Tools to deal with OpenSSH2 (RFC4716) keys in as pure Python 3 as possible.
These key files are the default format generated by ssh-keygen since OpenSSH 7.8 (2018-08-24)
and can be recognized from their -----BEGIN OPENSSH PRIVATE KEY----- header.
If you need to simply convert one of these files into the "legacy" PEM format, you can do it using
a recent enough ssh-keygen – or you can use this library. In case you just want the conversion done,
ssh-keygen -e -m PEM -p -f my-openssh-format-private-keywill transmute my-openssh-format-private-key in-place into PEM.
- Encrypted OpenSSH private key files are not yet supported, and raise an error.
- Not all key formats supported by OpenSSH are supported; the widest support is for RSA keys.
- Python 3.7+
Install the package into your environment using your favored tools.
If you need to be able to convert key data into PEM, also install cryptography
(or install this package with the convert extra, which depends on that module).
The basic API is provided via openssh_key.OpenSSHKeyFile.parse_text(), like so:
from openssh_key import OpenSSHKeyFile
with open('my-openssh-format-private-key') as infp:
kf = OpenSSHKeyFile.parse_text(infp)
for keypair in kf.decrypt_keypairs():
print(keypair.public_key_string) # as you'd find in `authorized_keys`See the modules themselves and the tests for more.
