How-to : Convert OpenSSH private keys to RSA PEM

After upgrading to MacOS X Mojave, I’ve found myself in the curious situation that creating a private key with the usual command: ssh-keygen,  would output the private key in the format :

-----BEGIN OPENSSH PRIVATE KEY-----  
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAA...  
-----END OPENSSH PRIVATE KEY-----

Which it’s the new format for those keys. Unfortunately, this format is not supported by all the tools one may need to interact with. As a result, you may want to: convert the private key to the usual RSA – PEM format . Doing that is far from being a trivial task on Mojave, especially because, as this post suggests,  ssh-keygen won’t let you convert it! The easiest solution I’ve found is:

A) Download putty ( the .tar.gz for linux/windows)  : https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

B) Extract the files and compile the source code: “ ./configure” and “make puttygen

C) Using puttygen, convert the private key to the intermediate format SSHv2:

“./puttygen yourkey -O private-sshcom -o newkey”

Now, the key is in the format :

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- 
c3Bl23423sfdfadjEAAAAABG5vbmUAAAA...  
---- END SSH2 ENCRYPTED PRIVATE KEY ----

D) Using ssh-keygen convert it back to RSA/PEM :

“ssh-keygen -i -f newkey > newkey_in_right_format”

Now, finally, the key is in the right format :

-----BEGIN RSA PRIVATE KEY-----
xfKaBuPRCPEQ8Uc3UdyMrIXjvKGos3g...  
-----END RSA PRIVATE KEY-----

 

Hope this is useful to somebody 🙂