How to change encryption algorithm for private key file using OpenSSH 5.3

linux ssh security encryption openssh
7,307

ssh-keygen has no options to specify the passphrase encryption, so you cannot simply make the old ssh-keygen behave like the new version by changing a configuration file or giving an option to it, but you can use OpenSSL to generate or convert the keys.

Conversion

Assuming your key is RSA

openssl rsa -aes128 -in <3des_protected> -out <aes128_protected>

will convert 3des_protected key in an AES128 one. It will ask for a passphrase three times: once for reading the old key, twice to set the new one.

Creation

First create the private part

openssl genrsa -aes128 -out <newkey>

then change its permission so that ssh doesn't complain with chmod 600 <newkey>

The public key is then derived from the private one by issuing

ssh-keygen -e -f newkey > newkey.pub
Share:
7,307

Related videos on Youtube

Giacomo1968
Author by

Giacomo1968

Updated on September 18, 2022

Comments

  • Giacomo1968
    Giacomo1968 over 1 year

    Using ssh-keygen, I need to generate a SSH private key file where the encryption algorithm used when using a passphrase is AES-128 with CBC mode.

    I know this is the default for OpenSSH >= 5.4 as per the release notes where they mention:

    Passphrase-protected SSH protocol 2 private keys are now protected with AES-128 instead of 3DES. This applied to newly-generated keys as well as keys that are reencrypted (e.g. by changing their passphrase).

    However, my requirement is to use this encryption algorithm with OpenSSH 5.3p1 (I cannot change the OpenSSH version).

    How can I change the encryption algorithm to AES-128 without upgrading to OpenSSH 5.4 or newer?

  • Adambean
    Adambean over 3 years
    This was exactly what I needed to convert a PuTTy Keygen private key export from 3DES to AES, so that I could use it with the SSH key agent in KeePassXC. Thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What command do I use to see what the ECDSA key fingerprint of my server is?
Does reinstalling openssh-server change the host key?
Missing begin marker error with public key ssh login
SSH troubles: ssh_exchange_identification/kex_exchange_identification: Connection closed by remote host
Permission denied (publickey,password,keyboard-interactive) error
SSH permission denied from Linux to Windows using keys
Terminate SSH Connections That Hang or Become Idle
Managing a server over SSH
Changing AuthorizedKeysFile in `sshd_config` not solving public key auth failure with encrypted home
Docker container ssh error: ssh_exchange_identification: Connection closed by remote host