Cannot import SSH key

WpQ · May 1, 2025, 1:17pm

I discovered SSH Keys in the vault and it is awesome. I jumped to import a key and I got the message that the key is not valid.

It is very much valid - I use it daily to connect with ssh and it starts, as expected with

-----BEGIN OPENSSH PRIVATE KEY-----

This is an RSA 4096 key - are they not supported?

There are other posts on the topic, but they are not exactly relevant (Importing SSH Key : SSH Key is Invalid, SSH keys generated by puttygen will not import)

Quexten · May 1, 2025, 8:29pm

Hi! Which software was this key generated with?

4096-bit RSA keys are very much supported, however, some tools use a slightly different format that Bitwarden does not yet support for import. It may be fixed when the ssh-key rust crate releases a new version, and the bitwarden-sdk gets updated to use the new version (ssh-key: correctly parse OpenSSH keys generated by PuTTYgen by Eugeny · Pull Request #321 · RustCrypto/SSH · GitHub).

WpQ · May 2, 2025, 2:34pm

Ah, thank you. They were probably generated and exported with puttygen indeed.

Is there a way to load and re-export them to adhere to the correct format? (provided that this will keep the fingerprint used in ~/.ssh/authorized_keys unchanged - otherwise I will regenerate them from openssl and redeploy, something I would like to avoid because I have not automated that part)

Griffon_Walker · May 11, 2025, 5:48pm

Same issue for a oracle cloud private key.
-----BEGIN RSA PRIVATE KEY-----
Seems like a store for ssh keys should be format agnostic…

AlexTMjugador · May 27, 2025, 5:45pm

You can use sshpk-conv for that task, available on Debian-like distros at the node-sshpk package, like this: sshpk-conv /path/to/your/private/key -t ssh -p.

ergosteur · June 9, 2025, 5:49pm

Thanks, sshpk-conv worked to convert an id_rsa file originally generated on Ubuntu 20.04, successfully imported into Bitwarden.

For anyone else finding this - a little extra clarity on what’s actually happening, here’s the relevant portion from the sshpk-conv man page linked above:

pem, pkcs1
The standard PEM format used by older OpenSSH and most TLS libraries such as
OpenSSL. The classic id_rsa file is usually in this format. It is an ASN.1
encoded structure, base64-encoded and placed between PEM headers.

ssh
The SSH public key text format (the format of an id_rsa.pub file). A single
line, containing 3 space separated parts: the key type, key body and optional
key comment.