keys.
  • When you provide an unencrypted RSA private key in OpenSSH PEM format, copy the entire key, including the lines -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- or -----BEGIN OPENSSH PRIVATE KEY----- and -----END OPENSSH PRIVATE KEY-----

For more information, see Monitoring via SSH.


In this article, we show you how to convert your existing PuTTY RSA key with PuTTYGen to use it with PRTG.

Preconditions:

  • An already generated private key.
    Note: If you want to use a newly created RSA private key, use the following Linux command and use the created key directly:
    ssh-keygen -t rsa -b 4096
  • A corresponding public key that already exists on the target system. The key is usually stored in the user’s /.ssh/authorized_keys file.

Note: You can also use PuTTYgen to generate a private/public key pair for your systems. For more information, see Generating an SSH key pair using PuTTY.


Step 1: Prepare your existing PuTTY private key

  1. Save your existing PuTTY private key in a text file named mykey.ppk.

Step 2: Download and install PuTTYgen

  1. Go to the PuTTY Download Page.
  2. Download and install the correct installer or binary files.

Step 3: Load your key file in PuTTYgen

  1. Open the PuTTY Key Generator.
  2. Click Load.
  3. Navigate to the directory where you have saved the mykey.ppk file in Step 1.
  4. Load your mykey.ppk file.

You will see the following success message:


Click to enlarge.


Step 4: Export as OpenSSH key file

  1. To export your key file as OpenSSH key, make sure that you leave the Key passphrase fields empty (1), click Conversions (2) and select Export OpenSSH key (3).

    Click to enlarge.
  2. Confirm the warning message by clicking Yes.

    Click to enlarge.
  3. Save the key to a file named mykey-openssh.txt.
  4. Open this file in a text editor and make sure that there is no line such as: Proc-Type: 4,ENCRYPTED

Important: If there is a line like the one above, the key is in encrypted format and does not work with PRTG.

A correct key looks like this, for example:

-----BEGIN RSA PRIVATE KEY----- MIICWQIBAAKBgGtej3xoYJUrmRvH2/2cQhbIrdwC4+6owbXZCbIoaCSgNf+tl5eZ 848pDe/EcbADdOA+a7E5El3+8k0grjZiFwpjJFgGZgYvdvRyl1rdvYu7l27Qa9OU […] glYyWqk94+bYvo0CQDx8uMBf2Wlc5iKIIlrrEF34eaOg5KWgdb2+SNwl50QxFwW1 r8CUeSuYOykI2PiNU0brMAMgWe68t4HHWWe7ngA= -----END RSA PRIVATE KEY-----


Step 5: Enter your OpenSSH key in PRTG

  1. Open the mykey-openssh.txt file that you have created in Step 4 and copy it including the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- or -----BEGIN OPENSSH PRIVATE KEY----- and -----END OPENSSH PRIVATE KEY----- lines.
  2. Open the settings of the parent object of the sensors in the PRTG web interface. Navigate to section Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems and set Private key as Authentication Method.
  3. Paste the entire key, including the BEGIN and END lines in the Private Key field.
  4. Click Save to your settings.

Note: Once pasted and saved, the private key is shown as:

***************************

Important: If you replace an existing key, you must restart the PRTG core server service for the private key change to take effect. You can restart services in the PRTG web interface under Setup | System Administration | Administrative Tools.


You can add SSH sensors and use them to query monitoring data.

More

Why do my SSH sensors show encryption errors?

Created on Mar 1, 2012 12:50:56 PM by  Daniel Zobel [Product Manager]

Last change on Jun 29, 2022 8:09:46 AM by  Brandy Greger [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Is it possible to use this Sensor with Password AND Keyfile?

Created on Jul 4, 2017 12:46:10 PM by  Michel Power (0) 2



Votes:

0

Your Vote:

Up

Down

Hello Michel,

No, either keyfile or password. Both is not possible.

Best,
Sebastian

Created on Jul 6, 2017 11:19:08 AM by  Sebastian Kniege [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.