You are not logged in.

#1 2020-06-01 13:52:57

replabrobin
Member
Registered: 2010-05-06
Posts: 235

[SOLVED] openssh load pubkey "mykeyfilepath": invalid format

After upgrade today to openssh 8.3p1-1 I am getting warnings for private keys that used to work fine and also work fine with older ssh versions eg OpenSSH_7.6p1.

The warning has the form

load pubkey "mykeyfilepath": invalid format

I assume this has to do with the update requiring some preferred formatting of the PEM files that I have always used. Is there a way to fix this? Although the warning doesn't prevent the ssh command from working the stderr output causes warning emails etc etc.

Last edited by replabrobin (2020-06-01 17:57:30)

Offline

#2 2020-06-01 14:34:58

replabrobin
Member
Registered: 2010-05-06
Posts: 235

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

As a quick check I downgraded openssh to https://archive.archlinux.org/packages/ … kg.tar.zst and then the warning messages go away so they are caused by the upgrade to 8.3p1-1.

Offline

#3 2020-06-01 16:59:12

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,494

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

Did you try to recreate the key into PEM format? (see) man ssh-keygen

ssh-keygen -f id_rsa.pub -m PEM -e > key.pem

edit: what happens if you recreate id_rsa and the pem.key?

Last edited by qinohe (2020-06-01 17:03:31)

Offline

#4 2020-06-01 17:29:38

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2020-06-01 17:42:19

replabrobin
Member
Registered: 2010-05-06
Posts: 235

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

qinohe wrote:

Did you try to recreate the key into PEM format? (see) man ssh-keygen

ssh-keygen -f id_rsa.pub -m PEM -e > key.pem

edit: what happens if you recreate id_rsa and the pem.key?

the above seems related to creating a public key; that's not what I need. The warning refers directly to the private key.

Offline

#6 2020-06-01 17:56:26

replabrobin
Member
Registered: 2010-05-06
Posts: 235

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

duh, I looked at the changes and saw the stuff about rsa. I tried the alleged test

ssh -i id_rsa -oHostKeyAlgorithms=-ssh-rsa user@host

but although I got the warning it still connected so I thought that wasn't the problem. If I use a different key type eg ed25519 then I see no warning.

The warning seems to be the problem. Obviously there's no format error in the rsa key file; it seems to be the key type that is deprecated. Thanks for pointing at the solution. It seems we need to change the private key type.

Offline

#7 2020-06-09 12:14:25

mdavis95
Member
Registered: 2017-12-21
Posts: 5

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

for me it not now complains (but still works):
load pubkey "/home/user/.ssh/id_rsa": invalid format.

adding /home/user/.ssh/id_rsa.pub makes the warning go away

Offline

#8 2020-06-15 02:58:10

eduardo_amarall
Member
Registered: 2018-01-23
Posts: 7

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

I'm having the same problem, but I'm using .pem keys. All my keys worked fine, now they sill work but keeps giving me the error  " load pubkey "key.pem": invalid format "

Last edited by eduardo_amarall (2020-06-15 02:58:33)

Offline

#9 2020-06-17 17:09:57

Albert Camus
Member
From: Chicago
Registered: 2014-06-18
Posts: 6

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

Having the exact same problem as well. I'm specifying IdentityFile entries for hosts defined in my ~/.ssh/config. Specifically using SSH keys in .pem format downloaded from AWS that I have been using for years. There's no corresponding .pub key file on my machine since AWS automatically deployed the public key to each server you deploy.

In general this sounds like openssh makes a faulty assumption in that there's going to be a corresponding .pub file next to each private key.

Last edited by Albert Camus (2020-06-17 17:19:28)

Offline

#10 2020-07-10 15:24:55

HQJaTu
Member
Registered: 2018-10-14
Posts: 4

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

Albert Camus wrote:

Having the exact same problem as well.

In general this sounds like openssh makes a faulty assumption in that there's going to be a corresponding .pub file next to each private key.

Yeah, having the same problem since OpenSSH 8.3 client.

Why is there new assumption of public key to be present? It is not needed in the authentication process.
Why is this a warning-worthy event? If it would be an error, the connection wouldn't happen.
When adding couple of -v arguments, there is nothing mentioned about the missing .pub-file.

The working solution to remove this unnecessary warning is to add the correct public key.

Offline

#11 2020-07-11 07:22:26

HQJaTu
Member
Registered: 2018-10-14
Posts: 4

Re: [SOLVED] openssh load pubkey "mykeyfilepath": invalid format

Problem was introduced exactly two years ago on 11th July 2018. Fix (commit c514f3c0522855b4d548286eaa113e209051a6d2) was introduced three weeks ago to suppress the warning. The problem will go away when OpenSSH gets updated.

For code-oriented people, I wrote a blog post covering the breaking and fixing commits into Github.

Offline

Board footer

Powered by FluxBB