When working with people who don’t use a Unix-based operating system, you’ll often come across the SSH2 Public Key format. PuTTY is probably the most famous software using this format and nearly everyone on Windows uses it. To give them access to a system, SFTP server, Git repository or similar you often need to convert an SSH2 public key into the OpenSSH format. This article describes how to do exactly that.
You receive a public key looking like this:
—- BEGIN SSH2 PUBLIC KEY —-
Comment: "rsa-key-20160402" AAAAB3NzaC1yc2EAAAABJQAAAgEAiL0jjDdFqK/kYThqKt7THrjABTPWvXmB3URI pGKCP/jZlSuCUP3Oc+IxuFeXSIMvVIYeW2PZAjXQGTn60XzPHr+M0NoGcPAvzZf2 u57aX3YKaL93cZSBHR97H+XhcYdrm7ATwfjMDgfgj7+VTvW4nI46Z+qjxmYifc8u VELolg1TDHWY789ggcdvy92oGjB0VUgMEywrOP+LS0DgG4dmkoUBWGP9dvYcPZDU F4q0XY9ZHhvyPWEZ3o2vETTrEJr9QHYwgjmFfJn2VFNnD/4qeDDHOmSlDgEOfQcZ Im+XUOn9eVsv//dAPSY/yMJXf8d0ZSm+VS29QShMjA4R+7yh5WhsIhouBRno2PpE VVb37Xwe3V6U3o9UnQ3ADtL75DbrZ5beNWcmKzlJ7jVX5QzHSBAnePbBx/fyeP/f 144xPtJWB3jW/kXjtPyWjpzGndaPQ0WgXkbf8fvIuB3NJTTcZ7PeIKnLaMIzT5XN CR+xobvdC8J9d6k84/q/laJKF3G8KbRGPNwnoVg1cwWFez+dzqo2ypcTtv/20yAm z86EvuohZoWrtoWvkZLCoyxdqO93ymEjgHAn2bsIWyOODtXovxAJqPgk3dxM1f9P AEQwc1bG+Z/Gc1Fd8DncgxyhKSQzLsfWroTnIn8wsnmhPJtaZWNuT5BJa8GhnzX0 9g6nhbk= ---- END SSH2 PUBLIC KEY ----
And want to convert it to something like that:
You can do this with a very simple command:
ssh-keygen -i -f ssh2.pub > openssh.pub
The command above will take the key from the file ssh2.pub and write it to openssh.pub.
If you just want to look at the key, or have it ready for copy and paste, then you don’t have to worry about piping stdout into a file (same command as above, without the last part):
ssh-keygen -i -f ssh2.pub
This will simply display the public key in the OpenSSH format.
A more practical example of this might be converting and appending a coworker’s key to a server’s authorized keys file. This can be achieved using the following command:
ssh-keygen -i -f coworker.pub >> ~/.ssh/authorized_keys
After this a coworker, using the according private key will be able to log into the system as the user who runs this command.
The Other Direction: Converting SSH2 keys to OpenSSH
The opposite — going from OpenSSH to SSH2 — is also possible, of course. Simply use the -e (for export) flag, instead of -i (for import).
ssh-keygen -e -f openssh.pub > ssh2.pub
Knowing your toolbelt can make your life as a sysadmin much easier. Converting an SSH2 key to OpenSSH is something that you’ll find yourself doing on a fairly irregular basis, so it’s good to have the command written down somewhere.
Consider starting a “useful_commands.txt” file, or just keep a link to this post in your bookmarks.
I hope you enjoyed this little article! If you have any questions, don’t hesitate to comment. For more information on dealing with SSH Keys you might want to take a look at the ssh-keygen manual page (type man ssh-keygen into your terminal). It’s certainly a good idea to read over a few of the options that this command provides.