openssl: Error loading key ".ssh/id_rsa": error in libcrypto

Hi, im using my ssh RSA key for many years. After update to openssl3 i noticed an issue:

[tpg@tpg-virtualbox .ssh]$ ssh-add
Error loading key "/home/tpg/.ssh/id_rsa": error in libcrypto

I’ve validated my keys: [tpg@tpg-virtualbox .ssh]$ ssh-keygen -l -f id_rsa.pub 4096 SHA256:hereisthehash xxx@gmail.com (RSA)

Newly generated key with ssh-keygen works.

I tried to generate RSA key with openssl:

[tpg@tpg-virtualbox .ssh]$ openssl genrsa -des3 -out private.pem 2048
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
[tpg@tpg-virtualbox .ssh]$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Enter pass phrase for private.pem:
writing RSA key
[tpg@tpg-virtualbox .ssh]$ openssl pkey -check -in private.pem -noout
Enter pass phrase for private.pem:
Key is valid
[tpg@tpg-virtualbox .ssh]$ openssl pkey -pubcheck -in public.pem -noout
Could not read key from public.pem
Unable to load key

My system is OpenMandriva Cooker

[tpg@tpg-virtualbox .ssh]$ rpm -qa | grep openssl
openssl-3.0.0-0.alpha8.1.x86_64

[tpg@tpg-virtualbox .ssh]$ rpm -qa | grep openssh
openssh-8.4p1-2.x86_64

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 46 (14 by maintainers)

Most upvoted comments

I got this error message with a private key that had been copy pasted as text. It turns out that the file must end with a new line for it to work.

+80
lhotari on Dec 16, 2022

This occurred for me as I had an IdentityFile directive in ~/.ssh/config which was pointing to my public key. Changing it to point to the private key fixed the “error in libcrypto”. Would be great if this error message was more specific.

+4
peterhorsley on Nov 18, 2023

I got this error message when using ssh-keygen -t ed25519 to create my key but not when using ssh-keygen (no options).

+4
MareoRaft on Dec 18, 2022

@mattcaswell if you help me how to debug this i’ll provide needed information:

cat private.pem

-----BEGIN ENCRYPTED PRIVATE KEY-----
somehash
-----END ENCRYPTED PRIVATE KEY-----

cat id_rsa

-----BEGIN OPENSSH PRIVATE KEY-----
myhash
-----END OPENSSH PRIVATE KEY-----
+3
tpgxyz on Nov 18, 2020

private key that had been copy pasted as text turns out that the file must end with a new line

If you are on Windows, and you do have newline in the end of the file, but you still get the error, then try to convert it to Unix-style, for example with dos2unix:

$ dos2unix.exe ~/.ssh/your-private-key

That fixed it in my case.

+2
retifrav on Oct 29, 2023

I just verified ssh-add with openssl-3.0.0-alpha16 and now it WORKS ! Thanks!

+1
tpgxyz on May 20, 2021

We have yet another report that FreeRDP crashes with OpenSSLv3 http://issues.openmandriva.org/show_bug.cgi?id=2672

Not sure how this is related to the original issue. It should be reported as separate issue ideally with some reproducer cut out of the FreeRDP code. Otherwise it would be really hard to find the cause.

+1
t8m on Mar 2, 2021

There is something wrong with openssh in Openmandriva, this issue happened for me as well. I am using their rolling repo.

+1
Fubuchi on Dec 18, 2020
Read more comments on GitHub
← openssl: Error creating certificates without SKID
openssl: Error reporting and reason table generation for providers →