Adding SSH keys fails

freelensia · July 10, 2018, 2:41pm

This worked for us, @fidenz-chim!

luis02lopez · September 29, 2018, 3:59am

This is the only thing that works.

logston · November 7, 2018, 9:20pm

Same issue. no passphrase. RSA 2048.

-----BEGIN OPENSSH PRIVATE KEY-----
....redacted.....
-----END OPENSSH PRIVATE KEY-----

Is there a bug?

I also manually updated to

-----BEGIN RSA PRIVATE KEY-----
....same redacted contents as above.....
-----END RSA PRIVATE KEY-----

… with no luck.

glasnt · November 8, 2018, 3:38am

Hey all, I’ve just encountered this bug, and found the following solution:

Many technical docs from github, atlassian, etc, suggest you run:

ssh-keygen -t rsa -C "your_email@example.com"  # bad

However, recent updates in ssh-keygen and associated libraries (for me, LibreSSL 2.6.4 on mojave 10.14.1, though I’m not 100% when/where it was introduced) mean that you end up getting a key that has the following header and footer:

-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----

GitHub understands these keys, but CircleCI returns a HTTP 400 when trying to add this as a SSH Key

The solution I found was to change the ssh-keygen command to include -m PEM

ssh-keygen -m PEM -t rsa -C "your_email@example.com"  # force PEM format

This specifically tells ssh-keygen to use the PEM format (which was(?) the default, but not anymore), and outputs a key with the usual header/footer:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Which I can then upload in the SSH Key settings screen.

I hope this helps!

logston · November 8, 2018, 6:43pm

You rock glasnt!

tgmcclen · November 22, 2018, 10:25am

Thanks glasnt, that sorted me too!

mrsimpson · November 28, 2018, 1:07pm

Thanks a ton, @glasnt!
I created a PR for the CircleCI docs

saramberr12 · November 28, 2018, 9:25pm

This was my issue too! Thank you!

philltran · December 3, 2018, 3:14pm

@glasnt Thanks! That fixed it for me too.

trickydisco78 · December 5, 2018, 9:30am

Well i’ve tried everything listed in this thread… Even
ssh-keygen -m PEM -t rsa -C "your_email@example.com" # force PEM format

and i still get error 400 bad request.

Why don’t circle ci generate keys automatically like bitbucket?

Anyone else know how i might resolve this? I’m using high sierra 10.13 to generate keys

Now sorted. The above worked thanks

system · February 13, 2019, 5:19pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

elay12 · February 13, 2019, 5:20pm

-m PEM Worked for me too

drazisil · February 27, 2019, 11:00pm

This topic was automatically closed after 14 days. New replies are no longer allowed.

Topic		Replies	Views
Adding a new SSH Key fails Deployments	10	8710	October 16, 2018
Unable to add private SSH key to "SSH Permissions" Feedback & Bug Reports	5	2486	July 22, 2018
Can't add an ssh key in "SSH Permissions" Feedback & Bug Reports	3	4838	November 20, 2018
Can't add ssh key Feedback & Bug Reports	2	1390	June 18, 2018
Unable to add an SSH key Deployments ssh , circle-yml	2	2624	June 18, 2018

Adding SSH keys fails

Related Topics