Adding SSH keys fails

Hi guys,

I have read all of the above suggestions and mine still does not work.

Let me explain my situation.

  1. I have a .PEM file that looks like this:

I tried to insert that and it did not work.

  1. I used PUTTYGEN to generate a pair of public and private keys (with no passphrase) that look like this:
    image

I tried to put the public lines above, then tried then private line (14 lines) below (excluding the Private-MAC line). Neither worked.

Some observations:

  1. Passphrase: I am not sure if the PEM file had a passphrase. But when I opened it with PUTTYGEN, the passphrase box was empty. I then saved public and private keys without entering anything there.

  2. For the hostname area. I left it empty.
    (I use Bitbucket, but I am not sure what its host name is)

Any more ideas would ge greatly appreciated!

Thanks!

@freelensia

I’d advise you to follow a guide on generating a key-pair in Linux, so you can see what a working pair looks like, and then translate it back to PuTTY if it is important for you to do it there.

On Windows, you can get a working Linux terminal using Vagrant very easily - it downloads a basic Ubuntu box for you.

If you are still stuck, then:

  • Generate a test key pair that you can throw away
  • Show us both halves of the pair, unredacted (making sure it is removed from any of your repo/CI providers).
  • Paste the keys as text, not images. Images are not compatible with clipboards, and make it harder to help you.

That will allow someone to try the key in their own CI temporarily.

1 Like

Thanks @halfer, could you let me know in theory, which one should work?

The PEM data
The private data in PPK file >> should it be this one?
The public data in PPK file

Thanks!

@freelensia

I’d expect it to be your PEM file.

Had the same problem and managed to get through after leaving following line with the key.

-----BEGIN RSA PRIVATE KEY-----

----END RSA PRIVATE KEY-----

6 Likes

This worked for us, @fidenz-chim!

1 Like

This is the only thing that works.

Same issue. no passphrase. RSA 2048.

-----BEGIN OPENSSH PRIVATE KEY-----
....redacted.....
-----END OPENSSH PRIVATE KEY-----

Is there a bug?

I also manually updated to

-----BEGIN RSA PRIVATE KEY-----
....same redacted contents as above.....
-----END RSA PRIVATE KEY-----

… with no luck.

Hey all, I’ve just encountered this bug, and found the following solution:

Many technical docs from github, atlassian, etc, suggest you run:

ssh-keygen -t rsa -C "your_email@example.com"  # bad

However, recent updates in ssh-keygen and associated libraries (for me, LibreSSL 2.6.4 on mojave 10.14.1, though I’m not 100% when/where it was introduced) mean that you end up getting a key that has the following header and footer:

-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----

GitHub understands these keys, but CircleCI returns a HTTP 400 when trying to add this as a SSH Key

The solution I found was to change the ssh-keygen command to include -m PEM

ssh-keygen -m PEM -t rsa -C "your_email@example.com"  # force PEM format

This specifically tells ssh-keygen to use the PEM format (which was(?) the default, but not anymore), and outputs a key with the usual header/footer:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Which I can then upload in the SSH Key settings screen.

I hope this helps!

16 Likes

You rock glasnt!

1 Like

Thanks glasnt, that sorted me too! :slight_smile:

Thanks a ton, @glasnt!
I created a PR for the CircleCI docs

This was my issue too! Thank you!

@glasnt Thanks! That fixed it for me too.

Well i’ve tried everything listed in this thread… Even
ssh-keygen -m PEM -t rsa -C "your_email@example.com" # force PEM format

and i still get error 400 bad request.

Why don’t circle ci generate keys automatically like bitbucket?

Anyone else know how i might resolve this? I’m using high sierra 10.13 to generate keys

Now sorted. The above worked thanks

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

-m PEM Worked for me too

This topic was automatically closed after 14 days. New replies are no longer allowed.