SSH key generated by ssh-keygen is not recognized by Paramiko: "not a valid RSA private key file"
Question
I have the following code:
ssh_key = paramiko.RSAKey.from_private_key_file(key_filename)
the key looks like this:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEAqdgmJ2AQlmvpCsDWjbpIvIrx4AwtKn2t10wmGZIN9pqcJgQpo3HD
and is valid:
$ ssh-keygen -l -f <mykeyfile>
$ 2048 SHA256:x8jlUAObU3q2KXRtuGpxwhnGvB/ZoeD2IUqSA1OkCmI thomas@Thomas-MBP-2017 (RSA)
but I get the the following error:
not a valid RSA private key file
This is on MacOS, Python 2.7, Paramiko 2.4.2
What am I doing wrong?
1 answers
solution1
5 ACCPTED 2019-04-09 04:26:08
For OpenSSH 7.8 up, you have to trick it. Run ssh-keygen -p [-f file] -m pem to purportedly change passphrase, but reuse the old one. Use -P oldpw -N newpw if you want to avoid the prompts, as in a script, but be careful of making your passphrase visible to other users. As a side effect this rewrites the keyfile (if not ed25519) in 'old' (OpenSSL-compatible and thus paramiko-compatible) format. (If you want to keep the new-format file, copy first.)
For older versions of OpenSSH just do ssh-keygen -p [-f file] WITHOUT -o .
Also, if you have (or get) it, the puttygen utility in the PuTTY suite from 0.69 up supports this format. In the Unix version, just do puttygen newfmtfile -O private-openssh -o oldfmtfile (again excepting ed25519). In the Windows version AFAICT you must use the GUI; load the newfmtfile and do Conversions / Export OpenSSH key .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.