The big SSH mystery... (I can't use/convert a key)

marianogedisman

New Member
Joined
Apr 21, 2021
Messages
12
Reaction score
1
Credits
115
Greetings everyone! So, after a lot of digging, and mailing-list writing (both to OpenSSL and OpenSSH), I can't seem to get to any good port.

I have the following private key:
Code:
-----BEGIN OPENSSH PRIVATE KEY-----
[Key contents]
-----END OPENSSH PRIVATE KEY-----

That I am trying to use with my Google cloud VM through the browser console, but when trying to use it, I get the following error:

Connect with private SSH key
Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. Try another key or connect with an auto generated SSH key.
Select a private ECDSA or RSA key file to sign into the VM or connect with a generated SSH key.


Now, I tried with openssl, from openssl rsa -in id_rsa.txt -out id_rsa.pem -outform PEM to ssh-keygen -e -m PEM -f id_rsa.txt > id_rsa_converted.txt (this one produced an output but wasn't usable) and also ssh-keygen -i -f id_rsa.txt -m PEM

I know I'm doing everything wrong! But is there any kind soul who could lead me to the right path?
I've been told the key could be old, unsupported, etc. Is there any way to make this work? I mean, it's not a deeply necessary resource the one I want to access, but I want to learn from this, so anyone willing to help me, I would personally super appreciate it!

Thanks in advance :)

--Mariano
 


I have no idea but can you share your publickey, that way we can see what type of key the secret one currently is.
 
I have no idea but can you share your publickey, that way we can see what type of key the secret one currently is.
Hello! Sure thing:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgv9FS43/jTOaGTOqZRb+3WjFSciz5SpimVaZ/oN/t1lZn2maogzw7yykebjxsLT6lI4mWonHr6OMp53pYvRtjqMy5P0IigzKFc7/kmwEqfiejkSeIneFe1lnm/+5snHgaFYYmacTmOj9qo8BUQAmhTDx9qdm8h+GFfmGTeOCb3Olr8/UDXVS/HfDgZMQ+OSmXWOQLuStAqFTOvFUi6+vXOzC9/o934vxBNu6S0hivUPV5ZMUfewfnYkCp/tf3vWiIFwo5QMavA/7m2+6Buq/cdcnhNaQq46KNiU8SMOdgSsAgRA3us/LSnoU4NIUZKcA08pCuuRdV3lJD+S6QtzydrZNO5BhQCS9/xs27KSuQ9DVbPbm8g18/WGYP2kyya2IXFCeTBpKYgXxUq36kIEhhJuURLAMFPOnZez6OKCIEqf0p6tGyIxKz0J7Vy822bUSKq+ES0GGNqtRcBICzEaag6X+jK2nu81EaK6+ttN03UM2ZAiJaMqBnAATZ8FRRlLE=
 
Connect with private SSH key
Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. Try another key or connect with an auto generated SSH key.
Select a private ECDSA or RSA key file to sign into the VM or connect with a generated SSH key.
I'm not quite sure if they mean there that only the rsa key has to be in pem format or also if it's a ecdsa key. I found somewhere that you should be able to use this to convert your public to pem.
Code:
ssh-keygen -f id_rsa -e -m pem > pub.pem
Then copy the pub.pem to your Google cloud vm and then see what happens.
 
Last edited:
@f33dm3bits trying that right now...

EDIT: Google didn´t like it. Kept throwing error Invalid key. Required format: <protocol> <key-blob> <[email protected]> or <protocol> <key-blob> google-ssh {"userName":"<[email protected]>","expireOn":"<date>"}

The format is ok, it's exactly the same as the other pub key, but with the key content changed.
I played around with the format but nothing. Ugh.
 
Last edited:
Can you try using a a ecdsa keypair instead, to see what happens?
Code:
ssh-keygen -t ecdsa
 
Can you try using a a ecdsa keypair instead, to see what happens?
Code:
ssh-keygen -t ecdsa

Hello! OSX wasn't liking it, it kept throwing back Load key "id_rsa.txt": incorrect passphrase supplied to decrypt private key

NOW, however, I started googling to see if the error could be fixed, and got to a point where I found out, it would be related to the way the keys were generated.
I remember this server was issued with Putty converted keys, since it was also receiving connections from a Winfows machine using Putty.
So I played around a little bit with the PuttyGen and the .ppk file, and I think I managed to get a different error message (lol at least that's something), and I thought I was SO close:

1625404564973.png





But then:

1625404580381.png





So I think I got somewhere with these new errors.

I tried exporting the .ppk file with "Export as OpenSSH Key" options, no good.
"Export as ssh.com" kinda seemed to work, because I got the following error:
Error: The key must be in PEM format. Try converting your key to PEM format with`ssh-keygen -f $FILE -e -m PEM > $FILE.pem` or [URL='https://ssh.cloud.google.com/projects/t-gateway-267101/zones/europe-west3-a/instances/irc-server?authuser=0&hl=en_US&projectNumber=519381263942&sshKeys=true&useAdminProxy=true#']connect with an auto generated SSH key[/URL].

So, I copied this file to my Mac machine, but couldn't convert with the recommended commands, because I still get the incorrect passphrase supplied to decrypt private key

So I exported as OpenSSH with a passphrase, and at least OSX took it, and was able to convert to a .pem file, however I got the following error:
Error: Failed to read key. The key file must be ECDSA or RSA in PEM format. Try another key or [URL='https://ssh.cloud.google.com/projects/t-gateway-267101/zones/europe-west3-a/instances/irc-server?authuser=0&hl=en_US&projectNumber=519381263942&sshKeys=true&useAdminProxy=true#']connect with an auto generated SSH key[/URL]

Funny thing, is that I exported as RSA.

So I will not try to export as EDCSA, and let's see what happens....

Nothing. Same error.

I guess this is the place where I have to decide whether to continue unravelling this mess, or just giving up on this server and start everything from scratch.

What would you do in my place? Do you have any past experiences dealing with difficult keypairs and how did you deal with it?

If I can't resolve this, at least I would definitely love to hear from your past experiences and learn from it!

As always, thanks a lot for all the support, it's really much appreciated!
 
I guess this is the place where I have to decide whether to continue unravelling this mess, or just giving up on this server and start everything from scratch.

What would you do in my place? Do you have any past experiences dealing with difficult keypairs and how did you deal with it?
I have no experience with Google cloud vm's so I wouldn't know what to tell you, seems they have different requirements for sshkey pair setup. I did find some Google cloud documentation where they advice to to setup a keypair like this.
Code:
ssh-keygen -t ecdsa-sk
I would think since that's official documentation that should work, try that? Are you paying for the vm?
 
Just curious, what are the permissions on the key files? 0600 or 0644? or something else?
 
@f33dm3bits: I will try the ecdsa-sk option, hopefully it will work! I'm still on my trial period for the vm, I was interested in it mostly because it's the easier of all options, and it has Debian. I tried Oracle and IBM cloud. Terrible options IMO.

@dos2unix : Hello! The file is being uploaded from a Windows machine, these are the permissions:

1625439187551.png


Wait... that gives me an idea. Should I try to upload it from my Macbook? Which permissions should I use?
 
Depending on how you are uploading, a couple of things come to mind.

It would seem the permissions are wrong on your windows system. It is a little difficult
o translate permissions, but really you just want read access for yourself, and no permissions
for anyone else.

The other thing that sometimes happens when transferring from Windows systems
is you get extra hidden characters (invisible linefeed/carriage characters).
This can usually be fixed by an application called "dos2unix".

It's usually best to create these on the system your going to use them on.
 
It's usually best to create these on the system your going to use them on.

Darn right sir. I promise I will live by these words! A few days have passed, and some other projects have kept me away from being able to continue this task.
Sadly I couldn't gain access back to my VM. I haven't taken it down yet though.
I will try some more, maybe some alternative options to SSH into it. However I see it quite hard.

It only SSH keys weren't so complicated :'(

Another thing I've learnt: Document everything. Even silly personal projects. You never know when you will need them for real.
 

Staff online

Members online


Top