Home / ubuntu / Questions / 698997
Accepted
Alexander Zeitler
Asked: 2015-11-17 20:43:22 +0800 CST

key_load_public: invalid format with scp or git clone on Ubuntu 15.10

  • 772

After a fresh install of Ubuntu 15.10, when using scp or git clone, I get the following warning (the command itself doesn't fail): key_load_public: invalid format

How can I get rid of this warning?

Update: This is the output of scp -vvv:

OpenSSH_6.9p1 Ubuntu-2, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ... [...] port 22.
debug1: Connection established.
key_load_public: invalid format
debug1: identity file /home/alexzeitler/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexzeitler/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexzeitler/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexzeitler/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexzeitler/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexzeitler/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexzeitler/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexzeitler/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2
15.10

2 Answers

  1. Best Answer

    Check the file /Users/alexzeitler/.ssh/id_rsa. What is there? How did it get there?

    It should be your private RSA key, isn't it? And is there something in /Users/alexzeitler/.ssh/id_rsa.pub? Is it valid public key?

    If you don't use these keys, remove both of them and the message will disappear. If you are using them in different way, move them somewhere else. The same if they are in different format.

    The public part is probably corrupted, so you can recreate it from private one using this command:

    ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub

    ###hostkeys possibility The other possibility is that client is trying to read server public keys for HostBasedAuthentication. Don't you have it allowed in /etc/ssh/ssh_config ?

    It would be one of these files missing or corrupted:

    /etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_rsa_key.pub

    Your sshd server is not complaining?

    • 35

  2. I had a similar error Load key "/root/.ssh/id_rsa": invalid format when I tried in a Dockerfile:

    RUN echo "$ssh_prv_key" > /root/.ssh/id_rsa &&     chmod 600 /root/.ssh/id_rsa

    This led to errors like identity file /root/.ssh/id_rsa type -1 invalid format and read_passphrase: can't open /dev/tty. Do not use echo "${SSH_PRIVATE_KEY}" >> /root/.ssh/id_rsa to pass the private key!

    The right way would be to use

    COPY id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa

    The solution explained: my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.

    See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, with the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.

    • 0