使用 openssl 将 SSH2 RSA 私钥转换为 .pem

tag-icon tag-icon openssl ssh-keygen
使用 openssl 将 SSH2 RSA 私钥转换为 .pem

当我尝试将SSH2 RSA基于格式的私钥转换为.pem格式时,使用开放式SSL我收到以下错误。

[jbadmin@xxxxxxx .ssh2]$ openssl req -x509 -key /home/jbadmin/.ssh2/id_rsa_2048_a -nodes -days 365 -newkey rsa:2048 -out id_rsa_2048_a.pem
unable to load Private Key
139994671441736:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

我的私钥:

[[email protected]]$ cat id_rsa_2048_a
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: jbadmin
Comment: "2048-bit rsa, jbadmin@x01bicallapp1a, Tue Dec 29 2015 11:38:\
----------------------------
----------------------------
---- END SSH2 ENCRYPTED PRIVATE KEY ----

如果有其他方法可以使用,请建议我开放式SSL或者ssh-keygen-g3

编辑1:尝试了以下选项,仍然是同样的问题

[jbadmin@x01bicallapp1a .ssh2]$ openssl rsa -outform PEM -in /home/jbadmin/.ssh2/id_rsa_2048_a -out /home/jbadmin/.ssh2/id_rsa_2048_a.pem
unable to load Private Key
140493432293192:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

答案1

ssh-keygen -p可以在 SSH2 和 PEM 格式之间进行转换:

 -m key_format
         Specify a key format for key generation, the -i (import),
         -e (export) conversion options, and the -p change
         passphrase operation.  The latter may be used to convert
         between OpenSSH private key and PEM private key formats.
         The supported key formats are: “RFC4716” (RFC 4716/SSH2
         public or private key), “PKCS8” (PKCS8 public or private
         key) or “PEM” (PEM public key).  By default OpenSSH will
         write newly-generated private keys in its own format, but
         when converting public keys for export the default format
         is “RFC4716”.  Setting a format of “PEM” when generating or
         updating a supported private key type will cause the key to
         be stored in the legacy PEM private key format.

从 SSH2 到 PEM:

ssh-keygen -p -f id_rsa -m PEM

从 PEM 到 SSH2:

ssh-keygen -p -f id_rsa -m SSH2

警告:指定的文件将被覆盖并就地更新!

笔记:虽然ssh-keygen-g3链接到商业产品ssh-keygen是更常见的开源版本。您可以在您的系统上免费获取它,它适用于 Linux、Windows、FreeBSD 和 PASE 等。如果您愿意,您可以在具有它的系统上执行转换:SSH2/PEM 密钥毕竟只是纯文本文件,只要小心不要遗失它们就行了。

答案2

解决方案:我使用下面的命令来让它工作

$ ssh-keygen-g3 --key-format openssh2  --import-private-key /home/jbadmin/.ssh2/id_rsa_2048_a /home/jbadmin/.ssh2/id_rsa_2048_a_openssh.pem
Imported private key in /home/jbadmin/.ssh2/id_rsa_2048_a to /home/jbadmin/.ssh2/id_rsa_2048_a_openssh.pem.

相关内容