New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


How can I use private keys for my SSH sensors with PRTG?

Votes:

0

Your Vote:

Up

Down

I have several devices I want to access via SSH using the SSH sensors of PRTG. In the device settings, section Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems, I want to paste a Private Key. Which format do I need and how does this all work?

credentials help howto linux private-key prtg putty ssh unix

Created on Feb 29, 2012 3:14:31 PM by  Daniel Zobel [Paessler Support]

Last change on Jul 15, 2019 6:55:44 AM by  Maike Behnsen [Paessler Support]



3 Replies

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 13 or later, as well as to previous (deprecated) versions

How to Use a Private Key with SSH Sensors in PRTG

SSH credentials are set on device level (or above). On the PRTG device you want to use the SSH sensors on, open the Settings tab and go to section Inherit Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems. You can either Login via Password or Login via Private Key.

Note: When using a private key, it has to be in OpenSSH RSA format and may not be encrypted.


In this article, we will show you how to use your existing .ppk SSH key with PRTG, converting it using PuTTYGen. We assume that

  1. you have already generated an RSA Private Key (which currently exists in .ppk format) and
  2. there already exists a responding public key on the target system (usually in the user’s /.ssh/authorized_keys file).

Note: If you do not yet have a private/public key pair for your systems, you can use PuttyGen to generate such keys as well, but this article will not explain how to do this.

Step 1: Save Your Existing PPK Key File

Save your existing RSA Private Key in .ppk format to a text file named mykey.txt. For example, your PPK key may look like this: PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: myComment Public-Lines: 4 AAAAB3NzaC1yc2EAAAABJQAAAIBrXo98aGCVK5kbx9v9nEIWyK3cAuPuqMG12Qmy […] hlZAcQ== Private-Lines: 8 AAAAgBFpR7NPMkG0Cv2WB/+czHJlu1QcJPZE4SRoYm/q4HSkW8iYsMx51HgUfszv bGG7Xw+ba2jY0ovIelGyRcOhNCr85tYOZ8rqq2QuDBlw1H5M7VnjCpgC/z1Exwx/ […] EF34eaOg5KWgdb2+SNwl50QxFwW1r8CUeSuYOykI2PiNU0brMAMgWe68t4HHWWe7 ngA= Private-MAC: 05c421a1d5269eb8cff250445e389f00ea5c2186

Step 2: Download PuTTYGen

Go to the PuTTY Download Page, download, and execute puttygen.exe.

Step 3: Load PPK SSH Key File

In PuTTY Key Generator, click the Load button and load your mykey.txt file. You will see a success message.


Click to enlarge

Step 4: Export OpenSSH Key File

Make sure that you leave the passphrase fields empty so that the key is not encrypted during export.

Also make sure that you select an RSA Type of key. PRTG does not support DSA keys!

From the main menu of PuTTY Key Generator, select Conversions | Export OpenSSH key.


Click to enlarge


Confirm the warning message by clicking Yes.

Save the key to a file named mykey-openssh.txt. Open this file in a text editor and make sure that there is no line such as Proc-Type: 4,ENCRYPTED

If there is, the key is in encrypted format and will not work with PRTG. A correct key will look like this: -----BEGIN RSA PRIVATE KEY----- MIICWQIBAAKBgGtej3xoYJUrmRvH2/2cQhbIrdwC4+6owbXZCbIoaCSgNf+tl5eZ 848pDe/EcbADdOA+a7E5El3+8k0grjZiFwpjJFgGZgYvdvRyl1rdvYu7l27Qa9OU […] glYyWqk94+bYvo0CQDx8uMBf2Wlc5iKIIlrrEF34eaOg5KWgdb2+SNwl50QxFwW1 r8CUeSuYOykI2PiNU0brMAMgWe68t4HHWWe7ngA= -----END RSA PRIVATE KEY-----

Step 5: Enter OpenSSH Key in PRTG

Open your mykey-openssh.txt key file and copy its contents to the clipboard. Copy the entire key, including the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- lines.

In the PRTG web interface, on the device’s Settings tab, section Credentials for Linux/Solaris/macOS (SSH/WBEM) Systems, set the login method to Login via Private Key.

Then paste the entire key, including the BEGIN and END lines, into the Private Key field.

Save your settings.

Once pasted and saved, the private key will be shown as

***************************

Note: If you do not insert a private key for the first time, but change an existing private key, you need to restart your PRTG core server service for the private key change to take effect. You can restart services in the PRTG web interface under Setup | System Administration | Administrative Tools, or in the PRTG Server Administrator tool in previous PRTG versions.

Done

Your SSH sensors will now connect to your devices and query monitoring data.

Created on Mar 1, 2012 12:50:56 PM by  Daniel Zobel [Paessler Support]

Last change on Jul 15, 2019 7:08:27 AM by  Maike Behnsen [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Is it possible to use this Sensor with Password AND Keyfile?

Created on Jul 4, 2017 12:46:10 PM by  Michel Power (0) 2



Votes:

0

Your Vote:

Up

Down

Hello Michel,

No, either keyfile or password. Both is not possible.

Best,
Sebastian

Created on Jul 6, 2017 11:19:08 AM by  Sebastian Kniege [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.