Bug 2947

Summary: ssh-keygen generated keys are not read in by openssl
Product: Portable OpenSSH Reporter: Thomas Schweikle <tschweikle>
Component: ssh-keygenAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: djm, jjelen
Priority: P5    
Version: 7.9p1   
Hardware: Other   
OS: Windows 7   

Description Thomas Schweikle 2018-12-19 22:06:34 AEDT 
# ssh-keygen -t rsa -b 2048 -N "" -C "TestKey" -f id_gvm_rsa
Generating public/private rsa key pair.
id_gvm_rsa already exists.
Overwrite (y/n)? y
Your identification has been saved in id_gvm_rsa.
Your public key has been saved in id_gvm_rsa.pub.
The key fingerprint is:
SHA256:9NrSbEbjs8/5zXqSX7vVDwv7Ws7U0FBV+YGKOwXVmM0 TestKey
The key's randomart image is:
+---[RSA 2048]----+
|          ..* . B|
|         . o E + |
|        . o . . o|
|       . o o   o.|
|        S *   . .|
|         X .   o.|
|        o X . +.=|
|         + + Oo=*|
|          ..*+BB*|
+----[SHA256]-----+
# openssl req -x509 -days 2000 -new -key id_gvm_rsa -out id_gvm_rsa-cert.pem
unable to load Private Key
140028946031680:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Handbook and examples state this shall work. It does not.
This breaks various tools and websites importing private or public ssh-keys. They just fail.
Comment 1 Jakub Jelen 2018-12-19 23:00:03 AEDT 
The release notes [0] specify this pretty explicitly:

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format.

If you wish to generate the PEM files, use the -m PEM, which is unfortunately undocumented either [1] yet.

[0] http://www.openssh.com/txt/release-7.8
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2904
Comment 2 Thomas Schweikle 2018-12-20 02:45:42 AEDT 
It should not matter which format I wrote the keys out. Since the private key is in all cases written in more or less pem-format.

Importing some ssh-keygen generated private key this way should work out of the box. But it does not. Interestingly if I generate the key pair using openssl I can import this key and use it together with ssh! Even ssh-keygen accepts this key and exports an ssh-format public key from it.

So what does ssh-keygen do other than openssl while writing a key out? The private key written by ssh-keygen is only usable by ssh-keygen, while the private key written by openssl is usable by both: ssh-keygen and openssl!

# openssl genpkey -algorithm RSA -out id_rsa.key -pkeyopt rsa_keygen_bits:2048 && chmod 0600 id_rsa.key
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem && chmod 0600 $id_rsa.pem
# cp id_rsa.key id_rsa
# ssh-keygen -y -f id_rsa > id_rsa.pub

but

# ssh-keygen -t rsa -b 2048 -N "" -C "" -f id_rsa
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem

Creates a key openssl chocs on:
unable to load Private Key
140028946031680:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Visually there is no difference with these files (except for the key).
Comment 3 Damien Miller 2019-01-22 22:09:11 AEDT 
OpenSSH stopped using PEM keys a few releases ago because the security of the PEM password encryption is very bad and showed no signs of improving. 

If you don't care about key theft and offline cracking of your key's 
passphrases then you can still use the PEM key format in OpenSSH:

ssh-keygen -m PEM -f /path -t type   # generate
ssh-keygen -m PEM -p -f /path        # convert new format to PEM
Comment 4 Damien Miller 2021-04-23 15:00:24 AEST 
closing resolved bugs as of 8.6p1 release