How to convert an SSH2 Public Key into an OpenSSH public key

When working with people who don’t use a Unix-based operating system, you’ll often come across the SSH2 Public Key format. PuTTY is probably the most famous software using this format and nearly everyone on Windows uses it. To give them access to a system, SFTP server, Git repository or similar you often need to convert an SSH2 public key into the OpenSSH format. This article describes how to do exactly that.

The Problem

You receive a public key looking like this:

—- BEGIN SSH2 PUBLIC KEY —-

Comment: "rsa-key-20160402"
AAAAB3NzaC1yc2EAAAABJQAAAgEAiL0jjDdFqK/kYThqKt7THrjABTPWvXmB3URI
pGKCP/jZlSuCUP3Oc+IxuFeXSIMvVIYeW2PZAjXQGTn60XzPHr+M0NoGcPAvzZf2
u57aX3YKaL93cZSBHR97H+XhcYdrm7ATwfjMDgfgj7+VTvW4nI46Z+qjxmYifc8u
VELolg1TDHWY789ggcdvy92oGjB0VUgMEywrOP+LS0DgG4dmkoUBWGP9dvYcPZDU
F4q0XY9ZHhvyPWEZ3o2vETTrEJr9QHYwgjmFfJn2VFNnD/4qeDDHOmSlDgEOfQcZ
Im+XUOn9eVsv//dAPSY/yMJXf8d0ZSm+VS29QShMjA4R+7yh5WhsIhouBRno2PpE
VVb37Xwe3V6U3o9UnQ3ADtL75DbrZ5beNWcmKzlJ7jVX5QzHSBAnePbBx/fyeP/f
144xPtJWB3jW/kXjtPyWjpzGndaPQ0WgXkbf8fvIuB3NJTTcZ7PeIKnLaMIzT5XN
CR+xobvdC8J9d6k84/q/laJKF3G8KbRGPNwnoVg1cwWFez+dzqo2ypcTtv/20yAm
z86EvuohZoWrtoWvkZLCoyxdqO93ymEjgHAn2bsIWyOODtXovxAJqPgk3dxM1f9P
AEQwc1bG+Z/Gc1Fd8DncgxyhKSQzLsfWroTnIn8wsnmhPJtaZWNuT5BJa8GhnzX0
9g6nhbk=
---- END SSH2 PUBLIC KEY ----

And want to convert it to something like that:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAiL0jjDdFqK/kYThqKt7THrjABTPWvXmB3URIpGKCP/jZlSuCUP3Oc+IxuFeXSIMvVIYeW2PZAjXQGTn60XzPHr+M0NoGcPAvzZf2u57aX3YKaL93cZSBHR97H+XhcYdrm7ATwfjMDgfgj7+VTvW4nI46Z+qjxmYifc8uVELolg1TDHWY789ggcdvy92oGjB0VUgMEywrOP+LS0DgG4dmkoUBWGP9dvYcPZDUF4q0XY9ZHhvyPWEZ3o2vETTrEJr9QHYwgjmFfJn2VFNnD/4qeDDHOmSlDgEOfQcZIm+XUOn9eVsv//dAPSY/yMJXf8d0ZSm+VS29QShMjA4R+7yh5WhsIhouBRno2PpEVVb37Xwe3V6U3o9UnQ3ADtL75DbrZ5beNWcmKzlJ7jVX5QzHSBAnePbBx/fyeP/f144xPtJWB3jW/kXjtPyWjpzGndaPQ0WgXkbf8fvIuB3NJTTcZ7PeIKnLaMIzT5XNCR+xobvdC8J9d6k84/q/laJKF3G8KbRGPNwnoVg1cwWFez+dzqo2ypcTtv/20yAmz86EvuohZoWrtoWvkZLCoyxdqO93ymEjgHAn2bsIWyOODtXovxAJqPgk3dxM1f9PAEQwc1bG+Z/Gc1Fd8DncgxyhKSQzLsfWroTnIn8wsnmhPJtaZWNuT5BJa8GhnzX09g6nhbk=

Solution

You can do this with a very simple command:

ssh-keygen -i -f ssh2.pub > openssh.pub

The command above will take the key from the file ssh2.pub and write it to openssh.pub.

 

If you just want to look at the key, or have it ready for copy and paste, then you don’t have to worry about piping stdout into a file (same command as above, without the last part):

ssh-keygen -i -f ssh2.pub

This will simply display the public key in the OpenSSH format.

 

A more practical example of this might be converting and appending a coworker’s key to a server’s authorized keys file. This can be achieved using the following command:

ssh-keygen -i -f coworker.pub >> ~/.ssh/authorized_keys

After this a coworker, using the according private key will be able to log into the system as the user who runs this command.

The Other Direction: Converting SSH2 keys to OpenSSH

The opposite — going from OpenSSH to SSH2 — is also possible, of course. Simply use the -e (for export) flag, instead of -i (for import).

ssh-keygen -e -f openssh.pub > ssh2.pub

Conclusion

Knowing your toolbelt can make your life as a sysadmin much easier. Converting an SSH2 key to OpenSSH is something that you’ll find yourself doing on a fairly irregular basis, so it’s good to have the command written down somewhere.

Consider starting a “useful_commands.txt” file, or just keep a link to this post in your bookmarks.

 

I hope you enjoyed this little article! If you have any questions, don’t hesitate to comment. For more information on dealing with SSH Keys you might want to take a look at the ssh-keygen manual page (type man ssh-keygen into your terminal). It’s certainly a good idea to read over a few of the options that this command provides.