ssh-keygen does not create RSA private key
I'm trying to create a private key and having an issue.
When I use ssh-keygen -t rsa -b 4096 -C "[email protected]", I get a private key in the following format.
-----BEGIN OPENSSH PRIVATE KEY-----
uTo43HGophPo5awKC8hoOz4KseENpgHDLxe5UX+amx8YrWvZCvsYRh4/wnwxijYx
...
-----END OPENSSH PRIVATE KEY-----
And this is not being accepted for an application that I'm trying to use.
I'm expecting a key in the following RSA format.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,25737CC2C70BFABADB1B4598BD8AB9E9
uTo43HGophPo5awKC8hoOz4KseENpgHDLxe5UX+amx8YrWvZCvsYRh4/wnwxijYx
...
-----END RSA PRIVATE KEY-----
How do I create the correct format? This is weird because every other mac I have creates the correct format, except the one I'm having problem with.
I'm on a fresh installed Mac OS Mojave
Solution 1:
I faced the same problem recently (after upgrade to mojave 10.14.1), here are 2 possible solutions for this issue.
- Downgrade your ssh-keygen binary (you can easily get old version from any linux/docker image)
OR
- Add option
-m PEMinto your ssh-keygen command. For example, you can runssh-keygen -m PEM -t rsa -b 4096 -C "[email protected]"to force ssh-keygen to export asPEMformat.
It seems like in the current ssh-keygen version in mojave, the default export format is RFC4716 as mentioned here
Solution 2:
New keys with OpenSSH private key format can be converted using ssh-keygen utility to the old PEM format.
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
There is no need to downgrade to older OpenSSH just to achieve this result.