Openssh Private Key to RSA Private Key

(I am using MAC)

My id_rsa starts with

-----BEGIN OPENSSH PRIVATE KEY-----

but I expect it to starts with

-----BEGIN RSA PRIVATE KEY-----

I have send my id_rsa.pub to server administrator to get the access to server, so I don't want to generate a new key.

  1. Is there any way that I can transfer my id_rsa which is a openssh private key to a RSA private key? (command please.)

  2. If I can transfer, do I also need to transfer id_rsa.pub? (command please.) It seems id_rsa.pub doesn't have a header like id_rsa, so I am not sure if I should also transfer this.

Thank you!


You have an OpenSSH format key and want a PEM format key. It is not intuitive to me, but the suggested way to convert is by changing the password for the key and writing it in a different format at the same time.

The command looks like this:

ssh-keygen -p -N "" -m pem -f /path/to/key

It will change the file in place, so make a backup of your current key just in case. -N "" will set the passphrase as none. I haven't tested this with a passphrase.

The public key should be fine as is.

For full explanation of the above command, see the -m option here: https://man.openbsd.org/ssh-keygen#m


Here's what worked for me for an in-place conversion of a key with a passphrase:

ssh-keygen -p -P "old passphrase" -N "new passphrase" -m pem -f path/to/key

You can achieve this easily if you can get your hands on a linux system. I am using ubuntu 18.04 and did the following:

  1. update packages: sudo apt update
  2. install putty: sudo apt install putty
  3. install puttygen: sudo apt install putty-tools
  4. convert the private key to the intermediate format SSHv2: puttygen yourkey -O private-sshcom -o newkey
  5. convert it back to RSA/PEM: ssh-keygen -i -f newkey > newkey_in_right_format

And you are good to go