Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which starts with:
-----BEGIN OPENSSH PRIVATE KEY-----
JSch does not support this key format.
You can use ssh-keygen to convert the key to the classic OpenSSH format:
ssh-keygen -p -f <privateKeyFile> -m pem -P passphrase -N passphrase
This “abuses” -p (change passphrase) command. It will overwrite the private key file identified by the -f option with a new private key in the classic OpenSSH format (pem). You can keep the current passphrase as the new passphrase. If the key was not encrypted with a passphrase, use "" instead of passphrase. After, you can use ssh-keygen -y -e -f <privateKeyFile> >temp.pub to compare public keys and verify the existing public key works with the new format of private key.
For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10/11. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.
On Windows, you can also use PuTTYgen (from PuTTY package):
- Start PuTTYgen
- Load the key
- Go to Conversions > Export OpenSSH key.
For RSA keys, it will use the classic format.
If you are creating a new key with ssh-keygen, just add -m PEM to generate the new key in the classic format:
ssh-keygen -m PEM