No suitable authentication method found to complete authentication (publickey)

There is a ticket with a similar issue, but its solution isn’t one I can apply (allow authentication by password).
I have a server (called nas in this post) which is configured with the public keys of clients allowed to deposit files there. This allows me to have sessions such as this one below, from the Windows command prompt:

sftp michael@nas
Connected to nas.
sftp> cd /some/path
sftp> put some-file
Uploading some-file to /some/path/some-file
some-file 100% 366 0.4KB/s 00:00
sftp> bye

Duplicati supports the SFTP “Storage Type” and I was hoping it might work as in my manual example. But I get the following error:
Failed to connect: No suitable authentication method found to complete authentication (publickey).
I think I read somewhere that it is possible to configure Duplicati to use the publickey method. I had assumed that it would just find private key files in the .ssh folder in my home directory. Maybe this isn’t a common convention in Windows? How else does the sftp command line utility just work? How do I tell Duplicati to use a particular key file? Maybe I don’t understand authentication by public/private key pair.


Web UI is browser-accessed and might even be a different user, so home directory concept works poorly. Duplicati does know its own home directory, but it’s probably not yours, as it would be on a command line.

SFTP (SSH) in the manual suggests the following, but I don’t personally tend to run such a configuration:

Points to a valid OpenSSH keyfile. If the file is encrypted, the password supplied is used to decrypt the keyfile. If this option is supplied, the password is not used to authenticate. This option only works when using the managed SSH client. This key may need to be in PEM format, e.g. created with ssh-keygen -m pem, if Duplicati reports an error like openssh key type: ssh-rsa is not supported.

If you set this up on the Destination screen and it vanishes on next job edit, try the Options screen instead.

Thanks. I tried to make option --ssh-keyfile work for me. So far to no avail. The documentation has this curious warning This option only works when using the managed SSH client.. But, for the life of me, I cannot find any information about this managed SSH client I am supposed to use.

That is a really old (10y+) reference to a time when the SSH backend could either use the C# SSH client (aka the managed client) or the SSH binaries on the system (aka the native client). This has not been possible for many years, but the message has not been updated.

Do you get any error messages?

1 Like

Good! I was hung up on the managed SSH client. :slightly_smiling_face:

I had a good one and I was going to reproduce it so I could show it here. But, it didn’t reproduce and the backup succeeded! So, well done Duplicati! :star_struck:
I must have made a mistake before. Instead, I’ll copy here the winning config for posterity and other intents and purposes:

  • Storage Type:_____SFTP (SSH)
  • Server and port:___michael@nas 22 - user name required here because of my NAS setup
  • Path on server:____/path/to/backup
  • Username:________michael - required by Duplicati although my key isn’t encrypted
  • Password:________(blank) - again, because, the key isn’t encrypted
  • Advanced options
    • ssh-fingerprint:___ssh-ed-etc… - Duplicati made me fill this in
    • ssh-keyfile:_____C:\Users\me\.ssh\id_rsa.pem - that is the crucial option

Thank you very much.

1 Like