View Single Post
Old 12-13-2017, 10:11 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 942
Originally Posted by JaTu View Post
Yes, adding the public-part of the key solves the problem. Thank you!
Good to hear.

Originally Posted by JaTu View Post
Since there is no mathematical requirement for both parts of the key to exist on the same machine, and no other SSH-client to my knowledge requires that, the guy who wrote import/export-tool to SecureCRT didn't bother transferring the public keys either.
Sometimes it feels good to rant, doesn't it?

To be fair, our development team consists of both guys and gals, and there are times that the assumptions we make don't turn out to be sufficient for 100% of possible usage scenarios. We admit that we're not perfect, and we appreciate the opportunity to resolve problems that arise in our products.

We've created several bug reports related to the behavior you've seen and we'll gladly offer you newer versions that we hope will resolve this problem.

Originally Posted by JaTu View Post
But it seems, that on my old machine, the public keys are all there.

It was couple years back, when I first used ECDSA-keys with SecureCRT and I must have somehow figured that out back then, but I have no recollection of ever doing that.
Older versions of our client products required both the private and the public key file to be located in the same directory. While not mathematically required, this route was seen as an efficiency where the public key would already be available so it would not have to be mathematically extracted every time a publickey authentication attempt was made.

Newer versions of our clients still prefer to have the .pub file available; so, if a .pub file doesn't exist, SecureCRT attempts to extract the public key into a corresponding .pub file. It's this action that, for ecdsa key types, was failing and generating the not-so-helpful and altogether misleading error message you were seeing.

Originally Posted by JaTu View Post
  • Add tracing about private key, especially if something fails
  • Re-visit the ECDSA-usage, drop the public-key requirement
  • Make sure import/export is capable of transferring all the required information and files
  • Finally: Make some sense to the error message when ECDSA-key cannot be used!
All the suggestions except for your first one are included as part of the incidents I've already created for our development team to investigate.

Regarding your request to add tracing about the private key, especially if something goes wrong, what specific information do you think would be most helpful for you to see?

Jake Devenport
VanDyke Software
Technical Support
YouTube Channel:
Reply With Quote