Search code examples
gitgithubsshpublic-key

key_load_public: invalid format

I used PuTTY Key Generator to generate a 4096 bit RSA-2 key with a passphrase.

I save the .ppk and an openSSL format public key. The putty format public key doesn't work.

In any case, my error is as follows:

$ ssh -T [email protected]
key_load_public: invalid format
Enter passphrase for key '/c/Users/Dan/.ssh/id_rsa':
Hi Dan! You've successfully authenticated, but GitHub does not provide shell access.

What's the issue?

I use Pageant to load the keys and i use Git Bash to try the ssh connection. I've also loaded the key into GitHub, not sure what i'm doing wrong.

I've tried adding a new line and not adding a new line in GitHub

Solution

  • As Roland mentioned in their answer, it's a warning that the ssh-agent doesn't understand the format of the public key and even then, the public key will not be used locally.

    However, I can also elaborate and answer why the warning is there. It simply boils down to the fact that the PuTTY Key Generator generates two different public key formats depending on what you do in the program.

    Note: Throughout my explanation, the key files I will be using/generating will be named id_rsa with their appropriate extensions. Furthermore, for copy-paste convenience, the parent folder of the keys will be assumed to be ~/.ssh/. Adjust these details to suit your needs as desired.

    The Formats

    Link to the relevant PuTTY documentation

    SSH-2

    When you save a key using the PuTTY Key Generator using the "Save public key" button, it will be saved in the format defined by RFC 4716.

    Example:

    ---- BEGIN SSH2 PUBLIC KEY ----
Comment: "github-example-key"
AAAAB3NzaC1yc2EAAAABJQAAAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYF
i2fSBrsGcmqeb5EwgnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcp
pY0fhRSGtWL5fT8DGm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3
oMrongEjGw7sDP48ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEA
ip3mL20+qHNsHfW8hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9
tBjh7cOyuU/c4M4D6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElw==
---- END SSH2 PUBLIC KEY ----

    OpenSSH

    Contrary to popular belief, this format doesn't get saved by the generator. However it is generated and shown in the text box titled "Public key for pasting into OpenSSH authorized_keys file". To save it as a file, you have to manually copy it from the text box and paste it into a new text file.

    For the key shown above, this would be:

    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYFi2fSBrsGcmqeb5EwgnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcppY0fhRSGtWL5fT8DGm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3oMrongEjGw7sDP48ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEAip3mL20+qHNsHfW8hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9tBjh7cOyuU/c4M4D6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElw== github-example-key

    The format of the key is simply ssh-rsa <signature> <comment> and can be created by rearranging the SSH-2 formatted file.

    Regenerating Public Keys

    If you are making use of ssh-agent, you will likely also have access to ssh-keygen.

    If you have your OpenSSH Private Key (id_rsa file), you can generate the OpenSSH Public Key File using:

    ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub

    If you only have the PUTTY Private Key (id_rsa.ppk file), you will need to convert it first.

    1. Open the PuTTY Key Generator
    2. On the menu bar, click "File" > "Load private key"
    3. Select your id_rsa.ppk file
    4. On the menu bar, click "Conversions" > "Export OpenSSH key"
    5. Save the file as id_rsa (without an extension)

    Now that you have an OpenSSH Private Key, you can use the ssh-keygen tool as above to perform manipulations on the key.

    Bonus: The PKCS#1 PEM-encoded Public Key Format

    To be honest, I don't know what this key is used for as I haven't needed it. But I have it in my notes I've collated over the years and I'll include it here for wholesome goodness. The file will look like this:

    -----BEGIN RSA PUBLIC KEY-----
MIIBCAKCAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYFi2fSBrsGcmqeb5Ew
gnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcppY0fhRSGtWL5fT8D
Gm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3oMrongEjGw7sDP48
ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEAip3mL20+qHNsHfW8
hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9tBjh7cOyuU/c4M4D
6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElwIBJQ==
-----END RSA PUBLIC KEY-----

    This file can be generated using an OpenSSH Private Key (as generated in "Regenerating Public Keys" above) using:

    ssh-keygen -f ~/.ssh/id_rsa -y -e -m pem > ~/.ssh/id_rsa.pem

    Alternatively, you can use an OpenSSH Public Key using:

    ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pem > ~/.ssh/id_rsa.pem

    ##References:##