OpenSSH RSA keys not supported

Just got this message:

Failed to connect: Failed to parse the keyfile, check the key format and passphrase. Error message was openssh key type: ssh-rsa is not supported

How’s that?


ETA: debian buster is the OS, mono ver. is
ETA2: Upgraded to, no change

Is this a new backup configuration, or is this failure from an existing configuration?

Support for OpenSSH RSA keys were only recently added to SSH.NET. Once a new version of SSH.NET is released, we can update the libraries used by Duplicati.

1 Like

Neither, just a key refresh. I used Debian’s ssh-keygen and took the default.


What formats are OK? I did not see any mention of this in the doc.

Support new openssh format #3360 has discussion and workarounds.

Interestingly, they update their docs before their release. has

ECDSA 256/384/521, ED25519 and RSA in OpenSSH key format

January 3 version captured by had

ED25519 in OpenSSH key format

but if you use -m key_format option on ssh-keygen, there are lots of options.using older formats.

OK - I will grab an oldie but goodie.

I just had a QNap unit go tits-up, didn’t really want to think about THIS. But when it rains…

Their repository defaults to their develop branch. If you look at master (which I think is their release branch), the documentation is consistent.

@Kahomono, I modified the thread title to make it easier for others to understand what the issue is.

1 Like

(further off-topic) Duplicati’s manual is a totally separate GitHub project, often in catch-up mode.
S3 Compatible did catch up with, but leaves no info on underscored options for earlier…
Testing backup configuration and “clean” backups might have been thrown off by the mismatch.

(more on-topic) I wonder if Duplicati manual can permalink to the in-use version for tech detail? says lots for those who really want to know it.
The format change is obscure even with that. One almost needs OpenSSH release note on it…

Potentially-incompatible changes

This release includes a number of changes that may affect existing

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.

FWIW this cleared the issue for me: when generating the keys, I used the command

    ssh-keygen -m pem -f some_key_file -t rsa -b 4096
1 Like