I have this id_rsa in my ~/.ssh folder. But it just doesn't authenticate. If I copy it and rename it to anything not id_rsa, it works.

[qfan@mycomputer .ssh]$ ls -al id_rsa id_rsa_good
-rw------- 1 qfan qfan 1766 Dec  3 18:35 id_rsa
-rw------- 1 qfan qfan 1766 Nov 20 19:43 id_rsa_good
[qfan@mycomputer .ssh]$ sha1sum id_rsa id_rsa_good
8cc7f68170038b184bba0541be7d105bb36f7d11  id_rsa
8cc7f68170038b184bba0541be7d105bb36f7d11  id_rsa_good
[qfan@mycomputer .ssh]$ ssh localhost -i id_rsa
qfan@localhost's password: 

[qfan@mycomputer .ssh]$ ssh localhost -i id_rsa_good
Enter passphrase for key 'id_rsa_good': 
Last login: Tue Dec  3 18:46:46 2013 from
[qfan@mycomputer ~]$ exit
Connection to localhost closed.

Note that "ssh localhost -i id_rsa" fails and ssh starts to ask for regular password login.

I used -vvv and here's the diff of the logs:

[qfan@mycomputer .ssh]$ ssh localhost -i id_rsa_good -vvv 2> log1_good.txt
Enter passphrase for key 'id_rsa_good': 

[qfan@mycomputer .ssh]$ ssh localhost -i id_rsa -vvv 2> log2_bad.txt
qfan@localhost's password: 

[qfan@mycomputer .ssh]$ diff log1_good.txt log2_bad.txt 
< debug3: Not a RSA1 key file id_rsa_good.
> debug3: Not a RSA1 key file id_rsa.
< debug1: identity file id_rsa_good type -1
> debug1: identity file id_rsa type 1
< debug2: dh_gen_key: priv key bits set: 126/256
< debug2: bits set: 533/1024
> debug2: dh_gen_key: priv key bits set: 127/256
> debug2: bits set: 503/1024
< debug2: bits set: 506/1024
> debug2: bits set: 539/1024
< debug2: key: id_rsa_good ((nil))
> debug2: key: id_rsa (0x7f953ea96f90)
< debug1: Trying private key: id_rsa_good
< debug1: PEM_read_PrivateKey failed
< debug1: read PEM private key done: type <unknown>
> debug1: Offering public key: id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1477
> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: ,password
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
[qfan@mycomputer .ssh]$ 

I also tried removing the passphrase from the key file, but it still doesn't work if named id_rsa.

So, what went wrong there?


[qfan@mycomputer .ssh]$ file id_rsa
id_rsa: ASCII text
[qfan@mycomputer .ssh]$ cat id_rsa |head -n2
Proc-Type: 4,ENCRYPTED
  • 1
    Are you sure the file contains an RSA key? It kind of looks like when it is named id_rsa ssh assumes it is an rsa key (type 1), but when you name it id_rsa_good it isn't sure (type -1).
    – mfarver
    Commented Dec 3, 2013 at 20:23
  • 1
    Can you run file id_rsa and let us see the output? If it isn't something very much like id_rsa: PEM RSA private key, mfarver may well have a point!
    – MadHatter
    Commented Dec 3, 2013 at 20:42
  • It's text file: [qfan@mycomputer .ssh]$ file id_rsa id_rsa: ASCII text [qfan@mycomputer .ssh]$ cat id_rsa |head -n2 -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED
    – Qi Fan
    Commented Dec 3, 2013 at 21:17

1 Answer 1


Found the reason. My id_rsa.pub file in the same .ssh folder is a public key that belongs to a different identity file. When id_rsa.pub doesn't match id_rsa, it fails automatically. Removing or moving the id_rsa.pub file makes id_rsa work.


You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .