#1 2019-04-19 15:54:14

Registered: 2017-04-21
Posts: 1,363

ESXi 6.7 U2 OpenSSL issue

Keys generated by ssh-keygen are not recognized by the OpenSSL binary.

openssl rsa -in my_ssh-keygen_generated_key -check
unable to load Private Key
331484505768:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY

The key to this issue is that there exist newer methods for key generation by using the openssl base binary (openssl genrsa). Checking of keys does work when using this method, thus ssh-keygen binary should have been removed, as it's not compatible any more.

We haven't delved much into this, but it all seems to be some sort of incompatibility about the key file format, maybe the encoding. The error is the same that would be thrown by the -check method if we tried to parse any file other than a key.


Board footer