An administrator is attempting to add an SSH key target account in Privileged Access Manager, but the following error occurs when clicking OK to save the target account. This occurs both when trying to store it as a synchronized or unsynchronized account.
PAM-CM-3481: An invalid private key was specified.
An SSH key can be stored in PAM only if they are in DSA, ECDSA, or RSA format. All other key formats will fail the pattern check PAM performs on the key prior to saving the target account. If the SSH key is opened in a Notepad application, it should look like one of the following examples.
-----BEGIN DSA PRIVATE KEY-----
################################################################
################################################################
################################################################
-----END DSA PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----
################################################################
################################################################
################################################################
-----END EC PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
################################################################
################################################################
################################################################
-----END RSA PRIVATE KEY-----
If another SSH key format was used such as a ppk or OpenSSH key, please recreate the key in one of the supported three formats in order to store it in PAM.
If the key is solely being vaulted in PAM and will not be rotated nor used for auto-logins (for example, storing AWS Lambda keys), it is possible to use the Secrets Management feature in PAM to vault and view them.