Pageant does not load SSH-2 key generated with GitBash

Question

The implementation of key handling with (Tortoise)Git for Windows confuses me. As far as I understood, you can implement with either ssh.exe (gits own ssh program), where you can then choose an ssh key per host in your ssh_config in the 'faked' home dir. For me, that is not really applicable, because I have multiple Bitbucket accounts using different keys but all the same host.

Then there is a way to use TortoiseGitPlink. You basically set up pageant with a putty generated key and let TortoiseGit use that one - with the environment variable SSH_GIT set to your TortoiseGitPlink.exe).

Now my question is the following: I just created an ssh2 rsa key with default options using ssh-keygen -t rsa -f ~/.ssh/rsa_key command in GitBash. I tried loading this file into pageant.exe by using its GUI. I got the error: Couldn't load this key (OpenSSH-SSH-2 private key).

What is the problem with this key? Made in GitBash it should adhere all standard openSSH guidelines. Is it correct that there are differences in puTTY keys and openSSH keys?

Martin Prikryl · Accepted Answer · 2017-05-29T07:47:52.033

129

The Pageant can load keys in the PuTTY format (.ppk) only.

If you attempt to load a key in a different format, still recognized by PuTTY tools, you get the mentioned error message:

Couldn't load this key (OpenSSH-SSH-2 private key)

You need to use the PuTTYgen to convert the key from the OpenSSH format to the PuTTY format. If the Pageant recognized the file format, the PuTTYgen can convert it.

Run PuTTYgen;
Press Load to load the private key in OpenSSH format;
Press Save private key to save the private key in .ppk format;
Now you can load the private key in .ppk format to Pageant.

Or even easier, use the PuTTYgen to create the a key directly in the PuTTY format, instead of using the ssh-keygen.

See the PuTTY wishlist for reasons it has its own key format:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/key-formats.html

Note that I believe there's no standard for SSH-2 private key file format.

edited May 29 '17 at 07:47

answered Nov 25 '14 at 15:17

Martin Prikryl

188,800
56
490
992

14

Brilliant. Slightly off-topic, but this problem occurs with SourceTree as well. I ended up here from https://confluence.atlassian.com/display/BITBUCKET/Set+up+SSH+for+Git. From SourceTree you can use _Tools_ > _Create or Import SSH Keys_ > _Load_ to import your SSH-2 private key and export it as a .ppk using the _Save Private Key_ button (this is the PuTTY Key Generator tool Martin mentioned). I'm still having some woes with the UI, but I can at least commit over the command line now following these steps https://confluence.atlassian.com/pages/viewpage.action?pageId=302811860 – Aaron Newton Dec 07 '14 at 11:32
6

Finally...! I only had to open the PuTTY key generator program, click `import` and then click `save private key`. This is all I needed to know. Thanks for giving the clue the file had to be converted! – vsync Oct 07 '15 at 23:47
I would like to mention that this error message can also occur otherwise. In one case, `GIT_SSH` was incorrectly set to `pageant` instead of `plink`. The same message will then appear, caused by the parameters attached by Git, which of course are not valid keys. – SommerEngineering Apr 11 '19 at 20:08

score 44 · Answer 2 · edited Apr 11 '18 at 08:05

44

PuTTY doesn't understand the id_rsa private key if it shows this error:

You need to convert the private key to a .ppk (private key format).

Open PuTTY Key Generator (Start-> search 'puttygen')
You will need to import the RSA private key. To do so, open the 'Conversions' menu > 'Import key'.
Select the RSA private key to convert.
Click on "Save private key". Notice that you could also save it in another format.
Then save as 'id_rsa.ppk'
Open Pageant - PuTTY authentication agent (if not already open)
Click on "Add Key"
Select your converveted private key.
As you can see, PuTTY recognise it now in the 'Pageant Key List'.

edited Apr 11 '18 at 08:05

kleinfreund

6,546
4
30
60

answered May 05 '17 at 08:55

KeyMaker00

6,194
2
50
49

This is seriously dorky procedure for SourceTree. I uninstalled all of that software and use git directly. – pronebird Mar 21 '18 at 09:55
2

@Andy: Agree. Hopefully it will be better integrated in a near future. Greetings. – KeyMaker00 Mar 22 '18 at 07:09
3

Note that the extension should be `.ppk` not `.pkk`. – kleinfreund Apr 11 '18 at 08:05
4

Doesn't work with ed25519 keys: Couldn't load private key (unrecognised cipher name) – fret Jul 12 '18 at 02:23
1

Thank you for the step by step instructions. Really helped. – Daniel Hollinrake Oct 03 '18 at 09:31
2

Awesome answer. Like fret above, I couldn't import my private key. So I used Putty Gen to create the key (instead of via git bash as recommended by gitlab.com). And then just used this key instead. – the_new_mr Jan 21 '19 at 20:24
@fret check my answer: https://stackoverflow.com/questions/49083709/how-to-convert-ed25519-private-key-to-putty-ppk/57262997#57262997 and give it a try, i also had the same problem with the standard procedure – Andreas Oct 29 '20 at 12:46
Step 0. Go here to download Putty and puttygen: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html – user1751117 Mar 09 '22 at 20:58

score 1 · Answer 3 · answered Sep 21 '21 at 16:13

I stillt have the problem right now. The variable SSH_GIT ist set to the TortoiseGitPlink.exe. I made a key pair with git bash

ssh-keygen -o

I loaded the key with PUTTYGen and transformed it to the *ppk version. Saved the key in the tortioseGit settings and the public key to my github account, but i still get a request to put in my credentials and afterwards my push is denied. Funny think, on my laptop it works. i am pretty sure i did everything like on my laptop.

score 0 · Answer 4 · answered Mar 09 '23 at 12:52

This is because the AutoLoad Putty Key checkbox is checked(which should remain checked) in the TortoiseGit->Pull... popup. But the private putty key is not found in the corresponding path. Might be due to the file is somehow deleted or moved to other location.

Solution is either set the correct location of putty private key or remove the existing private key path. To do this click on Manage Remotes link above. This will open following popup. Follow steps one by one. Once you set the new path or correct path, click on Apply and then OK.

score -1 · Answer 5 · answered Mar 04 '22 at 17:50

-1

If you receive the error, Couldn't load private key (unrecognised cipher name), you will need to remove the passphrase from your private key before you can convert it.

Someone has written an article describing how to do this here.

answered Mar 04 '22 at 17:50

Larry DaVinci

111
5

Pageant does not load SSH-2 key generated with GitBash

5 Answers5