SSH Targets - Invalid private key file

After adding an SSH target to our Octopus server, the health check immediately fails with: Invalid private key file.

I can confirm I can use the private keys to login to my target server with the specified account with putty.
I have tried making a new SSH account and trying various methods of generating the private key as per the documentation

  • puttygen (with various export formats)
  • ssh-keygen
  • with and without passphrases

I get the same error after updating account details and rerunning the health check job.
I’d appreciate any help on this one, thanks in advance.

Hi Scott,
Thanks for getting in touch! I’m sorry to hear you are encountering issues using a private key in Octopus Server, even though you can successfully use it locally with Putty.

In this case I’m not really sure what the problem could be here. I’m considering there might be issues with how Octopus is reading your key file.

Is your key file a PEM? For example does it look like this when you open it in notepad:


The next question I have is did you create the private key file in Windows or Mac/Linux? I’m asking this because there might be a problem with how each line is being terminated in your Private key. In the private key example above, at the end of the first line, ... QTt there might be extra invisible characters here. You could try trimming off the ends of each line using notepad.exe

If you’re interested I have marked this conversation as private just in case you would like to generate a pupblic/private key pair (one that you don’t use in your prodction environemnt) that I can test with on my end.

I look forward to hearing from you!

Kind regards,

Hi Lawrence,

Thanks for the reply.
After coming after to this in the next day with a fresh mind everything works.
Feel free to mark this as public, so that someone googling might see my folly and it might help them :slight_smile:

The key files were PEM formatted.

Puttygen 0.70 has a few new options which aren’t present on the screenshot in the documentation
Some key differences include that SSH-2RSA is now just known as RSA and under the conversions menu there are two options to export the OpenSSH key, one for the old format and one for the new format.
This works perfectly if the key is set to RSA and the export option is to the old format.
The new format will not be understood by Octopus

As mentioned, I also tried this with ssh-keygen. As you pointed out there were linebreaks present as I had copied this from a console rather than copying it over via other means.

I feel a bit silly now but at least it works :slight_smile:
I’d suggest possibly updating the Puttygen screenshot incase someone else is half asleep when they try to do this as well


Hi Scott,
Thanks for keeping in touch and letting us know how you solved this one and I’ve marked this topic.

Kind regards,