Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which starts with:
-----BEGIN OPENSSH PRIVATE KEY-----
JSch does not support this key format.
You can use ssh-keygen to convert the key to the classic OpenSSH format:
ssh-keygen -p -f <privateKeyFile> -m pem -P passphrase -N passphrase
This “abuses” -p (change passphrase) command. It will overwrite the private key file identified by the -f option with a new private key in the classic OpenSSH format (pem). You can keep the current passphrase as the new passphrase. If the key was not encrypted with a passphrase, use "" instead of passphrase. After, you can use ssh-keygen -y -e -f <privateKeyFile> >temp.pub to compare public keys and verify the existing public key works with the new format of private key.
For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10/11. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.
On Windows, you can also use PuTTYgen (from PuTTY package):
- Start PuTTYgen
- Load the key
- Go to Conversions > Export OpenSSH key.
For RSA keys, it will use the classic format.
If you are creating a new key with ssh-keygen, just add -m PEM to generate the new key in the classic format:
ssh-keygen -m PEM
Actually, the original JSch does not seem to be actively maintained anymore. So particularly, if you are starting new project, it might not be the best library to begin with. JSch suffers from many compatibility problems nowadays. For some important ones, see:
- Public key authentication fails with JSch but work with OpenSSH with the same key
- Workaround for JSch unsupported KEX algorithms
Instead, you might consider using this JSch fork:
https://github.com/mwiede/jsch
Among other, it does support the new OpenSSH key format.