-
-
Save mingfang/4aba327add0807fa5e7f to your computer and use it in GitHub Desktop.
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem | |
chmod 600 id_rsa.pem |
And if you need the public key as a pem use this
ssh-keygen -f ~/.ssh/id_rsa.pub -m 'PEM' -e > public.pem
chmod 600 public.pem
I had to read through the source and I built a solution in JavaScript, of all things.
So if you install https://nodejs.org you can get ssh-to-jwk
, jwk-to-ssh
, rasha
, and eckles
which, between the four, will convert it any which way:
npm install -g ssh-to-jwk jwk-to-ssh rasha eckles
RSA
ssh-to-jwk ~/.ssh/id_rsa > privkey.jwk.json
rasha privkey.jwk.json pkcs8 > privkey.pem
chmod 0600 privkey.pem
rasha privkey.pem jwk > privkey.jwk.json
jwk-to-ssh privkey.jwk.json root@localhost > id_rsa
chmod 0600 id_rsa
ECDSA
ssh-to-jwk ~/.ssh/id_ecdsa > privkey.jwk.json
eckles privkey.jwk.json pkcs8 > privkey.pem
chmod 0600 privkey.pem
eckles privkey.pem jwk > privkey.jwk.json
jwk-to-ssh privkey.jwk.json root@localhost > id_ecdsa
chmod 0600 id_ecdsa
Docs and such:
@etiago @HighwayofLife OpenSSH has its own Private Key format.
Hi, running openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
i get this error:
unable to load Private Key
140735944156104:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: ANY PRIVATE KEY
can you help me?
Thanks.
@giacomo-m
Apple uses a different openssl-"package". In general it's recommened to install openssl on macos via @brew-package. (formerly homebrew)
The apple-package is missing some functionality. That seems to be the case here.
@kollaesch doesn't seem to be the case. I still got:
@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key
@kollaes
Hi, running
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
i get this error:unable to load Private Key
140735944156104:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: ANY PRIVATE KEYcan you help me?
Thanks.
Can you try generating the private key using ssh-keygen
I had the same problem and fixed by adding -m PEM
when generate keys.
So the gen key command look like:
ssh-keygen -t rsa -b 4096 -m PEM
Then you can get pem from your rsa private key.
openssl rsa -in id_rsa -outform pem > id_rsa.pem
@kollaesch doesn't seem to be the case. I still got:
@macbook:~/work$ openssl dsa -in id_dsa -outform pem read DSA key unable to load Private Key 140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY unable to load Key
Expecting: ANY PRIVATE KEY
I have this error only with 4096-bit key. Looks like it's the problem.
yup Ive got this same problem with a 4k key too
I ran into the 4096 problem... here is the answer. https://serverfault.com/questions/939909/ssh-keygen-does-not-create-rsa-private-key
unable to load Private Key
140149128779416:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY```
On both macOS and Ubuntu 16. I don't want to gen a new key, as i have the pub key installed on several servers.
For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using
ssh-keygen -f my-rsa-key -m pem -p
Note: when it was missing -p
argument I got Expecting: ANY PRIVATE KEY
error.
For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using
ssh-keygen -f my-rsa-key -m pem -p
Note: when it was missing
-p
argument I gotExpecting: ANY PRIVATE KEY
error.
Thanks, after hours of searching this is one works with me.
I used this for sftp
with phpstorm
Please bare in mind that ssh-keygen -f my-rsa-key -m pem -p
will modify your existing file. In this case my-rsa-key
@kythanh solution worked for me!
I had the same problem and fixed by adding
-m PEM
when generate keys.So the gen key command look like:
ssh-keygen -t rsa -b 4096 -m PEM
Then you can get pem from your rsa private key.
openssl rsa -in id_rsa -outform pem > id_rsa.pem
@kollaesch doesn't seem to be the case. I still got:
@macbook:~/work$ openssl dsa -in id_dsa -outform pem read DSA key unable to load Private Key 140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY unable to load Key
This worked for me.
FWIW, this worked for me on macOS 10.15.5 to convert (in-place, will modify original file!) a private key file id_rsa
to the PEM format:
$ ssh-keygen -p -m PEM -f ./id_rsa
I had the same problem and fixed by adding
-m PEM
when generate keys.So the gen key command look like:
ssh-keygen -t rsa -b 4096 -m PEM
Then you can get pem from your rsa private key.
openssl rsa -in id_rsa -outform pem > id_rsa.pem
@kollaesch doesn't seem to be the case. I still got:
@macbook:~/work$ openssl dsa -in id_dsa -outform pem read DSA key unable to load Private Key 140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY unable to load Key
Thanks, this worked for me as well.
This worked!!! But as others said, your private key is overwritten.
For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using
ssh-keygen -f my-rsa-key -m pem -p
Note: when it was missing
-p
argument I gotExpecting: ANY PRIVATE KEY
error.
@coolaj86 tried to run on windows, got errors (rsa -> jwt json)
C:\Users\dz\.ssh> ssh-to-jwk id_rsa
C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135
len = dv.getUint32(index, false);
^
RangeError: Offset is outside the bounds of the DataView
at DataView.getUint32 (<anonymous>)
at Object.SSH.parseElements (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135:14)
at Object.SSH.parse (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:23:24)
at Object.<anonymous> (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\bin\ssh-to-jwk.js:26:16)
at Module._compile (internal/modules/cjs/loader.js:1063:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
at Module.load (internal/modules/cjs/loader.js:928:32)
at Function.Module._load (internal/modules/cjs/loader.js:769:14)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
at internal/main/run_main_module.js:17:47
I had the same problem and fixed by adding
-m PEM
when generate keys.So the gen key command look like:
ssh-keygen -t rsa -b 4096 -m PEM
Then you can get pem from your rsa private key.
openssl rsa -in id_rsa -outform pem > id_rsa.pem
@kollaesch doesn't seem to be the case. I still got:
@macbook:~/work$ openssl dsa -in id_dsa -outform pem read DSA key unable to load Private Key 140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY unable to load Key
Worked to me too. Thanks man !
Just run this
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pem > ~/.ssh/id_rsa.pub.pem
Some of the examples above contain insecure use of chmod.
In general to create a file securely, always set the umask
first! e.g.
$ rm -f examplefile ; ( umask 0077 && echo "" > examplefile ) ; ls -l examplefile
-rw------- 1 tim tim 1 Feb 26 13:55 examplefile
$ rm -f examplefile ; ( umask 0377 && echo "" > examplefile ) ; ls -l examplefile
-r-------- 1 tim tim 1 Feb 26 13:55 examplefile
...if you don't do that, then your file creation is subject to a race condition, and can be maliciously read between you creating it, and chmodding it...
Huh, TIL! Thanks @linuxtim!
☝️ inclined to agree @HighwayofLife , this does nothing to the file format... although had an interesting side effect for me: it decrypted the file as my
id_rsa
was originally password-protected.