SSH Public Key Format

Question

I have a public key in the format:

---- BEGIN SSH2 PUBLIC KEY ----

Comment: "somename-20060227"
AAAAB3NzaC1yc2EAAAABJQAAAIBmhLUTJiP[and so on]==

---- END SSH2 PUBLIC KEY ----

Usually I see keys in the format like this:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAqof[and so on]

Can I just copy the first key in the authorized_keys file or do I have to modify it somehow so it looks like the second one? I think the first one was generated by PUTTYgen while the second one was generated by ssh-keygen.

alexus · Accepted Answer · 2015-02-04T17:22:12.767

17

use ssh-keygen -i to convert SSH2-compatible format to OpenSSH compatible format.

from man ssh-keygen:

-i This option will read an unencrypted private (or public) key file in SSH2-compatible format and print an OpenSSH compatible private (or public) key to stdout. ssh-keygen also reads the RFC 4716 SSH Public Key File Format. This option allows importing keys from several commercial SSH implementations.

edited Feb 04 '15 at 17:22

answered Apr 18 '12 at 14:49

alexus

12,342
27
115
173

partial answer, does not help at all. – karatedog Mar 17 '21 at 10:19

score 10 · Answer 2 · edited Dec 27 '19 at 15:36

10

This is the complete, correct answer:

ssh-keygen -i -m PKCS8 -f public-key.pem

edited Dec 27 '19 at 15:36

John Deters

103
3

answered Mar 28 '18 at 14:55

Boeboe

228
2
3

1

"RFC4716" is the default key_format, and -m does appear to be for specifying the format of the INPUT in this instance, not the output, so you are correct. – JimNim Mar 28 '18 at 15:42
Technically alexus' "correct" answer is NOT wrong though, as that answer is not spelling out full syntax - only pointing to which primary flag should be used, leaving the need to check -i syntax/usage in the man page. – JimNim Mar 28 '18 at 15:48

score 4 · Answer 3 · answered Apr 18 '12 at 14:45

4

You do have to convert the public key to openssh convention:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBmhLUTJiP[and so on]== somename-20060227

Also make sure that the key occupies exactly one line and no line breaks were introduced while copying.

answered Apr 18 '12 at 14:45

Dmitri Chubarov

2,296
1
15
28

score 3 · Answer 4 · answered Apr 18 '12 at 14:43

3

Just rewrite your key in format suited for authorized_keys:

keytype keybody keyname

Keep in mind that trailing "==" are necessary placeholders to keep keylength equal to desired length.

answered Apr 18 '12 at 14:43

Kondybas

6,864
2
19
24

4

The trailing "==" are [Base64 padding](http://en.wikipedia.org/wiki/Base64#Padding) – Andrew Apr 18 '12 at 14:46
how do I know if its RSA or DSA? – Björn Apr 18 '12 at 16:07

SSH Public Key Format

4 Answers4