Generate RSA2 key in OpenSSH format
There I see an option SSH2-RSA, SSH1-RSA. So is SSH2-RSA the RSA2 key or it means something else?
OpenSSH uses two different formats (and files) for RSA keys: one for the old, weak SSHv1 protocol which you should not use (and often aren't allowed to); and one for the current SSHv2 protocol. ssh-keygen in OpenSSH calls them -t rsa1 and -t rsa (which people call rsa2 for clarity), and puttygen calls them SSH1-RSA and SSH2-RSA.
So yes, the SSH2-RSA indicates a RSA2 formatted key.
Also is this key in the OpenSSH format? I see that there is a conversion tab with 2 options: export OpenSSh Key and export ssh.com key.
There seem to be 4 options (after choosing SSH2-RSA):
- Save public key: this exports the public key in SSH2 public key format, a standard (RFC4716) but not widely used;
- Save private key: this exports the private key in proprietary/encrypted Putty format;
- Export OpenSSH key: this actually exports an OpenSSL encrypted private key (PKCS#1 / PEM format), which OpenSSH normally uses for RSA2 key (and OpenSSH similarly uses OpenSSL formats for DSA and ECDSA private key in v2, but in recent versions has its own format for Ed25519 private key, a new algorithm OpenSSL doesn't know about yet);
- Export ssh.com key: this exports the key in the format used by the commercial SSH implementation from ssh.com, see Wikipedia, which can be imported into OpenSSH using
ssh-keygen -i.
In addition the public key is displayed in OpenSSH authorized_keys (and known_hosts) format whenever a key is generated or loaded, without explicit action. This format also varies between RSA1 (SSHv1) and RSA2 and other SSHv2 keys but less dramatically. For v2 this uses the algorithm name and base64 of the wire encoding, similar to rfc4716 format but without line breaks or PEM header/trailer.
Note that the public key format is usually more important as it is required to copy the public key to the server (which may not run the same software as the client) while the private key format can stay locally. Users of SSH however often copy the private key to other machines as well.
Save public key
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20151022"
... base 64 ...
---- END SSH2 PUBLIC KEY ----
Save private key
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key-20151022
Public-Lines: 6
... base 64 ...
Private-Lines: 14
... base 64 ...
Private-MAC: 243d3afda7ac218891e39fc0df7ed7cf97d8f358
Export OpenSSH key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,85137363803E9EA9
... base 64 ...
-----END RSA PRIVATE KEY-----
Export ssh.com key
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Comment: "rsa-key-20151022"
... base 64 ...
---- END SSH2 ENCRYPTED PRIVATE KEY ----
Related videos on Youtube
03 : 08
15 : 46
06 : 12
04 : 11
02 : 27
Ankur Bhatia
Updated on September 18, 2022Comments
-
Ankur Bhatia over 1 year
I have to generate a key, RSA v2 in OpenSSH format. I am a bit confused. I am trying to generate it using Putty Key Generator. There I see an option SSH2-RSA, SSH1-RSA. So is SSH2-RSA the RSA2 key or it means something else?
Also is this key in the OpenSSH format? I see that there is a conversion tab with 2 options: export OpenSSh Key and export ssh.com key. So I am not sure if the keys I have generated are in OpenSSH format.
-
dave_thompson_085 over 8 yearsAlso asked and answered in superuser.com/questions/989826/… .
-
