I am getting this error when trying to save the backup configuration
Load key "/conf/backup/sftp/identity": error in libcrypto opnsensesftp@sftp.taznet.home: Permission denied (publickey,password)
Saved settings, but remote backup returned no files.
SFTP connects and works just fine from the Shell.
I remember this being a problem back in the early part of the year but I cant find any posts about it.
Any idea's?
Thanks
Bump
Did you get a solution to this?
I just recently rebuilt the server that was hosting the SFTP, and now I'm getting this error when I try to test the SFTP configuration.
I don't know whether it was working or not before. I know it was successfully saving files before (as does this test), but I don't know if it was ever not getting a list of files on the remote server.
Quote from: EvilAchmed on July 10, 2025, 06:15:04 PMLoad key "/conf/backup/sftp/identity": error in libcrypto opnsensesftp@sftp.taznet.home: Permission denied (publickey,password)
Can you login manually using this private key, from a shell?
Search for "error in libcrypto Permission denied", that pops up: https://stackoverflow.com/questions/75163621/error-in-libcrypto-on-github-actions-ssh-command .
Is the structure of the 'identity' file correct?
I figured out the issue by adding some debug logging to Sftp.php
If it's okay, I can create a pull request tomorrow - unless it's urgent and someone else needs to get to it sooner.
So, the issue is when the backup files are created remotely, they're named in all lowercase.
However, when the "fileprefix" is made for finding files based on the hostname, the search pattern is not made to lowercase.
Long story short, with this issue, if anyone's hostname has capital letters in it (which maybe isn't common) AND they are configured to include the hostname in the backup config filename, then it will never find the files when it runs the "ls" command in sftp.
Edit:
I should clarify, I didn't read the full post. My above is the solution to the "remote backup returned no files" error. Not to the identify key/permission issue.
Quote from: rkubes on July 16, 2025, 08:31:17 AMI should clarify, I didn't read the full post. My above is the solution to the "remote backup returned no files" error. Not to the identify key/permission issue.
Different issue but a good find nonetheless! Thanks for that, I tested it and you are right.
I usually don't include the name but it contains uppercase characters and include the hostname showed the same issue.
I don't believe the issue is related to the hostname—as mine is all lowercase, so that shouldn't be a factor. If memory serves, this may be a permissions issue, though I'm not entirely certain.
Here's what I've verified: I generated the SSH key on OPNsense and uploaded it to the SFTP server. From the OPNsense command line, I'm able to successfully initiate an SFTP connection to the server, which confirms that the SFTP configuration itself is sound.
However, when I attempt to save these settings through the UI, I receive the following error:
Load key "/conf/backup/sftp/identity": error in libcrypto opnsensesftp@sftp.taznet.home: Permission denied (publickey,password)
Thanks again for your help!
How did you generate the SSH key on OpnSense? Just via the command line using ssh-keygen? In that case, it will be stored into /root/.ssh/identity, if you do not specify otherwise.
The web UI needs it to be setup correctly by pasting the key which looks like:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
...
eQ69Cx/pRf8kqkgLOr/YAAAACXJvb3RAYmxvYgECAwQ=
-----END OPENSSH PRIVATE KEY-----
into the SFTP settings. That in turn will create the /conf/backup/sftp/identity with the correct contents.
meyergru,
Thanks for the message. I checked and it looks like I was putting the wrong entry in the SSH Private Key section on the OPNsense SFTP backup section. Grabbed the Private key from /root/.ssh and inserted it into the SFTP backup section and boom, connected and transferred the config like a champ.
Thanks for the assist.