How to convert RFC4716 private keys to PEM private keys
We lately had a problem with some Java Software, not being able to connect to our git. We use a LambdaCD pipeline together with the lambdacd-git Plugin. JSch and jgit are libraries used within this project.
For our project we generated ssh keys on a device running the latest openssh software. JSch complained about authentication:
Exception com.jcraft.jsch.JSchException: Auth fail
After a lot of research, including building a minimal git client we discovered a small change to our other key files. The header didn’t start with
—–BEGIN RSA PRIVATE KEY—–
but it started with
—–BEGIN OPENSSH PRIVATE KEY—–
showing, that this key is formatted in the new default RFC4716 format.
One option now is to regenrate the keys with
ssh-keygen -m PEM
or reformat the keys. That’s not that easy as it seems. The man page says yes, computer says no. But fortunately we can use tools from PuTTY to reformat the keys, following these steps:
- install PuTTY tools
- run puttygen </path/to/your/rfc4716keyfile> -o id_keyfile.ppk
- run puttygen keyfile.ppk -O private-openssh -o keyfile.private
Now the PEM formatted private key can be found in keyfile.private.