Convert Invalid OpenSSH format key file to RSA

Some utilities are not working with the default OpenSSH “ssh-keygen” utility because they are not in RSA format as in the past. I noticed on some new systems (CentOS 8, in my case) the file started with this:


WARNING: The command below will convert the key file in-place, so make a copy first.

cp id_rsa id_rsa.bak
ssh-keygen -p -N "" -m PEM -f id_rsa -t rsa

That command will convert using no passphrase using the -p -N “” switch. If you have a passphrase you can use -p -P “pass” -N “pass”.

I also tried other ways using ssh-keygen and nothing worked. Like using the -i -f arguments, or the -T switch to output a file. Each way just gave me different errors. The above did work though, I just had to do some file copies to save them in different formats for different tools.

In the end the format should be normal: