This question already has answers here:
"Invalid privatekey" when using JSch
(9 answers)
Closed 3 years ago.
I created a new key pair using ssh-keygen and added the public key on the server. Using sftp -i private_key_file user#server I can successfully open a connection to the server and put files.
However, when I try to use the Ant scp task I receive:
com.jcraft.jsch.JSchException: invalid privatekey: [B#5e9d5728
The relevant part of the Ant script:
<scp file="local-file.zip"
trust="true"
sftp="true"
todir="user#server:/dir/to/put/files"
keyfile="private_key_file"
verbose="true"/>
Does anyone have an idea ?
Looks like in recent OpenSSH versions (I have 7.9 installed in my F29) ssh-keygen generates a slightly different key format
which starts now with:
-----BEGIN OPENSSH PRIVATE KEY-----
instead of:
-----BEGIN RSA PRIVATE KEY-----
I have version 1.50 of JSch installed, which does not like the new format.
Using -m PEM option during key generation solved my issue:
ssh-keygen -t rsa -m PEM
Found the solution in this thread: Invalid privateKey when using JGit and JSCH.
Thanks and credits go to Natan and Roman Vottner !
(Not sure if there also is a new version of JSch available that will accept the new key format.)
Related
I've created an encrypted singularity container using the PEM file encryption method (paragraph 3.3 of the documentation). But when I try to run it I get an error message :
FATAL: Invalid encryption private key: asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey #2
Any hint on what goes wrong ?
Thank you,
Michal
I can think of two issues that could cause the error message: (1) the keypair should be generated with -m pem option to have the pem format and (2) the keypair should not have password protection I dont think it is supported by singularity at this point in time.
The issue lies in an OpenSSH update (version 7.8). Thats why some people have this problem and some don't.
To cite the release notes: write OpenSSH format private keys by default instead of using OpenSSL's PEM format
So the correct command to generate the keys should be ssh-keygen -t rsa -b 4096 -m pem -N "" -f ./rsa
By adding the -m pem you get the key in the correct format.
More here: https://github.com/hpcng/singularity/issues/6007
I'm having troubles connecting my Workbench through SSH using my password protected key, I don't know where I have to put my password key in Workbench, it tells me "Access denied for 'none'. Authentication that can continue: publickey".
I have my credentials correct (I can connect via terminal SSH using the same user) so it makes me think that is because my ssh key is protected by password.
Where do can I put my password in Workbench?
I just came across this issue. I had a key to access an old VPN that worked since 2016.
Now I changed servers and decided to create a new key, which works fine on terminal but MySQL Workbench would give me the same error as you're getting. I copied the old key to the new server and it worked fine on the Mysql Workbench which I couldn't understand.
Comparing both keys I noticed that the old key starts like this:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info:
whereas the new key don't contain those two first lines. Then after researching a bit I learned that you have to generate the key in the PEM format in order to have those two lines at the header, so the command to generate has to include the -m PEM option and should look like this:
ssh-keygen -m PEM -t rsa -b 8192
Now Mysql Workbench works fine with that key. =]
Just want to leave it here, so the link to the solution won't be lost.
I have a private 4096-byte RSA key (probably it was generated using this guide https://help.github.com/en/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
I've got an error while trying to establish a new connection through an ssh tunnel using DBeaver (6.1.2).
invalid privatekey: [B#540.....
So at first I've found this solution: https://github.com/rundeck/rundeck/issues/4813#issuecomment-492358649 But I didn't really want to recreate my key, cause it was already in use on several servers.
After an hour of googling I've found another suggestion: to use another SSH implementation via the sshj extension: https://github.com/dbeaver/dbeaver/issues/3917#issuecomment-410616717 It can be installed via the built-in package manager: Help -> Install New Software -> https://dbeaver.io/update/sshj/latest/ And it works great!
This error is due to the format of the SSH private key. By default, ssh-keygen is creating a private key using the OpenSSH format—with this header:
-----BEGIN OPENSSH PRIVATE KEY-----
But DBeaver only accept keys using the older PEM format—with this header:
-----BEGIN RSA PRIVATE KEY-----
You can either generate a key directly with the correct header using:
ssh-keygen -t rsa -b 2048 -m PEM
Or you can convert an existing key (careful! this overwrite the existing key, you can just copy the private key and apply the command on the copy):
ssh-keygen -p -m PEM -f id_rsa
There is an open issue on DBeaver's GitHub.
The above suggestions didn't help for me. But in the latest versions of DBeaver, you just have to update implementation to SSHJ, under Advanced settings:
That worked for me!
I got the SSH Tunnel to work on
DBeaver Community Edition Version 7.3.4.202101310933
macOS Catalina version 10.15.7
by doing the following:
in shell:
create private 4096-byte RSA key at default location ~/.ssh/id_rsa using
ssh-keygen -t rsa -b 4096
in DBeaver:
click Help > Install New Software
click Add ...
enter Name: SSHJ
enter Location: https://dbeaver.io/update/sshj/latest/
click Next and go thru the entire SSHJ installation process
(I failed to do this on my first attempt)
click Save
click Restart DBeaver
on SSH Tunnel tab of Connection Settings
use Authentication Method: Public Key
use Private Key: ~/.ssh/id_rsa
(OpenSSH NOT PEM, as others have advised)
enter Passphrase
select Save Password
select Implentation: SSHJ
click Test tunnel configuration
modal dialog is displayed that says
Connected!
Client version: SSHJ_0.27.0
Server version: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
click OK
I'm trying to setup a release pipeline to copy files over to a linux server via ssh. However when I try to run the release I get the following error during the copy task:
Failed to connect to remote machine. Verify the SSH service connection details. Error: Cannot parse privateKey: Unsupported key format.
I've tried generating the key multiple times with ssh-keygen -t rsa and uploaded or copied the contents of the private key directly into the Private Key text area in the service connection. All to no avail.
It seems like I'm missing something simple as I can't find much mention of others having issue with this.
According to this issue description one should disable preview features of service connections in Azure DevOps. Then edit your SSH Service connection and instead of pasting key source it should possible to upload a key file. This way there is no Cannot parse privateKey error.
Please use ssh-keygen -m PEM -t rsa -b 2048 to generate your keys (the PEM format is required). Additionally, when I didn't specify bits with the -b option Azure told me the key file was too long.
i have my access key, secret key, and the downloaded cert pem file.
i understand SSH requires a private key file in order to establish a terminal SSH connection to my instance.
what i did find through Google is that i need to use puttygen to convert my cert pem file into a private key file:
http://www.techrepublic.com/blog/datacenter/connect-to-amazon-ec2-with-a-private-key-using-putty-and-pageant/5085
however, all the instructions i found are based on a GUI puttygetn and i only have the CL version because i am running Linux Fedora 16 on my laptop. i did yum PuTTy, which came with a GUI but puttygen only has a CL version. what i tried to do in puttygen is as follows:
>puttygen cert-***.pem -o default.pem
puttygen: error loading `cert-***.pem': file does not begin with OpenSSH key header
can anybody point what i am doing wrong and how i can use CL puttygen to convert my cert file to a private key file that is usable by SSH to connect to my instances?
thanks in advance
If you are running Linux at the command line, why are you needing to make a ppk with puttygen? Basically the keypair you get from AWS IS in pem format suitable for using in ssh command line.
So if you saved your .pem file from Amazon as /path/to/aws.pem, all you need to do is
ssh -i /path/to/aws.pem user#hostname.com
The ssh private key is completely different from the X.509 certificate and private key. It's a little confusing because folks often save the ssh private key generated by EC2 in a ".pem" file just like the cert and pk use.
You can't convert or use the X.509 certificate or private key for ssh as you tried to do.
You can generate an ssh private key (sometimes called a "keypair") through Amazon EC2 on the AWS console or through the AWS command line tools (ec2-add-keypair). If you are using Putty, you may still need to convert to PPK format as your referenced article describes, but you are converting the ssh key .pem file, not the X.509 private key or certificate.
If you know how to generate your own ssh key locally (or have already done so) then I recommend doing this and uploading the ssh public key to EC2.
When you run an EC2 instance, you then specify the ssh keypair name so that EC2 makes the ssh public key available to the instance, letting you securely ssh in to your new server.