Attempting to SSH a cloud instance, you get this (or a similar) message: “couldn’t load private key – Putty key format too new.” This issue happens when you use PuTTygen to generate or convert to a ppk key. Here is how to fix it.
Background
SSH SSH (Secure Shell) is used for managing networks, operating systems, and configurations. It is also inside many file transfer tools and configuration management tools. Functionally SSH keys resemble passwords, granting access and control to who can access what. Currently, it is still extremely popular to access cloud instances.
When you create a compute instance, you must provide an SSH public key that will be used for authentication when you log in to the instance. For example, in Oracle Compute Cloud Service, you must generate your SSH key pair and upload the SSH public key before creating your instance.
However, PuTTY doesn’t support the SSH private key format created by the Oracle Cloud wizards. You need to convert the private key to the PuTTY required format. To connect to a remote machine with PuTTY, your private key should have a ppk format.
Problem
Couldn’t load private key – Putty key format too new
Attempting to SSH a cloud instance, you get this (or a similar) message:
Couldn’t load private key – Putty key format too new.
When you use PuTTygen to generate or convert to a ppk key and leave PuTTygen settings as default, you might experience this issue.
The issue/image above is from Solar-PuTTy (v3.0.1.1197), but the problem could happen using any FTTP or SSH client. For instance, In MobaXterm (Personal Edition v21.4 Built 4786), you get from the terminal:
No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
From PuTTy version 0.75, the program uses a new format to generate the SSH private key; it uses ppk version 3. However, PuTTY 0.74 or earlier versions can’t read this format, and this can be a problem for programs that use PuTTY internally, like Solar PuTTY or MobaXtermn. If the internal PuTTY version is not compatible with PPK version 3, the program can’t use keys created with a default setting of PuTTY 0.75.
Note that this is not a problem for PuTTY itself.
Other programs already use the latest ppk version 3, such as WinSCP, FileZilla, WinSSHTerm (here, the main SSH program is PuTTy), and others. I tested the newest version of the programs to date. So a quick workaround is to change to one of these programs. Soon all SSH and FTTP programs should support the latest version of PuTTy.
Solution
You can generate a new SSH key pair or change the private key format of an existing private key using PuTTygen.
Step 1: Change the PuTTygen PPK File Version to version 2.
Run the PuTTYgen program. Go to Key > Parameters for saving key files…
Change the PuTTygen PPK File Version to version 2.
Step 2: Generate a new SSH key pair or change the format of an existing one.
After following step one, you can now generate a key using the ppk version 2. You will be able to SSH to the cloud instance. This option is better if you are just creating the cloud instance.
Click on Generate a public or public key pair, click on Generate. Click Save private key, to save the key with the old ppk format.
Or, if you have already created a cloud instance using the new ppk format (version 3), the best option is to change the format of that key and convert it to the (old) version 2.
Click on Load and search for your ppk key (version 3). Click Save private key, to convert the key to the old ppk format.
Thanks! Very useful article!
wonderful article with screen shots
Good article
[…] Solution – You can generate a new SSH key pair or change the private key format of an existing private key using PuTTygen. Step 1: Change the PuTTygen PPK File Version to version 2. Run the PuTTYgen program. Go to Key > Parameters for saving key files. Change the PuTTygen PPK File Version to version 2. Step 2: Generate a new SSH key pair or change the format of an existing one. After following step one, you can now generate a key using the ppk version 2. You will be able to SSH to the cloud instance. This option is better if you are just creating the cloud instance. Or, if you have already created a cloud instance using the new ppk format (version 3), the best option is to change the format of that key and convert it to the (old) version 2. – Advertisement – Click on Load and search for your ppk key (version 3). Click Save private key, to convert the key to the old ppk format. Pogledajte cijeli odgovor […]
Thanks for this article, its the most clear one out there
Navicat gives this error when trying to log in using the PPK key generated by the server, so have to re create it using puttygen as you describe. Thank You