Right now, CircleCI only support PKCS#1 ssh keys (BEGIN RSA PRIVATE KEY
) which is deprecated.
Latest ssh-keygen
versions don’t allow anymore to generate them and use PKCS#8
as default (BEGIN OPENSSH PRIVATE KEY
). Sadly, CircleCI consider them as invalid.
Is it possible to allow PKCS#8 keys which is now the default ssh private keys format and which by the way also allows to use more secure ECDSA keys (or any other supported encryption as the encryption protocol is noincluded into the key)
NB: See https://stackoverflow.com/questions/20065304/differences-between-begin-rsa-private-key-and-begin-private-key or https://crypto.stackexchange.com/questions/35093/why-ssh-gen-makes-difference-between-pem-and-pkcs8 for details about their differences and why PKCS#1 is deprecated.