ssh-keygen does not create RSA private key

I'm trying to create a private key and having an issue.

When I use ssh-keygen -t rsa -b 4096 -C "[email protected]", I get a private key in the following format.

-----BEGIN OPENSSH PRIVATE KEY-----
uTo43HGophPo5awKC8hoOz4KseENpgHDLxe5UX+amx8YrWvZCvsYRh4/wnwxijYx
...
-----END OPENSSH PRIVATE KEY-----

And this is not being accepted for an application that I'm trying to use.

I'm expecting a key in the following RSA format.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,25737CC2C70BFABADB1B4598BD8AB9E9

uTo43HGophPo5awKC8hoOz4KseENpgHDLxe5UX+amx8YrWvZCvsYRh4/wnwxijYx
...
-----END RSA PRIVATE KEY-----

How do I create the correct format? This is weird because every other mac I have creates the correct format, except the one I'm having problem with.

I'm on a fresh installed Mac OS Mojave


Solution 1:

I faced the same problem recently (after upgrade to mojave 10.14.1), here are 2 possible solutions for this issue.

  • Downgrade your ssh-keygen binary (you can easily get old version from any linux/docker image)

OR

  • Add option -m PEM into your ssh-keygen command. For example, you can run ssh-keygen -m PEM -t rsa -b 4096 -C "[email protected]" to force ssh-keygen to export as PEM format.

It seems like in the current ssh-keygen version in mojave, the default export format is RFC4716 as mentioned here

Solution 2:

New keys with OpenSSH private key format can be converted using ssh-keygen utility to the old PEM format.

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa

There is no need to downgrade to older OpenSSH just to achieve this result.