OpenSSH private key format errors with LibreSSL 2.7

Joel Sing joel at sing.id.au
Sat Apr 7 17:04:57 AEST 2018


On Friday 06 April 2018 21:31:01 Bernard Spil wrote:
> Hi,
> 
> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA and
> ECDSA private keys.
> 
>      Error loading key "./id_rsa": invalid format
> 
> Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed this
> issue early on with LibreSSL 2.7 by converting the key to "new file
> format" (to verify the ecdsa key wasn't corrupted I loaded it in
> 
> Fail:
> -----BEGIN EC PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,<snip>
> 
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,<snip>
> 
> Success (both keys after converting):
> -----BEGIN OPENSSH PRIVATE KEY-----
> 
> I've been digging through ssh-keygen to find a way to convert them but
> have yet to find the right knobs. -e only exports public keys.
> 
> Currently running `make test` on OpenSSH 7.7 with LibreSSL 2.7.2.
> 
> Any hints?

What does the following say, when compiled with 2.7.2:

$ openssl version
$ openssl rsa -in ~/.ssh/id_rsa -noout ; echo $?
$ ssh -V


More information about the openssh-unix-dev mailing list