Keywords: SSH Public Key Format | PuTTY Key Generator | key_load_public Error | OpenSSH Compatibility | Key Format Conversion
Abstract: This technical article provides an in-depth analysis of the key_load_public: invalid format warning commonly encountered during SSH connections. By examining the two different public key formats generated by PuTTY Key Generator (RFC 4716 SSH-2 format and OpenSSH format), the article explains the root causes of format compatibility issues and presents comprehensive solutions. It includes step-by-step instructions for converting PuTTY private keys to OpenSSH format and using ssh-keygen tools for public key regeneration. Drawing from reference materials, the article also addresses SSH version compatibility concerns and provides best practices for SSH key management in development environments.
Problem Background and Error Phenomenon
When using SSH for GitHub authentication, many developers encounter the key_load_public: invalid format warning message. This warning typically appears after generating key pairs with PuTTY Key Generator. Although the authentication process eventually completes successfully, the presence of this warning indicates issues with the public key format. A typical error output example is shown below:
$ ssh -T git@github.com
key_load_public: invalid format
Enter passphrase for key '/c/Users/Dan/.ssh/id_rsa':
Hi Dan! You've successfully authenticated, but GitHub does not provide shell access.Public Key Format Differences in PuTTY Key Generator
The PuTTY Key Generator tool produces two distinct formats of public key files, which is the fundamental cause of format compatibility issues.
RFC 4716 SSH-2 Format
When users click the "Save public key" button, PuTTY generates public keys in the RFC 4716 standard SSH-2 format. This format features a specific file structure:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "github-example-key"
AAAAB3NzaC1yc2EAAAABJQAAAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYF
i2fSBrsGcmqeb5EwgnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcp
pY0fhRSGtWL5fT8DGm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3
oMrongEjGw7sDP48ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEA
ip3mL20+qHNsHfW8hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9
tBjh7cOyuU/c4M4D6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElw==
---- END SSH2 PUBLIC KEY ----However, the OpenSSH client cannot properly recognize this format, resulting in the key_load_public: invalid format warning.
OpenSSH Compatible Format
PuTTY Key Generator provides a "Public key for pasting into OpenSSH authorized_keys file" text box in its interface, which displays the OpenSSH compatible format public key. This format is more concise:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYFi2fSBrsGcmqeb5EwgnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcppY0fhRSGtWL5fT8DGm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3oMrongEjGw7sDP48ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEAip3mL20+qHNsHfW8hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9tBjh7cOyuU/c4M4D6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElw== github-example-keyThis format follows the ssh-rsa <signature> <comment> structure and can be correctly recognized by the OpenSSH client.
Public Key Regeneration and Format Conversion
Generating Public Key from OpenSSH Private Key
If you already possess an OpenSSH format private key file (typically named id_rsa), you can use the ssh-keygen tool to regenerate the corresponding public key file:
ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pubThis command extracts public key information from the private key file and generates a standard OpenSSH public key format file.
Converting PuTTY Private Key to OpenSSH Format
For situations where only PuTTY format private keys (.ppk files) are available, format conversion is necessary:
- Open the PuTTY Key Generator tool
- Select "File" → "Load private key" from the menu bar
- Choose the corresponding
.ppkfile - Select "Conversions" → "Export OpenSSH key" from the menu bar
- Save the file as
id_rsa(without extension)
After completing the conversion, you can use the aforementioned ssh-keygen command to generate an OpenSSH format public key.
SSH Version Compatibility Issues Supplement
Reference materials indicate that different versions of OpenSSH have varying parsing capabilities for public key formats. In OpenSSH version 6.7p1, public key files containing -----BEGIN and -----END markers might cause parsing errors. In some cases, manually removing these marker lines is necessary for proper public key recognition.
Practical cases demonstrate that similar format compatibility issues can occur when converting from ssh.com format to OpenSSH format. Developers need to ensure that the public key format matches the current SSH client version.
PKCS#1 PEM Encoded Format
Beyond common SSH public key formats, there exists the PKCS#1 PEM encoded public key format:
-----BEGIN RSA PUBLIC KEY-----
MIIBCAKCAQEAhl/CNy9wI1GVdiHAJQV0CkHnMEqW7+Si9WYFi2fSBrsGcmqeb5Ew
gnhmTcPgtM5ptGBjUZR84nxjZ8SPmnLDiDyHDPIsmwLBHxcppY0fhRSGtWL5fT8D
Gm9EfXaO1QN8c31VU/IkD8niWA6NmHNE1qEqpph3DznVzIm3oMrongEjGw7sDP48
ZTZp2saYVAKEEuGC1YYcQ1g20yESzo7aP70ZeHmQqI9nTyEAip3mL20+qHNsHfW8
hJAchaUN8CwNQABJaOozYijiIUgdbtSTMRDYPi7fjhgB3bA9tBjh7cOyuU/c4M4D
6o2mAVYdLAWMBkSoLG8Oel6TCcfpO/nElwIBJQ==
-----END RSA PUBLIC KEY-----This format can be generated from an OpenSSH private key using the following command:
ssh-keygen -f ~/.ssh/id_rsa -y -e -m pem > ~/.ssh/id_rsa.pemOr from an OpenSSH public key:
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pem > ~/.ssh/id_rsa.pemConclusion and Best Practices
The fundamental cause of the key_load_public: invalid format warning lies in public key format incompatibility. The RFC 4716 format generated by default by PuTTY Key Generator does not match the format expected by the OpenSSH client. Solutions include: using the correct OpenSSH compatible format public key, performing format conversion when necessary, and ensuring SSH client version compatibility.
In practical development, it is recommended to always use OpenSSH compatible format public keys and carefully verify format correctness when configuring platforms like GitHub. Through proper key management and format selection, developers can avoid such warnings and ensure the stability and security of SSH connections.