SSH key suddenly in “invalid format”

By | 26 May 2024

My private SSH key is ancient. And thus it still was in the “old” RSA format, recognisable by the header:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED

This never was an issue. Everything works fine. Until now. While trying out GitFinder, it just didn’t want to accept my id_rsa file and always came back with “invalid format”.

I’ve also made sure to check the file for extra line breaks or the wrong line breaks – but everything was fine. And why wouldn’t it – the key worked in every other app so far.

I’ve tried converting it to PKCS8 format by running:

openssl pkey < id_rsa > id_rsa.pkcs8

Which can be identified by the header:

-----BEGIN PRIVATE KEY-----

But this didn’t help much. After further research, it seems like OpenSSH switched to a newer format for the keys and the library GitFinder uses seems to not like the old format anymore. Maybe it was time for me to upgrade my Privkey, then.

On StackOverflow’s ServerFault, this answer gave the simple solution: just update the password of the key (can even be the same as before) and ssh-keygen will write the key in the new format:

ssh-keygen -p -f id_rsa

That’s it! The header now reads:

-----BEGIN OPENSSH PRIVATE KEY-----

And this new format works fine with GitFinder and seems to still work with all other apps as well.

Leave a Reply