8

UPDATED

When I am trying to generate a public key it still gives me an error "error in libcrypto"

Load key "breakthis": error in libcrypto

Private key is given below

I am trying to solve a Hack the box machine

I was able to get a private key then I converted that private key into a hash for JOHNTHERIPPER and cracked it successfully

But now when I try to login in through ssh I am getting the following error I have searched a lot but not able to resolve these error

ssh -i id_rsa [email protected]

load pubkey "id_rsa": invalid format 

Load key "id_rsa": error in libcrypto

[email protected]'s password:
Raghav Talwar
  • 89
  • 1
  • 1
  • 3
  • 1
    You are supposed to use the public key to connect via `ssh`, not the private key. You need to generate a public key from the private key. The accepted answer here will show you how: https://serverfault.com/questions/52285/create-a-public-ssh-key-from-the-private-key. – Nasir Riley Apr 02 '20 at 04:13
  • 3
    I am still getting an error "error in libcrypto" – Raghav Talwar Apr 02 '20 at 11:13
  • Update your question with how you are attempting to connect after generating the public key from the private key. – Nasir Riley Apr 02 '20 at 12:46
  • @NasirRiley "You are supposed to use the public key to connect via ssh, not the private key." - that is not true. – Drew Jan 25 '23 at 06:14
  • @Drew Yes, it is. When one uses `ssh-copy-id`, for example. the public key is sent, not the private key. The file `/etc/ssh/sshd_config` for virtually every Linux distrubution as well as FreeBSD has a line for `PubKeyAuthentication`. Notice that it's not `PrivKeyAuthentication`. The private key is not what one wants to send over. One has to generate a private key but that's not what's actually used to connect. That should be evident from the message that one receives if it fails. That's why it's called the private key. – Nasir Riley Jan 25 '23 at 23:49
  • @NasirRiley your explanation is absolutely irrelevant to the OP as in this context both private and public keys are used in ssh communication. Private is on Client side, public is on Server side. But in the comment above the use of public key was suggested on a client side which is not correct. Besides, the public key is not being sent on every session initiation - it's just being used to encrypt and transfer the ephemeral (session) key for symmetrical encryption. But again it's irrelevant to the OP. – Drew Jan 26 '23 at 07:05
  • @Drew Make up your mind. First you state that my statement about the using public key to connect isn't true (which isn't true itself) and now it has become that it's not relevant to the OP. I haven't seen any comments from the OP indicating that so what is or isn't relevant isn't known unless you can read minds. In fact, the OP hasn't responded in nearly three years so who cares? At this point, you are arguing just to argue. – Nasir Riley Jan 26 '23 at 07:47
  • 1
    @NasirRiley Your statement is wrong. I am simply correcting the wrong information. End of the conversation. – Drew Jan 28 '23 at 05:40
  • @Drew If that makes you feel better and is the end of you arguing for the sake of it, then I welcome it. Hopefully, you've found something more important than something on the internet that hasn't had any activity in nearly three yeas. – Nasir Riley Jan 28 '23 at 12:36
  • 1
    Just to clear up confusion for anyone stumbling across this comment chain, the private key is indeed what you need to connect each time. As proof, try `ssh -i ~/.ssh/id_rsa.pub` (or equivalent) and see what happens. You need `ssh -i ~/.ssh/id_rsa`. You can use the `file` command on the key files to see what kind of key they are. Indeed, the server needs your public key in its known_hosts for you to connect, but that is a one-time operation and is not a routine part of establishing SSH connections to a server. – eeowaa Jun 13 '23 at 19:17

9 Answers9

8

ERROR: load pubkey "id_rsa": invalid format

It happens when public key is used in ~/.ssh/config instead of using private key.

Alex
  • 356
  • 3
  • 10
8

In my case I had copied the keyfile using the clipboard, which had created a similar file but without terminating newline. That was enough to trip up libcrypto. Opening the file in vim and :wq closing it, was enough to add the newline, and it fixed my issue.

hraban
  • 201
  • 2
  • 3
  • 2
    haha this is such a stupid issue, surely it is a bug? why would a newline at the end of the file be a hard requirement – Gradyn Wursten Feb 19 '23 at 19:38
  • Mine was a different problem... but replacing every "\n" with actually "enter" in nano editor has solved my problem. :-) – Manan Shah Jun 01 '23 at 06:25
2

I fixed the Load key "id_rsa": error in libcrypto error by adding an LF control character (new line) at the end of the last line -----END OPENSSH PRIVATE KEY----- of the .pem file.

Before (doesn't work):

enter image description here

After (works):

enter image description here

Note the additional LF control character in the last non-empty line. One can add an LF control character by simply hitting the ENTER key.

Commands used to SSH into my remote computer:

chmod 400 key.pem
ssh -i "key.pem" [email protected]

Note: the error message can be either:

  • Load key "id_rsa": error in libcrypto (I saw it on my Ubuntu computer).
  • Load key "key.pem": invalid format (I saw it on my Windows computer) .

To show End of Line control characters in Notepad++:

enter image description here

Franck Dernoncourt
  • 4,749
  • 15
  • 48
  • 79
0

As mentioned by Alex, a using a public key in ~.ssh/.config seems to cause cause the error in libcrypto for me as long as that key is not loaded by a running SSH agent.

It happened for me when my keeagent crashed. However, restarting the agent seems to allow such setup as mentioned in here

kf06925
  • 101
  • 1
0

I just have fixed this problem. This problem was caused because of the format of the text.

Replace following the ssh-key format, Its looks like this:

-----BEGIN OPENSSH PRIVATE KEY-----
ENCODED KEY DATA HERE
-----END OPENSSH PRIVATE KEY-----
CacheUseOnly
  • 3
  • 2
anhdc
  • 1
  • 1
  • 2
    For the next time; there's no need to do this manually. Command `ssh-copy-id -i /pathto/privatekey user@remotehost` will copy the corresponding public key in the correct format to the target :-) – Peregrino69 Mar 21 '23 at 04:45
0

for future readers. I was using a ssh key file inside Gitlab CI YAML file and I kept getting error in libcrypto message. I did 2 things that FIXED the problem:

  1. Just changing the variable type from FILE variable to ENV_VAR
  2. Using ssh-keygen -t ed25519 when generating the key. Looks like gitlab does not support the default rsa keys.

Then everything works fine.

Also use this as the base before_script:

  before_script:
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client wget gnupg -y )'
    - wget -qO- https://get.docker.com/gpg | apt-key add -
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - touch ~/.ssh/config
    - touch ~/.ssh/known_hosts
    - chmod -R 400 ~/.ssh
    - ssh-keyscan <ip> >> ~/.ssh/known_hosts
    - '[[ -f /.dockerinit ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
Kasra Baghernezhad
  • 1
0

what fixed it for me was the answer to this question

I opened the key in puttygen then exported a new ppk using the conversion --> Export OpenSSH Key

workabyte
  • 101
  • 1
0

So in my case the private key file was simply missing the read permissions for the owner. After adding the read permission (chmod u+r id_ecdsa), everything worked fine.

strarsis
  • 101
  • 1
-1

I got this error, when I was using 2 github accounts with 2 ssh keys, but get rid of this error when i changed my config file like below,

myDir$ ssh -T [email protected]
Load key "/home/taxi/.ssh/mhmd_personal.pub": error in libcrypto
[email protected]: Permission denied (publickey).

From this

Host *
  AddKeysToAgent yes
  IdentityFile ~/.ssh/mhmd_personal.pub
  # IdentityFile ~/.ssh/id_ed25519

to

Host *
  AddKeysToAgent yes
  IdentityFile ~/.ssh/mhmd_personal
  # IdentityFile ~/.ssh/id_ed25519

removed the .pub extension from config file.

Md. Sultanul Arefin
  • 99
  • 2