Site icon mulcas

Couldn't load private key - Putty key format too new

Couldn't load private key - Putty key format too new - mulcas.com

Attempting to SSH a cloud instance, you get this (or a similar) message: “couldn't load private key - Putty key format too new.” This issue happens when you use PuTTygen to generate or convert to a ppk key. Here is how to fix it. 

Background

SSH SSH (Secure Shell) is used for managing networks, operating systems, and configurations. It is also inside many file transfer tools and configuration management tools. Functionally SSH keys resemble passwords, granting access and control to who can access what. Currently, it is still extremely popular to access cloud instances.

When you create a compute instance, you must provide an SSH public key that will be used for authentication when you log in to the instance. For example, in Oracle Compute Cloud Service, you must generate your SSH key pair and upload the SSH public key before creating your instance.

However, PuTTY doesn't support the SSH private key format created by the Oracle Cloud wizards. You need to convert the private key to the PuTTY required format. To connect to a remote machine with PuTTY, your private key should have a ppk format.

Problem

Couldn't load private key - Putty key format too new

Attempting to SSH a cloud instance, you get this (or a similar) message: 

Couldn't load private key - Putty key format too new.

When you use PuTTygen to generate or convert to a ppk key and leave PuTTygen settings as default, you might experience this issue. 

The issue/image above is from Solar-PuTTy (v3.0.1.1197), but the problem could happen using any FTTP or SSH client. For instance, In MobaXterm (Personal Edition v21.4 Built 4786), you get from the terminal: 

No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)

From PuTTy version 0.75, the program uses a new format to generate the SSH private key; it uses ppk version 3. However, PuTTY 0.74 or earlier versions can't read this format, and this can be a problem for programs that use PuTTY internally, like Solar PuTTY or MobaXtermn. If the internal PuTTY version is not compatible with PPK version 3, the program can't use keys created with a default setting of PuTTY 0.75.

Note that this is not a problem for PuTTY itself.

Other programs already use the latest ppk version 3, such as WinSCP, FileZilla, WinSSHTerm (here, the main SSH program is PuTTy), and others. I tested the newest version of the programs to date. So a quick workaround is to change to one of these programs. Soon all SSH and FTTP programs should support the latest version of PuTTy.

Solution

You can generate a new SSH key pair or change the private key format of an existing private key using PuTTygen. 

Step 1: Change the PuTTygen PPK File Version to version 2.

Run the PuTTYgen program. Go to Key > Parameters for saving key files...

Change the PuTTygen PPK File Version to version 2.

Step 2: Generate a new SSH key pair or change the format of an existing one.

After following step one, you can now generate a key using the ppk version 2. You will be able to SSH to the cloud instance. This option is better if you are just creating the cloud instance. 

Click on Generate a public or public key pair, click on Generate. Click Save private key, to save the key with the old ppk format.

Or, if you have already created a cloud instance using the new ppk format (version 3), the best option is to change the format of that key and convert it to the (old) version 2. 

Click on Load and search for your ppk key (version 3). Click Save private key, to convert the key to the old ppk format.

Resources

Oracle

Exit mobile version