How to generate SSH Keys and avoid “Invalid privatekey” error

I’ve long been a user of DBeaver which works so well across different OSes, so recently I wanted to set up the cloud version called cloudbeaver.

In the course of doing that, I had to generate SSH keys to be able to access remote databases via SSH.

Generate an SSH keypair

The standard way of generating SSH keys is to run this command.

> ssh-keygen -t rsa

This by default creates id_rsa and id_rsa.pub under <home directory>/.ssh folder (both in Windows and Linux)

Everything worked fine until I tried to connect to the remote system from cloudbeaver.

I kept getting an Invalid Privatekey error!

After some digging around I found this Stackoverflow answer.

Essentially, recent versions of OpenSSH (7.8 and newer) create keys which start with –

-----BEGIN OPENSSH PRIVATE KEY-----

However, Java applications which use JSch do not support this format. It supports the classic OpenSSH format where the key starts with –

-----BEGIN RSA PRIVATE KEY-----

ssh-keygen can be used to convert the key to the classic OpenSSH format using

> ssh-keygen -p -f ~/.ssh/id_rsa -m pem -P passphrase -N passphrase

If the key is not encrypted with a passphrase, then “” needs to be passed in –

> ssh-keygen -p -f ~/.ssh/id_rsa -m pem -P "" -N ""

Generating a new keypair in the classic format

If a new key is being generated then it can be directly generated in the classic format with -m PEM option

> ssh-keygen -m PEM

Common options to the ssh-keygen command

-m key format

RFC4716 (RFC 4716/SSH2 public or private key), PKCS8 (PKCS8 public or private key) or PEM (PEM public key)

-t type

rsa1 for protocol version 1 and rsa or dsa for protocol version 2

-b bits

Specifies the number of bits in the key to create. For RSA keys, the minimum size is 1024 bits and the default is 3072 bits.

-C comment

Adds a comment about the key at the end

-f filename

full path to where the key should be saved

-N passphrase

The passpharse for the key (Can be empty e.g. “”)

> ssh-keygen \
    -m PEM \
    -t rsa \
    -b 4096 \
    -C "abhijit WORK" \
    -f /home/users/abhijit/.ssh \
    -N mypassphrase

Reference:

https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html