Paramiko: "not a valid RSA private key file"
Question
I am trying connect to server using following sp.net
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ip = ['x.x.x.x']
key_file = "/Users/user/.ssh/id_rsa"
key = paramiko.RSAKey.from_private_key_file(key_file)
ssh.load_system_host_keys()
ssh.connect(ips, port=22, username='XYZ', pkey=key, timeout=11)
But I am getting an error:
not a valid RSA private key file
5 answers
solution1
27 ACCPTED 2019-06-14 05:59:36
I faced a similar situation and ssh-keygen comes to my help. You should make a copy of id_rsa and convert it to RSA type with ssh-keygen.
To Convert "BEGIN OPENSSH PRIVATE KEY" to "BEGIN RSA PRIVATE KEY"
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
solution2
12 2020-01-31 08:02:05
Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which starts with:
-----BEGIN OPENSSH PRIVATE KEY-----
That format is fully supported by the Paramiko since version 2.7.1 (2019-12-09) only.
If you are stuck with an older version of Paramiko, you can use ssh-keygen to convert the key to the classic OpenSSH format:
ssh-keygen -p -f file -m pem -P passphrase -N passphrase
(if the key is not encrypted with a passphrase, use "" instead of passphrase )
For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.
On Windows, you can also use PuTTYgen (from PuTTY package ):
- Start PuTTYgen
- Load the key
- Go to Conversions > Export OpenSSH key .
For RSA keys, it will use the classic format.
If you are creating a new key with ssh-keygen , just add -m PEM to generate the new key in the classic format:
ssh-keygen -m PEM
solution3
4 2019-02-10 22:33:47
The paramiko.RSAKey.from_private_key_file method requires the private key file to be in "PEM" format. Examine the file you're trying to read and see if it begins with a line that says:
-----BEGIN RSA PRIVATE KEY-----
If it doesn't have that line then it's not PEM.
If it's not PEM then you'll have to find some way to create a PEM version of the private key. ( EDIT : the original poster used PuTTY's puttygen utility to export the private key into a PEM-format file.)
Make sure that the new file has the same ownership and limited access permissions that the original id_rsa file has, so that nobody can steal the key by reading the file. Then, obviously, modify your paramiko call to read the key from the new PEM-format file.
solution4
0 2021-05-19 15:57:22
I have encountered the same error while I was connected with ssh to an Ubuntu VM. In my terminal SSH_AUTH_SOCK environment variable is not defined, and paramiko throws the not a valid RSA private key file error. However, if I am connected in a graphical session to the same machine, the graphical terminal has got SSH_AUTH_SOCK defined, and Paramiko is happy. As a workaround, I have copied the content of SSH_AUTH_SOCK in my SSH terminal and it works better.
solution5
0 2022-12-27 07:39:44
As I checked, there was no issue with the path as well permissions(only read permission on the RSA file will work), so the problem was with the Paramiko version. I updated it from the below command and it resolved the issue for me.
pip3 install paramiko update
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.