Bug 3023

Summary: ssh-keygen no longer writes PKCS#1 PEM format
Product: Portable OpenSSH Reporter: Sam <s.e.adams>
Component: ssh-keygenAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED INVALID    
Severity: normal CC: dtucker, jjelen
Priority: P5    
Version: 8.0p1   
Hardware: All   
OS: Linux   

Description Sam 2019-06-26 06:01:12 AEST 
After upgrading OpenSSH 7.9 to 8.0 (while upgrading from Fedora 29 to 30), ssh-keygen can no longer generate PKCS#1 formatted private keys.  I'm specifying "-m PEM" to generate keys in the legacy PEM private key format, but the output format has changed between the releases.

Is it possible to still generate PKCS#1 formatted keys with OpenSSH 8.0?  I'm processing these keys with dropbearconvert, which doesn't support the PKCS#8 format.


Example outputs:


## Fedora 29 / OpenSSH 7.9

$ rpm -qa | grep openssh
openssh-clients-7.9p1-6.fc29.x86_64
openssh-server-7.9p1-6.fc29.x86_64
openssh-7.9p1-6.fc29.x86_64

$ ssh-keygen -t rsa -b 2048 -m PEM -f ~/id_pem -N ""
Generating public/private rsa key pair.
Your identification has been saved in /home/foo/id_pem.
Your public key has been saved in /home/foo/id_pem.pub.
The key fingerprint is:
SHA256:SPvtI5cPgKCjrH+wsgYy076vE1NTjcfc9Mc6cdbHG9I foo@localhost
The key's randomart image is:
+---[RSA 2048]----+
|       = o.      |
|      o = .. ..o |
|    ....    o.=E+|
|   .oo +     *. +|
| .o. .+ S   o  . |
|*.=.   . o   .   |
|+= =    . o.     |
|o.+ .   ..+.     |
|+++*.    o.o.    |
+----[SHA256]-----+

$ head id_pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwkG0o3kuCd7dxQa7cJPWSqZO6eADPgivWJ7aE6vbj7diXoSX
UF40roLIgt8lcKVvGaWdrD3YUQLVUMPlKpiyICCVLwLDapP/Qm8v4GoxClVUgjg6
DddQYI8GQImpLCLy3Rg+9EK+ubBkIBngiVMu8y3Q6ZAulTcQthONjyndRZbSxHR2


----------


## Fedora 30 / OpenSSH 8.0

$ rpm -qa | grep openssh
openssh-8.0p1-4.fc30.x86_64
openssh-server-8.0p1-4.fc30.x86_64
openssh-clients-8.0p1-4.fc30.x86_64

$ ssh-keygen -t rsa -b 2048 -m PEM -f ~/id_pem -N ""
Generating public/private rsa key pair.
Your identification has been saved in /home/foo/id_pem.
Your public key has been saved in /home/foo/id_pem.pub.
The key fingerprint is:
SHA256:sthFFnvZu0BUN5Evd2UUbme/S7wNiHlAaj6i+Q6dL0o foo@localhost
The key's randomart image is:
+---[RSA 2048]----+
|        . ... +=o|
|         + o .o.o|
|        + = .  =+|
|       o =   .o.*|
|      . S o .  oo|
|     + B   = o. .|
|    E * o o + .+ |
|   . +.o . .  ..+|
|    ++o..      o.|
+----[SHA256]-----+

$ head id_pem
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCpoPt4v6ESanwB
BZ0Q2k/KQaXBcm5tVYDZPT7jWFlei9x0bfP7MltXy4DyH75T5TwPNocLk9ehWKnA
l+vFetu/P9BtGuLyDhb0oGym91NjQbfquDzl+9n/lHJQgFQYZbimXyTJgcqZwOl7
Comment 1 Jakub Jelen 2019-06-26 18:16:57 AEST 
See the bug #3013 which proposed this change.

The simplest solution would be to teach dropbear this format. The OpenSSL 1.0 introducing this format was released almost 10 years ago.

Otherwise, you can always use openssl to convert the keys for you:

openssl pkey -traditional -in /tmp/rsa.pem -out /tmp/rsa-traditional.pem
Comment 2 Darren Tucker 2019-07-05 15:48:41 AEST 
This appears to be due to a Fedora specific change and does not apply to any version supplied by the OpenSSH team, so I'm closing this bug.  Discussion about any possible changes to the key formats will be over at bug#3013.  Thanks for the report.
Comment 3 Damien Miller 2021-03-04 09:52:49 AEDT 
close bugs that were resolved in OpenSSH 8.5 release cycle