How do you convert OpenSSH Private key files to Private key files?


It cannot be done by the ssh-keygen program even though most man pages say it can.  They discourage it so that you will use multiple public keys. The only problem is that RCF will not allow you to register more than one public key.


The workaround is to use the puttygen program.  It is availble on the web.  Open 'puttygen' and generate a 2048 bit rsa public/private key pair. Make sure you add a password after it is generated. Save the public key as "" and save the private key as "puttystyle". The putty program and programs share a common public-key format but the putty program and OpenSSH have different public-key formats.  We will come back to this, later. You should be able to load both puttystyle keys into the putty program. However, the private key formats for putty and are not the same and so you will have to create a converted file. Go to the conversions menu and export an key.  Save it as "sshstyle".  Now go back to the conversions menu and export an openssh key.  Save it as "openssh".  These names are arbitrary and you can choose your own.  You will have to change the names for installation on an OpenSSH machine, later.  See below.


Import the keys into the program by selecting the following menus:


Edit => Settings => UserKeys


The two keys that you are about to import can have any name but they must share the same name and the public key must have a .pub extension on the end of the name.  After importing, hit the "configure" button to load the keys into the authorization file. (You may have to restart the program and accept their offer to convert your keys if you have used a 1024 bit key length rather than a 2048 bit key length.)


Move the "openssh" file to your OpenSSH Unix machine.  You still have to import this file and create a public key for it because the public key format that came from putty is not compatible with OpenSSH.  Rename the 'openssh' file to be "id_rsa" and put it in the “.ssh” sub-diretory.  Note that the 'id_rsa' name is the default name for the private key password file on OpenSSH machines and you must use it.  cd to the .ssh directory and create a matching public key.  In order to create the public key, you use the command:


ssh-keygen -i >


Give this public key the same password that you used for the putty key.  Finally, copy the new public key into the 'authorized_keys' file with:


cat >> authorized_keys


Change the permissions on 'id_rsa' so they are -rw------- (600) and the permissions on '' to -rw--r--r-- (644) and the permission on the 'authorized_keys' file to rw--r--r-- (644).  The file will not be used again after it has been appended onto the 'authorized_keys' file. You can remove it ... or save it as a reference so you can install it on another OpenSSH machine.  


You can check the fingerprint of your file with the "ssh-keygen -l" command.  The last option is a lower case L.  You will need the fingerprint to upload the public key to RCF. 


When you are done with all that, you should be able to log in from any machine to any other machine.


Note that the client has a program called ssh-keygen2 with various options that may short circuit some of the instructions above.  I have not tried it.  It is operated from the Windows command line window (sometimes called the DOS prompt) and you have to set your path so it can be found or change directories so you are sitting in the same directory as the executable.