How to convert RFC4716 private keys to PEM private keys

We lately had a problem with some Java Software, not being able to connect to our git. We use a LambdaCD pipeline together with the lambdacd-git Plugin. JSch and jgit are libraries used within this project.

For our project we generated ssh keys on a device running the latest openssh software. JSch complained about authentication:

Exception com.jcraft.jsch.JSchException: Auth fail

After a lot of research, including building a minimal git client we discovered a small change to our other key files. The header didn’t start with

​—–BEGIN RSA PRIVATE KEY—–

but it started with

—–BEGIN OPENSSH PRIVATE KEY—–

showing, that this key is formatted in the new default RFC4716 format.

One option now is to regenrate the keys with

ssh-keygen -m PEM

or reformat the keys. That’s not that easy as it seems. The man page says yes, computer says no. But fortunately we can use tools from PuTTY to reformat the keys, following these steps:

  1. install PuTTY tools
  2. run puttygen </path/to/your/rfc4716keyfile> -o id_keyfile.ppk
  3. run puttygen keyfile.ppk -O private-openssh -o keyfile.private

Now the PEM formatted private key can be found in keyfile.private.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.