/
Generate an SSH key for use in Kasm

Generate an SSH key for use in Kasm

Owned by LaTroy, created
Jan 23, 2024
2 min read

Ā Problem

There are several features in Kasm that accept an SSH key in the RSA format. It is common that a userā€™s current method of obtaining an SSH key will generate an ā€œOPENSSHā€ formatted private key instead of an ā€œRSAā€ (PEM) formatted private key. This article explains how to create a new key or convert an existing key from the OpenSSH format to the RSA format.

This is an example of the UI error seen by a user when trying to submit an SSH key in the wrong format:

image-20240123-114159.png

Ā 

This is an example of the diagnostics error log seen by an administrator when a user when gets an error while attempting to submit an SSH key in the wrong format:

Error processing SSH Private Key: (Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.) Traceback (most recent call last): File "client_api.py", line 3308, in _update_user_attribute File "cryptography/hazmat/backends/openssl/backend.py", line 1217, in load_pem_private_key File "cryptography/hazmat/backends/openssl/backend.py", line 1448, in _load_key File "cryptography/hazmat/backends/openssl/backend.py", line 1490, in _handle_key_loading_error ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

Ā 

This is an example of an incorrectly formatted SSH key for use in Kasm:

(example of OPENSSH format (RSA algorithm))

-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn NhAAAAAwEAAQAAAgEA094QH7V1GXNH82HNPEf6WDWTymbJDcNx+Od4cs7a6JLIlhVI6QtW fmu1ZFShZ0MZhrVvPd0rPtMixD+fajVryBDYE5j0s7BtaJVf1BMX49eRGMVu6uM3B6xedl dw/RaPRS+IaFbXZhdb8cdmlp/W+ZyBIy5ffqjxGjySh0r5mCyLbieVSah6XtQPqZEtvXwP crmV9w5ZgXzAgmm+3lOsyEUQzpGYOJSO6DIzftq4tjKBiJ5bfXSevVjHNZfnmHiRPp9Z0W 5jvfESJVybclSSliPmMdlyJNB8gMnp796+hc2C3qiu3mj9qB5/XewTi5buqGqf5rMJubtV BSwLN1Hi3JU//dP5ACsL2jzTpE06F/dgwr6/nVHJ/Q+HE7reV6kHC/r0wYgisoj7cU04T3 adf6ITpQ1mkvB3sxg7AVxsNivWkmYvWay0Mpxt9D7yyQRDbA95OtpS1jamUvnx3e6sUAou jcraC59QdVqUu4Vdx0iVtgLxNTzGA4yxPA1aAx6Fby8jcYr+DfddC/m+tyuMNiAvJ968DX 2pcDuL4qfP5KU9SqNosN9bxlRWLY8tng4t192DjdM1X7atkvYK5qgw+RRCiR4OuANFyjDv R5x/vH4odIMMkDcEFTbWJifc04EDUcmz0GTfOKTnBzubFVLAjaDHwWDh74XYAADvWiEXSo EAAAdQOh0SFjodEhYAAAAHc3NoLXJzYQAAAgEA094QH7V1GXNH82HNPEf6WDWTymbJDcNx +Od4cs7a6JLIlhVI6QtWfmu1ZFShZ0MZhrVvPd0rPtMixD+fajVryBDYE5j0s7BtaJVf1B MX49eRGMVu6uM3B6xedldw/RaPRS+IaFbXZhdb8cdmlp/W+ZyBIy5ffqjxGjySh0r5mCyL bieVSah6XtQPqZEtvXwPcrmV9w5ZgXzAgmm+3lOsyEUQzpGYOJSO6DIzftq4tjKBiJ5bfX SevVjHNZfnmHiRPp9Z0W5jvfESJVybclSSliPmMdlyJNB8gMnp796+hc2C3qiu3mj9qB5/ XewTi5buqGqf5rMJubtVBSwLN1Hi3JU//dP5ACsL2jzTpE06F/dgwr6/nVHJ/Q+HE7reV6 kHC/r0wYgisoj7cU04T3adf6ITpQ1mkvB3sxg7AVxsNivWkmYvWay0Mpxt9D7yyQRDbA95 OtpS1jamUvnx3e6sUAoujcraC59QdVqUu4Vdx0iVtgLxNTzGA4yxPA1aAx6Fby8jcYr+Df ddC/m+tyuMNiAvJ968DX2pcDuL4qfP5KU9SqNosN9bxlRWLY8tng4t192DjdM1X7atkvYK 5qgw+RRCiR4OuANFyjDvR5x/vH4odIMMkDcEFTbWJifc04EDUcmz0GTfOKTnBzubFVLAja DHwWDh74XYAADvWiEXSoEAAAADAQABAAACABMHA7gxTfuz5n+VZj72cOWIpEX+bqqJhbwW n7Lh4HeYLSMLdNGXJtSyPCdvUVKKjGmUdFHgQdDB2gK5ewnpE82zM5CpATr9CopktedAMr pP4xRQMOqv7sKF6LLknf1g0Auk3fGO8QfWa7e+UniPENm4hEGCWemwZvzV+UvkwB86Suhg 7i+gDaNkFKcEJpE4qdOCFtWKCKBQMaLUt+NULPWMfFqs6TiVoPL6BTVsk7+rMAZywGE3Ps VfCn8F7jL7iwHOglzEdvk5RAmudDhzn3mT7knGT1G+lpvjZlrYTJCMOSdhi1jmoXc+i+5F tCiqbLMb5lHr/ODdEeDlyHkWpdLDP1UrV2S3pHcu5UISI23Dzrq4dhKAe6rPMFbYGAOsTw Sj/kyER7cCLrvT2tfdO1f7ntfg8N+xBJkD+6xdXhnYeFwvhy2839NLl4mwodMFUaZG5y9w pRpUNwfyTjjrRdCQzsgMSGkOZ3/J79sG+ugevHz5q0+kIQFjAm78sy34ls24J/3+yrIJB/ nAI4CDCA1q9lf28FuCHipDHeOF0plNNLLal1+PZzJ2cknxJFj32eudzuJLWj5W/wWbGijp YAxgMV9VQmI2L8Vxcwy6RXY6ArFGh/UMQ3XxkJQAiKZQK/dMwPVGdcELkQo0CHhA2+mDfM OPwQoagOTKk4vGQf+VAAABACVeRHRdEdXMDDmbtQ99BI0DuqUx7Wty2FcqG11bpC2U82zw i+rIi85um0o6U8YxqBmHDe0lFjEsggqmOIXOkJLSA+wAPQG0F5m/4FVA63+LUq5xEB2KrO Y7yNrBPBBjpsl0Zx9Fk2h47p7HsGE2OJ6dTx/rkhBgQa7cr2q84bCqYB8/GrFsoG4sNRJb q20UsFw5g9fBuUIP9zSKz4QkLQuHdlDJcph6hHWvaV/a/Nv9jdhqgLboorkOfEofUM8ZxE 1GrLMEbhV+jex2zYzBdCSm6yEw4a3Hl3WRfzzGe+VBSXiR6NLkbbx2N7HAHpZCw163AtOs /qdglOwpR4a64W4AAAEBAPaTqwIQrgBhG+sHFKxAtxYBaKQhj1lmRgBdxKBaiAhHRBqCbg VhrtM62pOCn5s3vBkGXqflilxTDxh/4INSA5dcG6IF06DQK20wKbTh0eBXUC960790u7l7 CkKwZctZzakotF8Mmkx5vwzdFWB5OvJvTNouWDjuCX1Zuq0bMnoWYTbpNdq5v8x114Q4he ZSPyBftEsaFchvqF18P6ZZY6aaJluH9iIHX34ol45gnCKzG6Tv65JN4OSoW6iwrnYG23Oh qBOtWXSpkaP5Nj75X/9eKgW5o61/vUSXOuS8U/uhgcNeyVYOeX4iGYlIhho0wVw6+sVVqs TqcW6bPZ1JXe0AAAEBANv20q/0/0ZVJzEVJQQ39f4GZJEr9U5ndvQ7SCW1yTLJJ/ehyiD0 3p0BCXB3wGdPvv3gNBVrQjE+tBaqkwJsiPUuKAB8ELpCS7xu2h0tHF2fKYp8BdYGMi4JRl /NS6ooOnoEbl3U4yWaBHo/9qkIeHmSaQWa2G3NO53vzYeZ2m2IBKGAFxjUwmXWlqeY+cfG BUPTMflf/PjMX+Q7FQHqEHtepUNa+eHSU0H4HSUNVOZBB6GVjdKIzHWOZ8LMfaff0MiDaP /0Ms8dJ+SzmZaU9v2EHEQ6DWYZ05GIsbxA61pEOff9Rn+sKAlJcheBfSU0ldljYJ9IuiqL ZdyXnzbyrGUAAAAWeW91cl9lbWFpbEBleGFtcGxlLmNvbQECAwQF -----END OPENSSH PRIVATE KEY-----

Ā 

(example of OPENSSH format (Ed25519 algorithm))

-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACBQNtFFCiInVXs2M98pq+IKWzdhPVhYLqrnAq7oLQeOuwAAAKB5YCQTeWAk EwAAAAtzc2gtZWQyNTUxOQAAACBQNtFFCiInVXs2M98pq+IKWzdhPVhYLqrnAq7oLQeOuw AAAEAWHERsnfquiDNaMvslKFtlxqPaNVAD+szNFea6X5ftq1A20UUKIidVezYz3ymr4gpb N2E9WFguqucCrugtB467AAAAFnlvdXJfZW1haWxAZXhhbXBsZS5jb20BAgMEBQYH -----END OPENSSH PRIVATE KEY-----

Ā 

Ā 

Ā Solution

The correct format to use for Kasm is a PEM formatted key using the RSA algorithm.

Either create a new key in the correct format or convert an existing key.

NOTE: Ed22519 algorithm conversion to PEM format using the legacy RSA algorithm is not supported.

Create a new PEM (RSA) format

ssh-keygen -f sshkey.rsa -m pem

Convert OPENSSH format to PEM (RSA) format

cp sshkey.openssh sshkey.rsa ssh-keygen -p -N "" -m pem -f sshkey.rsa

Ā 

Ā 

Impacted Versions:

Issues were first observed on the following versions, but may impact other versions as well.

  • 1.14.0

Resolved Versions:

The issue is no longer applicable for the following and newer versions.

  • None

Related Docs:

Ā Related articles

  • Links to related kb articles in the Confluence project

Ā 

Related content