OpenSSH accepted keys specification

Jakub Jelen jjelen at
Wed Dec 16 00:38:28 AEDT 2015

Hello list.

Based on the current behavior of openssh tools, which are asking for 
passphrase even without recognizing the key type from header, I was 
searching for some specification, format or description of the key types 
accepted and handled by openssh, but without any success. Nor browsing 
source code helped.

I tried several key types in both old or new formats, with or without 
passphrase, but if I removed header, openssh asked for the passphrase 
but was never able to decode the key. I am aware of the file [1] which 
describes new protocol format, but that one has strict header in 

What is the reason behind decoding every blob received from a file, even 
if it does not have the proper header? I guess there are some historical 
reasons but I would like to get more information about this topic.

(Background is discussion in our bug [2] about behavior of RSA1 keys 
with openssh compiled without RSA1 support, where I got to the dead end 
of my knowledge and of what I was able to find out myself.)


Thank you in advance,

Jakub Jelen
Security Technologies
Red Hat

More information about the openssh-unix-dev mailing list