Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Convert id_rsa to pem file
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
chmod 600 id_rsa.pem
@paxan
Copy link

paxan commented Oct 3, 2017

should be chmod 600 id_rsa.pem

@HighwayofLife
Copy link

HighwayofLife commented Dec 29, 2017

An rsa id_rsa key is exactly the same format as the output indicated here. So this ultimately does nothing other than duplicate the file an append a .pem extension.

@etiago
Copy link

etiago commented Mar 11, 2018

☝️ inclined to agree @HighwayofLife , this does nothing to the file format... although had an interesting side effect for me: it decrypted the file as my id_rsa was originally password-protected.

@adriaanvanrossum
Copy link

adriaanvanrossum commented Mar 21, 2018

And if you need the public key as a pem use this

ssh-keygen -f ~/.ssh/id_rsa.pub -m 'PEM' -e > public.pem
chmod 600 public.pem

@coolaj86
Copy link

coolaj86 commented Dec 12, 2018

I had to read through the source and I built a solution in JavaScript, of all things.

So if you install https://nodejs.org you can get ssh-to-jwk, jwk-to-ssh, rasha, and eckles which, between the four, will convert it any which way:

npm install -g ssh-to-jwk jwk-to-ssh rasha eckles

RSA

ssh-to-jwk ~/.ssh/id_rsa > privkey.jwk.json
rasha privkey.jwk.json pkcs8 > privkey.pem
chmod 0600 privkey.pem
rasha privkey.pem jwk > privkey.jwk.json
jwk-to-ssh privkey.jwk.json root@localhost > id_rsa
chmod 0600 id_rsa

ECDSA

ssh-to-jwk ~/.ssh/id_ecdsa > privkey.jwk.json
eckles privkey.jwk.json pkcs8 > privkey.pem
chmod 0600 privkey.pem
eckles privkey.pem jwk > privkey.jwk.json
jwk-to-ssh privkey.jwk.json root@localhost > id_ecdsa
chmod 0600 id_ecdsa

Docs and such:

@coolaj86
Copy link

coolaj86 commented Dec 12, 2018

@etiago @HighwayofLife OpenSSH has its own Private Key format.

@giacomo-m
Copy link

giacomo-m commented Dec 19, 2018

Hi, running openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem i get this error:

unable to load Private Key
140735944156104:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: ANY PRIVATE KEY

can you help me?

Thanks.

@kollaesch
Copy link

kollaesch commented Dec 31, 2018

@giacomo-m
Apple uses a different openssl-"package". In general it's recommened to install openssl on macos via @brew-package. (formerly homebrew)
The apple-package is missing some functionality. That seems to be the case here.

@243826
Copy link

243826 commented Jan 10, 2019

@kollaesch doesn't seem to be the case. I still got:

@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

@sauravexodus
Copy link

sauravexodus commented Jan 31, 2019

@kollaes

Hi, running openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem i get this error:

unable to load Private Key
140735944156104:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: ANY PRIVATE KEY

can you help me?

Thanks.

Can you try generating the private key using ssh-keygen

@kythanh
Copy link

kythanh commented Mar 19, 2019

I had the same problem and fixed by adding -m PEM when generate keys.

So the gen key command look like:

ssh-keygen -t rsa -b 4096 -m PEM

Then you can get pem from your rsa private key.

openssl rsa -in id_rsa -outform pem > id_rsa.pem

@kollaesch doesn't seem to be the case. I still got:

@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

@Khrol
Copy link

Khrol commented Mar 19, 2019

Expecting: ANY PRIVATE KEY

I have this error only with 4096-bit key. Looks like it's the problem.

@KevinJCross
Copy link

KevinJCross commented May 7, 2019

yup Ive got this same problem with a 4k key too

@jgamblin
Copy link

jgamblin commented Jun 14, 2019

@joaquinclearmetal
Copy link

joaquinclearmetal commented Jul 18, 2019

unable to load Private Key
140149128779416:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY```

On both macOS and Ubuntu 16.  I don't want to gen a new key, as i have the pub key installed on several servers.

@andreif
Copy link

andreif commented Aug 12, 2019

For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using

ssh-keygen -f my-rsa-key -m pem -p

Note: when it was missing -p argument I got Expecting: ANY PRIVATE KEY error.

@bnabriss
Copy link

bnabriss commented Sep 8, 2019

For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using

ssh-keygen -f my-rsa-key -m pem -p

Note: when it was missing -p argument I got Expecting: ANY PRIVATE KEY error.

Thanks, after hours of searching this is one works with me.
I used this for sftp with phpstorm

@jonathanmv
Copy link

jonathanmv commented Mar 23, 2020

Please bare in mind that ssh-keygen -f my-rsa-key -m pem -p will modify your existing file. In this case my-rsa-key

@gabmontes
Copy link

gabmontes commented Apr 2, 2020

@kythanh solution worked for me!

@xtealer
Copy link

xtealer commented May 3, 2020

I had the same problem and fixed by adding -m PEM when generate keys.

So the gen key command look like:

ssh-keygen -t rsa -b 4096 -m PEM

Then you can get pem from your rsa private key.

openssl rsa -in id_rsa -outform pem > id_rsa.pem

@kollaesch doesn't seem to be the case. I still got:

@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

This worked for me.

@robvanderleek
Copy link

robvanderleek commented Jun 16, 2020

FWIW, this worked for me on macOS 10.15.5 to convert (in-place, will modify original file!) a private key file id_rsa to the PEM format:

$ ssh-keygen -p -m PEM -f ./id_rsa

@thayshiva
Copy link

thayshiva commented Aug 2, 2020

I had the same problem and fixed by adding -m PEM when generate keys.

So the gen key command look like:

ssh-keygen -t rsa -b 4096 -m PEM

Then you can get pem from your rsa private key.

openssl rsa -in id_rsa -outform pem > id_rsa.pem

@kollaesch doesn't seem to be the case. I still got:

@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

Thanks, this worked for me as well.

@kadircs
Copy link

kadircs commented Feb 16, 2021

This worked!!! But as others said, your private key is overwritten.

For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using

ssh-keygen -f my-rsa-key -m pem -p

Note: when it was missing -p argument I got Expecting: ANY PRIVATE KEY error.

@dzmitry-lahoda
Copy link

dzmitry-lahoda commented Feb 19, 2021

@coolaj86 tried to run on windows, got errors (rsa -> jwt json)

C:\Users\dz\.ssh> ssh-to-jwk id_rsa
C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135
    len = dv.getUint32(index, false);
             ^

RangeError: Offset is outside the bounds of the DataView
    at DataView.getUint32 (<anonymous>)
    at Object.SSH.parseElements (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135:14)
    at Object.SSH.parse (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:23:24)
    at Object.<anonymous> (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\bin\ssh-to-jwk.js:26:16)
    at Module._compile (internal/modules/cjs/loader.js:1063:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
    at Module.load (internal/modules/cjs/loader.js:928:32)
    at Function.Module._load (internal/modules/cjs/loader.js:769:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
    at internal/main/run_main_module.js:17:47

@mattiacantalu
Copy link

mattiacantalu commented Mar 12, 2021

I had the same problem and fixed by adding -m PEM when generate keys.

So the gen key command look like:

ssh-keygen -t rsa -b 4096 -m PEM

Then you can get pem from your rsa private key.

openssl rsa -in id_rsa -outform pem > id_rsa.pem

@kollaesch doesn't seem to be the case. I still got:

@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

Worked to me too. Thanks man !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment