id_rsa.pub file SSH Error: invalid format
The IdentityFile
configuration parameter should be pointed at the private key which the SSH client uses to prove its identity to the remote server. (The remote server, then, should have the contents of id_rsa.pub
installed in its authorized_keys
file, or an equivalent location).
You should be putting the path to id_rsa
, not id_rsa.pub
, as an argument to IdentityFile
in your ~/.ssh/config
.
ssh-add id_rsa.pub generating invalid format error
ssh-agent
is an authentication agent used for verifying a user/computer using asymmetric cryptography.
The private key is "your identity" and the public key can be used to "verify" your identity. So, the private key should be known to the authentication agent (ssh-agent in your case), while the public key will be used by the remote service/server. ssh-agent only needs to know private key and not the public key.
key_load_public: invalid format
As Roland mentioned in their answer, it's a warning that the ssh-agent
doesn't understand the format of the public key and even then, the public key will not be used locally.
However, I can also elaborate and answer why the warning is there. It simply boils down to the fact that the PuTTY Key Generator generates two different public key formats depending on what you do in the program.
Note: Throughout my explanation, the key files I will be using/generating will be named id_rsa
with their appropriate extensions. Furthermore, for copy-paste convenience, the parent folder of the keys will be assumed to be ~/.ssh/
. Adjust these details to suit your needs as desired.
The Formats
Link to the relevant PuTTY documentation
SSH-2
When you save a key using the PuTTY Key Generator using the "Save public key" button, it will be saved in the format defined by RFC 4716.
Example:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "github-example-key"
AAAAB3NzaC1yc2EAAAABJQAAAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYF
i2fSBrsGcmqeb5EwgnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcp
pY0fhRSGtWL5fT8DGm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3
oMrongEjGw7sDP48ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEA
ip3mL20+qHNsHfW8hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9
tBjh7cOyuU/c4M4D6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElw==
---- END SSH2 PUBLIC KEY ----
OpenSSH
Contrary to popular belief, this format doesn't get saved by the generator. However it is generated and shown in the text box titled "Public key for pasting into OpenSSH authorized_keys file". To save it as a file, you have to manually copy it from the text box and paste it into a new text file.
For the key shown above, this would be:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYFi2fSBrsGcmqeb5EwgnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcppY0fhRSGtWL5fT8DGm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3oMrongEjGw7sDP48ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEAip3mL20+qHNsHfW8hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9tBjh7cOyuU/c4M4D6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElw== github-example-key
The format of the key is simply ssh-rsa <signature> <comment>
and can be created by rearranging the SSH-2 formatted file.
Regenerating Public Keys
If you are making use of ssh-agent
, you will likely also have access to ssh-keygen
.
If you have your OpenSSH Private Key (id_rsa
file), you can generate the OpenSSH Public Key File using:
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub
If you only have the PUTTY Private Key (id_rsa.ppk
file), you will need to convert it first.
- Open the PuTTY Key Generator
- On the menu bar, click "File" > "Load private key"
- Select your
id_rsa.ppk
file - On the menu bar, click "Conversions" > "Export OpenSSH key"
- Save the file as
id_rsa
(without an extension)
Now that you have an OpenSSH Private Key, you can use the ssh-keygen
tool as above to perform manipulations on the key.
Bonus: The PKCS#1 PEM-encoded Public Key Format
To be honest, I don't know what this key is used for as I haven't needed it. But I have it in my notes I've collated over the years and I'll include it here for wholesome goodness. The file will look like this:
-----BEGIN RSA PUBLIC KEY-----
MIIBCAKCAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYFi2fSBrsGcmqeb5Ew
gnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcppY0fhRSGtWL5fT8D
Gm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3oMrongEjGw7sDP48
ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEAip3mL20+qHNsHfW8
hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9tBjh7cOyuU/c4M4D
6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElwIBJQ==
-----END RSA PUBLIC KEY-----
This file can be generated using an OpenSSH Private Key (as generated in "Regenerating Public Keys" above) using:
ssh-keygen -f ~/.ssh/id_rsa -y -e -m pem > ~/.ssh/id_rsa.pem
Alternatively, you can use an OpenSSH Public Key using:
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pem > ~/.ssh/id_rsa.pem
##References:##
- "key_load_public: invalid format..." on AskUbuntu
- The Secure Shell (SSH) Public Key File Format
- Converting OpenSSH public keys
Git push with SSH remote error: Load key /path/to/file_id_rsa : invalid format
If the private key format differs, that means, as I mentioned here that:
- one platform is using openssh prior to 7.8, with an old PEM 64-chars per line format.
- one is using a more recent OpenSSH format, 70-chars per line.
You can force a recent openSSH to generate the old format with:
ssh-keygen -m PEM -t rsa -P "" -f afile
Invalid format when creating an id_rsa file with Node
This error happens in Github Actions when using OPENSSH
instead of RSA
You need to encode the ssh key as an RSA key instead.
-----BEGIN O̶P̶E̶N̶S̶S̶H̶ RSA PRIVATE KEY-----
...
-----END O̶P̶E̶N̶S̶S̶H̶ RSA PRIVATE KEY-----
Error loading key /root/.ssh/id_rsa : invalid format
I managed to fix it with the help of guys from the ##aws irc channel
The Problem
I generated a PKCS#1 key format instead of a PKCS#8 format.
The PKCS#1 is represented as:
-----BEGIN RSA PRIVATE KEY-----
BASE64 ENCODED DATA
-----END RSA PRIVATE KEY-----
The PKCS#8 is represented as:
-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----
Solution
I simply copied the PRIVATE KEY and converted it here https://decoder.link/rsa_converter
You can also see a better elucidation here Differences between "BEGIN RSA PRIVATE KEY" and "BEGIN PRIVATE KEY"
Edited
As indicated below, it is not a good idea to use websites to do the conversion. Especially when your private key is likely being
sent to their servers. Instead, do the conversion locally as indicated here
by @csgeek
Docker Load key /root/.ssh/id_rsa : invalid format
If the key is "invalid format", try and regenerate it with the old PEM format.
ssh-keygen -m PEM -t rsa -P ""
Make sure to add the public key to your GitHub account for proper authentication.
The OP Shammir adds in the comments:
I think the issue is that nothing is being copied from host machine to docker image during build.
In "docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)"
returning empty", Shammir uses dockito/vault
to manage the private key, but also configure it to "AddKeysToAgent": that is not needed if the private key is not passphrase protected (as in my command above)
Related Topics
How to Use "Py" Instead of "Python" at the Command Line in Linux
How to Make a Built-In Device Driver in Linux
How to Replace Just One Newline Between > and < in Unix
How to Check All Columns Data Types of Table Using Awk Script
Issue While Validating Bash Script
Bash - Find Files Older Than X Minutes and Move Them
How to Grep One String Occuring Multiple Times from Same File
How to Write Multiple Line String Using Bash with Variables
How to Format My Grep Output to Show Line Numbers at the End of the Line, and Also the Hit Count
How to Force a Cifs Connection to Unmount
How to Redirect the Output of an Application in Background to /Dev/Null
How to Get the Current Network Interface Throughput Statistics on Linux/Unix
How to Clear All History in Linux/Ubuntu Terminal or Bash Permanently
How to Delete History of Last 10 Commands in Shell
Graphical Diff Programs for Linux
How to Delete Multiple Files at Once in Bash on Linux
Loading Module on Keyboard Hotplug
Lsb_Release: Command Not Found in Latest Ubuntu Docker Container