“Invalid privatekey” when using JSch

We Are Going To Discuss About “Invalid privatekey” when using JSch. So lets Start this Java Article.

“Invalid privatekey” when using JSch

  1. “Invalid privatekey” when using JSch

    Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which starts with:
    -----BEGIN OPENSSH PRIVATE KEY-----
    JSch does not support this key format.

  2. “Invalid privatekey” when using JSch

    Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which starts with:
    -----BEGIN OPENSSH PRIVATE KEY-----
    JSch does not support this key format.

Solution 1

Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which starts with:

-----BEGIN OPENSSH PRIVATE KEY-----

JSch does not support this key format.


You can use ssh-keygen to convert the key to the classic OpenSSH format:

ssh-keygen -p -f file -m pem -P passphrase -N passphrase

(if the key is not encrypted with a passphrase, use "" instead of passphrase)

For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.


On Windows, you can also use PuTTYgen (from PuTTY package):

  • Start PuTTYgen
  • Load the key
  • Go to Conversions > Export OpenSSH key.
    For RSA keys, it will use the classic format.

If you are creating a new key with ssh-keygen, just add -m PEM to generate the new key in the classic format:

ssh-keygen -m PEM

Original Author Martin Prikryl Of This Content

Solution 2

I also stumbled upon this issue.
running Jgit on mac, for some users we saw the following exception:

org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:160)
    at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:137)
    at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:274)
    at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:169)
    at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
    at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
    at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1236)
    at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:234)
    ... 17 more
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: [[email protected]
    at com.jcraft.jsch.KeyPair.load(KeyPair.java:664)
    at com.jcraft.jsch.KeyPair.load(KeyPair.java:561)
    at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:407)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:367)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getJSch(JschConfigSessionFactory.java:276)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.createSession(JschConfigSessionFactory.java:220)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.createSession(JschConfigSessionFactory.java:176)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:110)

The root cause was discovered to be the ssh private key mismatch.
The exception only happened for users with key of newer kind ed25519, which outputs this key header:

-----BEGIN OPENSSH PRIVATE KEY-----

instead of kind RSA:

-----BEGIN RSA PRIVATE KEY-----

regenerating an RSA key (ssh-keygen -t rsa), made the exception go away.

Edit following comments:
If you have OpenSSH 7.8 and above you might need to add -m PEM to the generation command:
ssh-keygen -t rsa -m PEM

Original Author Natan Of This Content

Solution 3

Instead of converting the OPENSSH key format to the format, which original JSch supports, you can also switch to a fork of JSch, which you can find at https://github.com/mwiede/jsch

Your only need to replace your JSch Maven coordinates with com.github.mwiede:jsch:0.1.61.

The fork does support the OPENSSH key format and several more algorithms, which might become important in the future, as OpenSSH servers will restrict the allowed sets of algorithms to the most secure ones.

Original Author Matthias Wiedemann Of This Content

Solution 4

Quite late to reply, but want to leave track of how to face the issue.

The point, as meny mentioned, is actually the way you generate the key and with the -m PEM option resolves.

However if, just as happened to me, you could not regenerate the key because the public part had already been installed in several servers, you can still convert your private key to a suitable format.

To do so, just issue the following command:

ssh-keygen -p -m pem -f id_rsa

It will ask for input of a new passphrase. With parameters -P (old passphrase) and -N (new passphrase) you can provide them at once, if needed.

Original Author Stefano Cazzola Of This Content

Conclusion

So This is all About This Tutorial. Hope This Tutorial Helped You. Thank You.

Also Read,

Siddharth

I am an Information Technology Engineer. I have Completed my MCA And I have 4 Year Plus Experience, I am a web developer with knowledge of multiple back-end platforms Like PHP, Node.js, Python and frontend JavaScript frameworks Like Angular, React, and Vue.

Leave a Comment