Tools to deal with OpenSSH2 (RFC4716) keys in as pure Python 3 as possible.
These key files are the default format generated by
ssh-keygen since OpenSSH 7.8 (2018-08-24)
and can be recognized from their
-----BEGIN OPENSSH PRIVATE KEY----- header.
If you need to simply convert one of these files into the "legacy" PEM format, you can do it using
a recent enough
ssh-keygen – or you can use this library. In case you just want the conversion done,
ssh-keygen -e -m PEM -p -f my-openssh-format-private-key
my-openssh-format-private-key in-place into PEM.
- Encrypted OpenSSH private key files are not yet supported, and raise an error.
- Not all key formats supported by OpenSSH are supported; the widest support is for RSA keys.
- Python 3.5+
Install the package into your environment using your favored tools.
If you need to be able to convert key data into PEM, also install
(or install this package with the
convert extra, which depends on that module).
The basic API is provided via
openssh_key.OpenSSHKeyFile.parse_text(), like so:
from openssh_key import OpenSSHKeyFile with open('my-openssh-format-private-key') as infp: kf = OpenSSHKeyFile.parse_text(infp) for keypair in kf.decrypt_keypairs(): print(keypair.public_key_string) # as you'd find in `authorized_keys`
See the modules themselves and the tests for more.