Skip to content
Tools to deal with OpenSSH2 (RFC4716) keys in Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Tools to deal with OpenSSH2 (RFC4716) keys in as pure Python 3 as possible.

These key files are the default format generated by ssh-keygen since OpenSSH 7.8 (2018-08-24) and can be recognized from their -----BEGIN OPENSSH PRIVATE KEY----- header.

If you need to simply convert one of these files into the "legacy" PEM format, you can do it using a recent enough ssh-keygen – or you can use this library. In case you just want the conversion done,

ssh-keygen -e -m PEM -p -f my-openssh-format-private-key

will transmute my-openssh-format-private-key in-place into PEM.


  • Encrypted OpenSSH private key files are not yet supported, and raise an error.
  • Not all key formats supported by OpenSSH are supported; the widest support is for RSA keys.


  • Python 3.5+


Install the package into your environment using your favored tools.

If you need to be able to convert key data into PEM, also install cryptography (or install this package with the convert extra, which depends on that module).

The basic API is provided via openssh_key.OpenSSHKeyFile.parse_text(), like so:

from openssh_key import OpenSSHKeyFile

with open('my-openssh-format-private-key') as infp:
    kf = OpenSSHKeyFile.parse_text(infp)

for keypair in kf.decrypt_keypairs():
    print(keypair.public_key_string)  # as you'd find in `authorized_keys`

See the modules themselves and the tests for more.

You can’t perform that action at this time.