Adding SSH keys fails

ssh
keys

#1

When I add an SSH key in the projects “SSH Permissions” it just says “Failed”. Without any further information.

My steps:

  • In the terminal: cat .ssh/id_rsa | pbcopy
  • In Circle CI, I click “Add SSH key”
  • I leave the hostname blank and copy the SSH key
  • Clicking the “Add SSH key” button returns “Failed”

As video:

What can I do?

Thanks,
Roland


#2

Is the key encrypted/passphrase protected?


#3

No.
In my terminal I can connect to the server without any passphrase.


#4

Anyone? I’m really stuck here


#5

Did you ever find a resolution to this?

I’m getting the exact same behavior.

Opening the console reveals a bad request triggered by xhrio:

xhrio-e9d1716….js:621 POST https://circleci.com/api/v1.1/project/github/my/repo/ssh-key 400 (Bad Request)

I’d love to add deploys to my workflow but can’t do it without SSH.


#6

On chrome, when you open the network tab in dev tools, what is the content of the body of the 400 response? That should help us figure out what’s wrong here.


#7

EDIT: Hold on, I misunderstood your request. I’ll update this post with the error contents in just a minute.

{"message":"it looks like private key is invalid key.  Double check"}

I can login via ssh via command line as well, however. It’s just an RSA 2048 key.


#8

It looks like it needed the PRIVATE key, and I was copying the PUBLIC key.

:flushed:

Nevermind.


#9

Even adding the private key gives me the same error.Am i missing something here?.Do we need to remove the encryption type mentioned in the private key.


#10

For those getting this error message, does your private key have a passphrase? If yes, create a new private key without a passphrase and try that.


#11

This worked for me. Thanks!


#12

Got the same error, but my private key has no passphrase. Happens via the webinterface as well as with an API request.


#13

For anyone still struggling with this, are you using encryption types other than rsa? I was scratching my head for a while because I mostly use ed25519 these days, tried creating an rsa one and worked like a charm.


#14

None of the above worked. Solved it by simply changing the hostname. First it had an underscore, now it doesn’t and it works.


#15

Hi guys,

I have read all of the above suggestions and mine still does not work.

Let me explain my situation.

  1. I have a .PEM file that looks like this:

I tried to insert that and it did not work.


#16
  1. I used PUTTYGEN to generate a pair of public and private keys (with no passphrase) that look like this:
    image

I tried to put the public lines above, then tried then private line (14 lines) below (excluding the Private-MAC line). Neither worked.

Some observations:

  1. Passphrase: I am not sure if the PEM file had a passphrase. But when I opened it with PUTTYGEN, the passphrase box was empty. I then saved public and private keys without entering anything there.

  2. For the hostname area. I left it empty.
    (I use Bitbucket, but I am not sure what its host name is)

Any more ideas would ge greatly appreciated!

Thanks!


#17

@freelensia

I’d advise you to follow a guide on generating a key-pair in Linux, so you can see what a working pair looks like, and then translate it back to PuTTY if it is important for you to do it there.

On Windows, you can get a working Linux terminal using Vagrant very easily - it downloads a basic Ubuntu box for you.

If you are still stuck, then:

  • Generate a test key pair that you can throw away
  • Show us both halves of the pair, unredacted (making sure it is removed from any of your repo/CI providers).
  • Paste the keys as text, not images. Images are not compatible with clipboards, and make it harder to help you.

That will allow someone to try the key in their own CI temporarily.


#18

Thanks @halfer, could you let me know in theory, which one should work?

The PEM data
The private data in PPK file >> should it be this one?
The public data in PPK file

Thanks!

@freelensia


#19

I’d expect it to be your PEM file.


#20

Had the same problem and managed to get through after leaving following line with the key.

-----BEGIN RSA PRIVATE KEY-----

----END RSA PRIVATE KEY-----