At work, the system used to get a Windows Administrator password in our OpenStack based system (K5) is derived from the SSH Public Key recorded in the system.
It’s really easy to use, and can be found here: https://decrypt-win-passwd.uk-1.cf-app.net
There is one downside to this though – the application needs the private key to be supplied to it (it’s OK, you regularly rotate your SSH private keys… right??) in PEM format… Now, if you’re any sort of sensible SSH user, you’ve used either OpenSSH’s ssh-keygen command, or PuTTY’s puttygen command… neither of which produce a PEM format key.
So, you need to convert it. After a bit of proding and poking, I found this command
openssl rsa -outform PEM -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa.pem
Like the last post, this is more for me to find stuff in the future, but… if he helps someone else, so much the better!!
I was curious about proving that ssh key pair match but am having trouble converting my private key:
$ openssl rsa -outform PEM -in ~/.ssh/id_rsa -out id_rsa.pemCould not read private key from /home/peon/.ssh/id_rsa
$ ls -ld ~/.ssh/id_rsa
-rw------- 1 peon peon 2610 Apr 4 2024 /home/peon/.ssh/id_rsa
$
I use the key all the time for ssh. Does anyone have an idea what’s wrong?
Hey John, thanks for commenting! The only thing I can imagine it is, is that the id_rsa file isn’t formatted properly for
opensslbut works for SSH. Check your SSH key and make sure that it starts like this:-----BEGIN OPENSSH PRIVATE KEY-----and ends like this:
-----END OPENSSH PRIVATE KEY-----If you run
file ~/.ssh/id_rsait might also reveal what the issue is, for example, in a.sshdirectory I have access to, when I didfile *I saw:$ file *config: ASCII text
config.d: directory
id_ed25519: OpenSSH private key
id_ed25519.pub: OpenSSH ED25519 public key
id_rsa: OpenSSH private key
id_rsa.pub: OpenSSH RSA public key
id_rsa_legacy: PEM RSA private key
known_hosts: ASCII text, with very long lines (613)
So, maybe you’ve just got a funky SSH Private Key which OpenSSL can’t interpret properly?