I have several devices I want to access via SSH using the SSH sensors of PRTG. In the device settings, section Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems, I want to paste a Private Key. Which format do I need and how does this all work?
This article applies to PRTG Network Monitor 19 or later, as well as to previous (deprecated) versions
How to use a private key with SSH sensors in PRTG
SSH credentials are set on device level (or above). On the PRTG device you want to use the SSH sensors on, open the Settings tab and go to section Inherit Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems. You can either Login via Password or Login via Private Key.
Note: When using a private key, it has to be in OpenSSH RSA format and may not be encrypted.
In this article, we will show you how to use your existing .ppk SSH key with PRTG, converting it using PuTTYGen. We assume that:
- You have already generated an RSA Private Key (which currently exists in .ppk format).
- A corresponding public key already exists on the target system (usually in the user’s /.ssh/authorized_keys file).
Note: If you do not yet have a private/public key pair for your systems, you can use PuttyGen to generate such keys as well, but this article will not explain how to do this.
Step 1: Save your existing PPK key file
Save your existing RSA Private Key in .ppk format to a text file named mykey.txt. For example, your PPK key may look like this:
Step 2: Download PuTTYGen
Go to the PuTTY Download Page, download, and execute puttygen.exe.
Step 3: Load PPK SSH key file
In PuTTY Key Generator, click the Load button and load your mykey.txt file. You will see a success message.
Step 4: Export OpenSSH key file
Make sure that you leave the passphrase fields empty so that the key is not encrypted during export.
Also make sure that you select an RSA Type of key. PRTG does not support DSA keys!
From the main menu of PuTTY Key Generator, select Conversions | Export OpenSSH key.
Confirm the warning message by clicking Yes.
Save the key to a file named mykey-openssh.txt. Open this file in a text editor and make sure that there is no line such as
If there is, the key is in encrypted format and will not work with PRTG.
A correct key will look like this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Step 5: Enter OpenSSH key in PRTG
Open your mykey-openssh.txt key file and copy its contents to the clipboard. Copy the entire key, including the
-----BEGIN RSA PRIVATE KEY----- and
-----END RSA PRIVATE KEY----- lines.
In the PRTG web interface, on the device’s Settings tab, section Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems, set the login method to Login via Private Key.
Then paste the entire key, including the BEGIN and END lines, into the Private Key field.
Save your settings.
Once pasted and saved, the private key will be shown as
Note: If you do not insert a private key for the first time, but change an existing private key, you need to restart your PRTG core server service for the private key change to take effect. You can restart services in the PRTG web interface under Setup | System Administration | Administrative Tools.
Your SSH sensors will now connect to your devices and query monitoring data.
Is it possible to use this Sensor with Password AND Keyfile?
No, either keyfile or password. Both is not possible.