0

I've a putty generated keypair file from which I try to save the private key in openssh format with:

puttygen -O private-openssh privat.ppk -o privat.pem

But when I try to use the private key for openssh publickey auth I always get the

debug1: load_identity_file: Skipping key /home/gerijani/.ssh/id_rsa: Invalid key length

I've tried to convert it with the windows GUI version into new openssh or ssh.com format. I've tried to convert with cli on Fedora system as well, but the same result. I've also tried to convert the existing RSA key to OPENSSH format with:

ssh-keygen -p -N "" -f priv_new.pem

Meanwhile if I try to login to the target node with putty, login is always successful.

Improve this question
9
  • What is the 'size' (bits in modulus) of your key? If you are using very recent OpenSSH (>=9.1) check if it is configured (in ~/.ssh/config or /etc/ssh/ssh_config or similar, or with a wrapping script or alias) to have option RequiredRSASize (in any case, but that's canonical) set too high for your key.
    – dave_thompson_085
    Commented Jun 25, 2023 at 3:16
  • @dave_thompson_085 I use openssh 8.8p1 without RA keysize restriction and according to : openssl rsa -in privat.pem -text -noout 'Private-Key: (2047 bit, 2 primes) But I don't get it why it is working with putty - on Win10 and on Fedora- and not with openssh client
    – János Geringer
    Commented Jun 25, 2023 at 20:45
  • I don't understand either; 2047 bit should be valid. Assuming id_rsa is the same as privat.pem -- did you confirm that?
    – dave_thompson_085
    Commented Jun 27, 2023 at 6:32
  • @dave_thompson_085 Yes. In fact, I've tried to specify it with 'ssh -i' as well. Odd is, if I generate a new key on my Fedora and copy the new public key to the target it works. But I guess, I confirmed it's an ssh client issue on Fedora as I've tried it from another laptop with Wim10 and MobaXterm IT WORKS. I also tried it from a CoreELEC Linux box CoreELEC:~ # ssh -V OpenSSH_9.2p1, OpenSSL 3.0.8 7 Feb 2023 and work from there as well. But I still don't know what could be the problem with 8.8.p1 as I 'm using with default config.
    – János Geringer
    Commented Jun 28, 2023 at 9:19
  • Gack! I didn't notice Fedora! Is your putty from the Fedora packagers or elsewhere? RHEL 8 up and Fedora I-don't-know-exactly-which have systemwide crypto policies that apply to most if not all distro packages and it appears now rejects RSA<2048 by default. If you run openssl genrsa 2047 does it generate a key and does that key work in OpenSSH?
    – dave_thompson_085
    Commented Jun 28, 2023 at 11:56

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .