After my mac upgraded automatically, I try ssh-add fail:
>ssh-add
Enter passphrase for /Users/dan/.ssh/id_rsa:
Error loading key "/Users/dan/.ssh/id_rsa": Invalid key length
>ssh -V
OpenSSH_7.6p1, LibreSSL 2.6.2
But how can I fix this issue?
Thanks!
As per the release notes for OpenSSH 7.6:
Refuse RSA keys <1024 bits in length and improve reporting
for keys that do not meet this requirement.
So it's likely that the key you're trying to import is too short (weak). Your best bet is to generate a new key.
Related
I'm trying to make a GitClone from a Gitlab repository. I have generated a ssh key with the command ssh-keygen on my cmd:
Then i added my pub key (starting with ssh_rsa) to my Gitlab account, but whenever i try to make a gitclone, i have the following error:
Any advices? I tried to convert my key with puttygen, but still doesn't work!
The start of my pub key is ssh-rsa key..
And the private key: --BEGIN OPENSSH PRIVATE KEY--
..key..
--END OPENSSH PRIVATE KEY--
Output of ssh -v git#gitlab.(..).com
OK. i Solved the problem. Since i was using TortoiseGit to make a GitClone, this last one doesn't accepts Openssh key. Therefore, once you generate the key, you need to convert it in putty format with Puttygen. Moreover, you must pay attention to the version of the new generated key and you can change the version on puttygen on key>parameters to save key!
I've created an encrypted singularity container using the PEM file encryption method (paragraph 3.3 of the documentation). But when I try to run it I get an error message :
FATAL: Invalid encryption private key: asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey #2
Any hint on what goes wrong ?
Thank you,
Michal
I can think of two issues that could cause the error message: (1) the keypair should be generated with -m pem option to have the pem format and (2) the keypair should not have password protection I dont think it is supported by singularity at this point in time.
The issue lies in an OpenSSH update (version 7.8). Thats why some people have this problem and some don't.
To cite the release notes: write OpenSSH format private keys by default instead of using OpenSSL's PEM format
So the correct command to generate the keys should be ssh-keygen -t rsa -b 4096 -m pem -N "" -f ./rsa
By adding the -m pem you get the key in the correct format.
More here: https://github.com/hpcng/singularity/issues/6007
I can not make an ssh connection to my switch.
When start to connect I get this message.
"no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc"
For some of the switches the following works.
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes256-cbc user#192.168.x.x
But in some switch, I get the following error.
"ssh_dispatch_run_fatal: Connection to 192.168.x.x port 22: Invalid key length"
Can somebody help me to fix this?
You will need to regenerate the key on the switches because the key is too short for the newer ssh standards.Make sure your new key has at least 1024 bits.
I ran into something similar recently. It looks like the 1024 bit host key requirement is hard coded in the SSH client. I found that the version of openSSH that comes with CentOS 6.10 didn't have the 1024 bit host key requirement. In a pinch you could setup a VM on your mac. Kenny's answer is still really the correct one. The host keys should be regenerated on the device.
I'm using a tool that uses paramiko to connect via SSH to a server(s).
The tool requires me to create SSH keys, and after much trying and testing, I've arrived at this potion:
ssh-keygen -f my-key -o -t ed25519 -N ""
For reference, I'm using -o because the tool expects OPENSSH keys. The -t ed25519 is because it expects that format. -N "" is because it expects unencrypted keys.
Now, paramiko is throwing this exception:
File "/usr/lib/python3.6/site-packages/paramiko/ed25519key.py", line 152, in _parse_signing_key_data
message = Message(unpad(private_data))
File "/usr/lib/python3.6/site-packages/paramiko/ed25519key.py", line 40, in unpad
raise SSHException("Invalid key")
paramiko.ssh_exception.SSHException: Invalid key
The code that throws the exception appears to be this, but I don't know how to resolve this issue... Any ideas what this padding stuff is about?
As of September 2018 (and paramiko version 2.4.2), an Invalid key exception is raised when a passphrase fails to decrypt an ed25519 key.
You may not even realize paramiko is attempting to decrypt an ed25519 key.
For example, if an application gives paramiko an RSA key file and a matching passphrase, and the remote server rejects that RSA key, then paramiko will silently look for an ed25519 key at ~/.ssh/id_ed25519. If that key file exists, and if the passphrase you provided fails to decrypt this key, you will get the Invalid key error.
Other than deleting ~/.ssh/id_ed25519 (yuck!!), I do not know of an easy workaround.
For more details, please see:
https://github.com/paramiko/paramiko/issues/1305
Update:
I have discovered an additional bug. Any ed25519 key with a comment of certain lengths also causes the "Invalid key" exception. For details, please see:
https://github.com/paramiko/paramiko/issues/1306
Note: this is not real information:
$ ssh-keygen -t rsa -C "tekkub#gmail.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/Tekkub/.ssh/id_rsa):
ssh.txt
I entered a file name here. Not sure if I should have:
Enter passphrase (empty for no passphrase):
I am stuck here. I type and it doesn't work.
Passwords normally don't show up in the console when you type them. That is intended. Just type your password, hit enter and repeat. It will work.
That's why ssh comes with a program called ssh-agent which caches your passphrase (Okay, it actually caches the decrypted key, not the passphrase, same result). That way you can have a passphrase on your key and still not have to type it each time.