DBeaver ssh tunnel invalid private key

Asked 10/7, 2019 at 23:33 Answered 21/7, 2022 at 13:26

Just want to leave it here, so the link to the solution won't be lost.

I have a private 4096-byte RSA key (probably it was generated using this guide https://help.github.com/en/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).

I've got an error while trying to establish a new connection through an ssh tunnel using DBeaver (6.1.2).


invalid privatekey: [B@540.....

Julide answered 10/7, 2019 at 23:33 Comment(1)

Friendly reminder, don't forget to accept an answer or elaborate more so that we can better help. It helps people looking for this info and also triage of the questions for us. – Scratches 4/6, 2020 at 19:31

This error is due to the format of the SSH private key. By default, ssh-keygen is creating a private key using the OpenSSH format—with this header:

-----BEGIN OPENSSH PRIVATE KEY-----

But DBeaver only accept keys using the older PEM format—with this header:

-----BEGIN RSA PRIVATE KEY-----

You can either generate a key directly with the correct header using:

ssh-keygen -t rsa -b 2048 -m PEM

Or you can convert an existing key (careful! this overwrite the existing key, you can just copy the private key and apply the command on the copy):

ssh-keygen -p -m PEM -f id_rsa

There is an open issue on DBeaver's GitHub.

Scratches answered 3/6, 2020 at 19:17 Comment(0)

So at first I've found this solution: https://github.com/rundeck/rundeck/issues/4813#issuecomment-492358649 But I didn't really want to recreate my key, cause it was already in use on several servers.
After an hour of googling I've found another suggestion: to use another SSH implementation via the sshj extension: https://github.com/dbeaver/dbeaver/issues/3917#issuecomment-410616717 It can be installed via the built-in package manager: Help -> Install New Software -> https://dbeaver.io/update/sshj/latest/ And it works great!

Julide answered 10/7, 2019 at 23:33 Comment(4)

I suppose you attempted to tunnel a database connection? Did you perhaps use a jump host? If so, do you happen to know how to properly fill in the SSH-tunnel page? I am using the most recent DBeaver and SSHJ is present and seems to be working, but the tunnelled connection is not :(. – Surfboard 14/4, 2020 at 15:58

Yes, use SSHJ. If you are on Arch, install it from the repos dbeaver-plugin-sshj. github.com/dbeaver/dbeaver/issues/5845#issuecomment-543187932 – Conakry 29/9, 2020 at 8:8

In the latest version, you just set "Implementation" to SSHJ (Under 'Advanced') and it should all work – Rab 28/4, 2022 at 8:13

it is no available for isntalation from that URL ATM, but you can just select "sshj" as an implementation as noted in this answer https://mcmap.net/q/467641/-dbeaver-ssh-tunnel-invalid-private-key . it is located in "SSH" tab in "advanced options" section. – Permafrost 11/8, 2022 at 10:36

This error is due to the format of the SSH private key. By default, ssh-keygen is creating a private key using the OpenSSH format—with this header:

-----BEGIN OPENSSH PRIVATE KEY-----

But DBeaver only accept keys using the older PEM format—with this header:

-----BEGIN RSA PRIVATE KEY-----

You can either generate a key directly with the correct header using:

ssh-keygen -t rsa -b 2048 -m PEM

Or you can convert an existing key (careful! this overwrite the existing key, you can just copy the private key and apply the command on the copy):

ssh-keygen -p -m PEM -f id_rsa

There is an open issue on DBeaver's GitHub.

Scratches answered 3/6, 2020 at 19:17 Comment(0)

The above suggestions didn't help for me. But in the latest versions of DBeaver, you just have to update implementation to SSHJ, under Advanced settings:

That worked for me!

Deferential answered 21/7, 2022 at 13:26 Comment(0)

I got the SSH Tunnel to work on DBeaver Community Edition Version 7.3.4.202101310933 macOS Catalina version 10.15.7 by doing the following:

in shell: create private 4096-byte RSA key at default location ~/.ssh/id_rsa using ssh-keygen -t rsa -b 4096

in DBeaver:

click Help > Install New Software
click Add ...
enter Name: SSHJ
enter Location: https://dbeaver.io/update/sshj/latest/
click Next and go thru the entire SSHJ installation process (I failed to do this on my first attempt)
click Save
click Restart DBeaver

on SSH Tunnel tab of Connection Settings

use Authentication Method: Public Key
use Private Key: ~/.ssh/id_rsa (OpenSSH NOT PEM, as others have advised)
enter Passphrase
select Save Password
select Implentation: SSHJ
click Test tunnel configuration

modal dialog is displayed that says

Connected!
Client version: SSHJ_0.27.0
Server version: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8

click OK

Flodden answered 10/2, 2021 at 17:33 Comment(4)

Hi, welcome :) Your only-code formatting was a bit jarring. Check if my edit still preserves the message, and edit it to correct it if don't – Cassiecassil 10/2, 2021 at 18:57

I'm sure your edits are perfectly fine. But I don't know where I can review your changed version – Palfrey 11/2, 2021 at 22:25

WurmD, I like your version. Can you change my posting or do I need to copy them in myself? – Palfrey 12/2, 2021 at 0:20

@shawn-becker THANK YOU for mentioning SSHJ!! I had been struggling with a few different issues after generating a new SSH key. Issue Part 1) People were saying to change the id_rsa header. I changed it back per your advice. Issue Part 2) Somewhere somehow while editing my connection settings, SSHJ had been turned off in favor of JSch. Once I switched it back to SSHJ, I was able to connect again. You saved me so much more pain! Thank you for that!! – Soften 10/12, 2021 at 22:8

Recommended topics

Hot tags