The big SSH mystery... (I can't use/convert a key)

marianogedisman

New Member
Credits
71
Greetings everyone! So, after a lot of digging, and mailing-list writing (both to OpenSSL and OpenSSH), I can't seem to get to any good port.

I have the following private key:
Code:
-----BEGIN OPENSSH PRIVATE KEY-----
[Key contents]
-----END OPENSSH PRIVATE KEY-----
That I am trying to use with my Google cloud VM through the browser console, but when trying to use it, I get the following error:

Connect with private SSH key
Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. Try another key or connect with an auto generated SSH key.
Select a private ECDSA or RSA key file to sign into the VM or connect with a generated SSH key.

Now, I tried with openssl, from openssl rsa -in id_rsa.txt -out id_rsa.pem -outform PEM to ssh-keygen -e -m PEM -f id_rsa.txt > id_rsa_converted.txt (this one produced an output but wasn't usable) and also ssh-keygen -i -f id_rsa.txt -m PEM

I know I'm doing everything wrong! But is there any kind soul who could lead me to the right path?
I've been told the key could be old, unsupported, etc. Is there any way to make this work? I mean, it's not a deeply necessary resource the one I want to access, but I want to learn from this, so anyone willing to help me, I would personally super appreciate it!

Thanks in advance :)

--Mariano
 


f33dm3bits

Gold Member
Gold Supporter
Credits
24,380
I have no idea but can you share your publickey, that way we can see what type of key the secret one currently is.
 

marianogedisman

New Member
Credits
71
I have no idea but can you share your publickey, that way we can see what type of key the secret one currently is.
Hello! Sure thing:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgv9FS43/jTOaGTOqZRb+3WjFSciz5SpimVaZ/oN/t1lZn2maogzw7yykebjxsLT6lI4mWonHr6OMp53pYvRtjqMy5P0IigzKFc7/kmwEqfiejkSeIneFe1lnm/+5snHgaFYYmacTmOj9qo8BUQAmhTDx9qdm8h+GFfmGTeOCb3Olr8/UDXVS/HfDgZMQ+OSmXWOQLuStAqFTOvFUi6+vXOzC9/o934vxBNu6S0hivUPV5ZMUfewfnYkCp/tf3vWiIFwo5QMavA/7m2+6Buq/cdcnhNaQq46KNiU8SMOdgSsAgRA3us/LSnoU4NIUZKcA08pCuuRdV3lJD+S6QtzydrZNO5BhQCS9/xs27KSuQ9DVbPbm8g18/WGYP2kyya2IXFCeTBpKYgXxUq36kIEhhJuURLAMFPOnZez6OKCIEqf0p6tGyIxKz0J7Vy822bUSKq+ES0GGNqtRcBICzEaag6X+jK2nu81EaK6+ttN03UM2ZAiJaMqBnAATZ8FRRlLE=
 

f33dm3bits

Gold Member
Gold Supporter
Credits
24,380
Connect with private SSH key
Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. Try another key or connect with an auto generated SSH key.
Select a private ECDSA or RSA key file to sign into the VM or connect with a generated SSH key.
I'm not quite sure if they mean there that only the rsa key has to be in pem format or also if it's a ecdsa key. I found somewhere that you should be able to use this to convert your public to pem.
Code:
ssh-keygen -f id_rsa -e -m pem > pub.pem
Then copy the pub.pem to your Google cloud vm and then see what happens.
 
Last edited:

marianogedisman

New Member
Credits
71
@f33dm3bits trying that right now...

EDIT: Google didn´t like it. Kept throwing error Invalid key. Required format: <protocol> <key-blob> <[email protected]> or <protocol> <key-blob> google-ssh {"userName":"<[email protected]>","expireOn":"<date>"}

The format is ok, it's exactly the same as the other pub key, but with the key content changed.
I played around with the format but nothing. Ugh.
 
Last edited:

f33dm3bits

Gold Member
Gold Supporter
Credits
24,380
Can you try using a a ecdsa keypair instead, to see what happens?
Code:
ssh-keygen -t ecdsa
 

marianogedisman

New Member
Credits
71
Can you try using a a ecdsa keypair instead, to see what happens?
Code:
ssh-keygen -t ecdsa
Hello! OSX wasn't liking it, it kept throwing back Load key "id_rsa.txt": incorrect passphrase supplied to decrypt private key

NOW, however, I started googling to see if the error could be fixed, and got to a point where I found out, it would be related to the way the keys were generated.
I remember this server was issued with Putty converted keys, since it was also receiving connections from a Winfows machine using Putty.
So I played around a little bit with the PuttyGen and the .ppk file, and I think I managed to get a different error message (lol at least that's something), and I thought I was SO close:

1625404564973.png





But then:

1625404580381.png





So I think I got somewhere with these new errors.

I tried exporting the .ppk file with "Export as OpenSSH Key" options, no good.
"Export as ssh.com" kinda seemed to work, because I got the following error:
Error: The key must be in PEM format. Try converting your key to PEM format with`ssh-keygen -f $FILE -e -m PEM > $FILE.pem` or [URL='https://ssh.cloud.google.com/projects/t-gateway-267101/zones/europe-west3-a/instances/irc-server?authuser=0&hl=en_US&projectNumber=519381263942&sshKeys=true&useAdminProxy=true#']connect with an auto generated SSH key[/URL].

So, I copied this file to my Mac machine, but couldn't convert with the recommended commands, because I still get the incorrect passphrase supplied to decrypt private key

So I exported as OpenSSH with a passphrase, and at least OSX took it, and was able to convert to a .pem file, however I got the following error:
Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. Try another key or [URL='https://ssh.cloud.google.com/projects/t-gateway-267101/zones/europe-west3-a/instances/irc-server?authuser=0&hl=en_US&projectNumber=519381263942&sshKeys=true&useAdminProxy=true#']connect with an auto generated SSH key[/URL]

Funny thing, is that I exported as RSA.

So I will not try to export as EDCSA, and let's see what happens....

Nothing. Same error.

I guess this is the place where I have to decide whether to continue unravelling this mess, or just giving up on this server and start everything from scratch.

What would you do in my place? Do you have any past experiences dealing with difficult keypairs and how did you deal with it?

If I can't resolve this, at least I would definitely love to hear from your past experiences and learn from it!

As always, thanks a lot for all the support, it's really much appreciated!
 

f33dm3bits

Gold Member
Gold Supporter
Credits
24,380
I guess this is the place where I have to decide whether to continue unravelling this mess, or just giving up on this server and start everything from scratch.

What would you do in my place? Do you have any past experiences dealing with difficult keypairs and how did you deal with it?
I have no experience with Google cloud vm's so I wouldn't know what to tell you, seems they have different requirements for sshkey pair setup. I did find some Google cloud documentation where they advice to to setup a keypair like this.
Code:
ssh-keygen -t ecdsa-sk
I would think since that's official documentation that should work, try that? Are you paying for the vm?
 

dos2unix

Well-Known Member
Credits
4,364
Just curious, what are the permissions on the key files? 0600 or 0644? or something else?
 

marianogedisman

New Member
Credits
71
@f33dm3bits: I will try the ecdsa-sk option, hopefully it will work! I'm still on my trial period for the vm, I was interested in it mostly because it's the easier of all options, and it has Debian. I tried Oracle and IBM cloud. Terrible options IMO.

@dos2unix : Hello! The file is being uploaded from a Windows machine, these are the permissions:

1625439187551.png


Wait... that gives me an idea. Should I try to upload it from my Macbook? Which permissions should I use?
 

dos2unix

Well-Known Member
Credits
4,364
Depending on how you are uploading, a couple of things come to mind.

It would seem the permissions are wrong on your windows system. It is a little difficult
o translate permissions, but really you just want read access for yourself, and no permissions
for anyone else.

The other thing that sometimes happens when transferring from Windows systems
is you get extra hidden characters (invisible linefeed/carriage characters).
This can usually be fixed by an application called "dos2unix".

It's usually best to create these on the system your going to use them on.
 

marianogedisman

New Member
Credits
71
It's usually best to create these on the system your going to use them on.
Darn right sir. I promise I will live by these words! A few days have passed, and some other projects have kept me away from being able to continue this task.
Sadly I couldn't gain access back to my VM. I haven't taken it down yet though.
I will try some more, maybe some alternative options to SSH into it. However I see it quite hard.

It only SSH keys weren't so complicated :'(

Another thing I've learnt: Document everything. Even silly personal projects. You never know when you will need them for real.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!


Top