JuiceSSH Validate Key File

JuiceSSH-validateKeyFile(File)

public static boolean validateKeyFile(File fileHandle) {
  
	final int fileSizeLimitKB = 8;
	if (fileHandle.length() > fileSizeLimitKB * 1024) {
		return false;
	}
	
	try {
		InputStream is = new FileInputStream(fileHandle);
		BufferedReader reader = new BufferedReader(new InputStreamReader(is));
		char[] header = new char[37];
		reader.read(header, 0, 37);
		reader.close();

		if(String.valueOf(header).contains("-----BEGIN RSA PRIVATE KEY-----")) {
			return true;
		}
		
		if(String.valueOf(header).contains("-----BEGIN DSA PRIVATE KEY-----")) {
			return true;
		}

    		if(String.valueOf(header).contains("-----BEGIN PRIVATE KEY-----")) {
        		return true;
		}
	
		if(String.valueOf(header).contains("-----BEGIN ENCRYPTED PRIVATE KEY-----")) {
	                return true;
	        }

	} catch (FileNotFoundException e) {
		Log.e(TAG, "File not found");
		return false;
	} catch (IOException e) {
		Log.e(TAG, "Not a textfile");
		return false;
	}
	
	return false;
	
}

This should also check for: begin openssh private key

What about "-----BEGIN OPENSSH PRIVATE KEY-----"?

New format or old? Or both?

Where is the check for invalid filename? I keep getting this error on a key named jpKey. It is a RSA 4096 bit key and the size is 1.8kB, it is password protected. It adheres to the spec of this snippet. Smart search turns up nothing. When I enter the relative path I get invalid filename What else can I do? I purchased the app so I am hoping to get my keys working.

@jpSimkins I had a similar issue and was very frustrated! Finally, I discovered that JuiceSSH didn't actually know where my SD card was. I found that If I typed in ./sdcard in the JuiceSSH file path box, it auto-completed with paths that were in my internal storage. I looked in my phone's File Manager app, and found that the internal storage is listed as /root/sdcard (not sure why). In the end, all I needed to do was to copy my SSH key from my actual SD card to my internal storage, enter the path into JuiceSSH, and then delete the key from my storage. I've experienced and resolved this issue with a Samsung Galaxy S5 and a new S8; not sure if this is relevant for iPhones. Hope that helps!

Don't support ECDSA and ED25519 key.

IT would be nice If ECC / ed will be supported...:/
-----BEGIN OPENSSH PRIVATE KEY-----

@BoBBer446

I second that comment. Tried everything until I wound up here and realized my ED25519 key wasn't going to work.

Can I have some help OPENSSH PRIVATE KEY

@TomMaddox Can we get OPENSSH?

Can we add -----BEGIN OPENSSH PRIVATE KEY-----

As they commented above, can we add "-----BEGIN OPENSSH PRIVATE KEY-----"?

USE -m PEM to ssh-keygen to generate the "BEGIN RSA KEY" type key i.e: https://serverfault.com/questions/939909/ssh-keygen-does-not-create-rsa-private-key

Use termius. It works

yes, please add -----BEGIN OPENSSH PRIVATE KEY-----, after deleting the OPENSSH part of the opening and closing lines the key works.

I had been struggling with this import process, as well, not fully grasping what was acceptable to JuiceSSH; which encryption, key strengths, et cetera. A few tweaks should allow users to work around/through the difficulties using "commonly" generated -----BEGIN OPENSSH PRIVATE KEY----- 2048/4096-bit RSA keys (do NOT use 1024-bit, as these are not nearly strong enough, and haven't been in more than a decade). This appears to be the issue encountered most in this thread.

SOURCE: JuiceSSH authentication FAQ.

Once you have confirmed the aforementioned settings are correct in your /etc/ssh/sshd_config file (et al), proceed with the following:

1. Backup your current id_rsa private key: mv ~/.ssh/id_rsa ~/.ssh/id_rsa.BAK
2. Then proceed to use @chmouel suggested method to convert your PuTTY / OpenSSH keys for use with JuiceSSH to the old PEM format: ssh-keygen -p -m PEM -f ~/.ssh/id_rsa (this step may fail if you don't have permissions to overwrite your current private key, so be certain you've performed the previous step!)
3. Lastly, copy the just converted (old) PEM format private key file to your mobile device using your preferred secure file transfer method (or simply the concatenate the text using cat ~/.ssh/id_rsa and migrate this output to JuiceSSH). The app should now be able to automatically import your private keys using Smart Search.

I'm sorry this doesn't help those of us trying to use elliptic-curve / EdDSA / ED25519 keys (yet). Hopefully @TomMaddox will be able to hook that up in the not too distant future. Thank you, please drive thru.