Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
This howto demonstrates how to convert an OpenSSL key to a public/private OpenSSH key-pair.
The motivation for converting this is simple — dual use. That is to say, any user or application that has been issued a certificate can now use their SSL-based credentials for both SSL- and SSH-based authentication.
Requirements
You’ll need a valid certificate and private key — actually only the key is required. This recipe assumes that your certificate and key will have the names user-crt.pem and user-key.pem, respectively. If your key is encrypted (which it should be), you’ll also need to have it’s passphrase handy.
You’ll need a shell account on a system that supports OpenSSH logins using public/private key authentication.
Solution
The solution is to extract the public key from the private key using ssh-keygen, copy the new key-pair into place, and test them out.
1. Copy the private SSL key to ~/.ssh/id_ssl.
$ cp user-key.pem ~/.ssh/id_ssl
$ chmod 600 ~/.ssh/id_ssl
2. Extract the public SSH key using ssh-keygen.
$ ssh-keygen -y -f ~/.ssh/id_ssl > ~/.ssh/id_ssl.pub
$ chmod 600 ~/.ssh/id_ssl.pub
3. Add the public key to your authorized_keys
$ cat ~/.ssh/id_ssl.pub >> ~/.ssh/authorized_keys
4. Test the new key by attempting to SSH to localhost.
$ ssh -i ~/.ssh/id_ssl localhost
At this point, you’ll need to enter your passphrase (assuming you had one), and if all goes well, you’ll be sitting at a new shell prompt.
5. Remove the test key from your authorized_keys file.
In theory, a single certificate and key issued to an employee would be sufficient to access all participating SSL- and SSH-based resources in a given environment (or perhaps the entire company).
This post is based on an original recipe by Klayton Monroe.
Related posts:
- SSL: Verifying that a Certificate matches a Private Key
- SSH Key for Login Without Password
- Openssl to create an unencrypted key from an encrypted one (Remove password)
- Howto Convert Text File From UTF-8 to ISO-8859-1 Encoding
- Howto Create Generate a Certificate Signing Request
- Sending Spam with SWT
- SSL Certificates Review: What to Buy
- OpenSSL CSR Wizard
- OpenSSH: Disabled Reverse DNS Lookup
- GnuPG/GPG: Exporting your Public Key
Popular Related Items »
Incoming search terms
- convert cer to pfx
- convert crt to pfx
- convert cer to crt
- convert pfx to cer
- convert pfx to crt
- crt to pfx
- openssl extract private key
- convert cer to pkcs12
- convert crt to pem
- openssl convert
- ssh certificate howto
- openssl generate key pair
- openssl key pair
- ssh pem
- convert cer to key
- convert cer to p12
- how to convert cer to pfx
- openssl convert key to pem
- openssl convert public key
- convert cer p12
- converting cer to pfx
- openssh pem
- openssl convert cer pfx
- openssl convert cer to pfx
- openssl convert cer to pkcs12
- openssl convert key
- openssl howto
- openssl key
- pfx to crt
- convert crt pfx
- convert CRT to private key
- convert pfx to cer and key
- extract private key from crt
- openssh convert key
- OPENSSL CER TO CRT
- openssl cer to pfx
- openssl extract private key from crt
- cer to crt
- cer to pfx converter
- convert cer to pem
- convert cer to pem openssl
- convert cer to pfx file
- convert key to p12
- convert pfx to crt key
Converting an OpenSSL key to an OpenSSH key-pair « 0ddn1x: tricks with *nix said,
October 13, 2009 @ 21:19
[...] key to an OpenSSH key-pair Filed under: Security — 0ddn1x @ 2009-10-13 19:19:18 +0000 http://mediakey.dk/~cc/howto-convert-an-openssl-key-to-a-publicprivate-openssh-key-pair/ Leave a Comment TrackBack [...]