Is it possible to convert ssh private key from PEM to OpenSSH format without a salt?

Question

Per https://www.reddit.com/r/sysadmin/comments/wf7ri8/comment/iit1rwx/ to convert a private key from PEM to OpenSSH format I need to first make a copy of the file and then run:

ssh-keygen -p -f private_key_openssh.pem -N ""

The problem is that every time I run this command, a portion of the output keeps on changing as if some random salt was being used. I need a command that will generate consistent output because the value is being used in automated tests.

Is there another way to convert PEM to OpenSSH format? Is there a way to hard-code the changing component to something stable?

UPDATE: As requested, here is a concrete example...

Given this test key in PEM format:

if I copy /Y private_key.pem private_key_openssh.pem and then ssh-keygen -p -f private_key_openssh.pem -N "" I get this output:

If I repeat this process a second time I get this output:

and so on. Every time I run the command, the same subset of the output gets modified, but every time I get a different value.

score 0 · Answer 1 · answered Dec 09 '24 at 21:10

Just use the public key in your unit tests. I.e: you can generate the public key from the private with:

 ssh-keygen -y -f private.key > public.key

By definition if two private keys authenticate against the same public key they are the same private keys.

Additionally you don't need to worry about leaking secrets - if you want to put the public key in source control etc, since the public key is not considered secret.

Is it possible to convert ssh private key from PEM to OpenSSH format without a salt?

1 Answers1