0

Our Oracle service is migrating servers to the Oracle Cloud. We need to change the host for our SFTP access. "The authentication via your SCP login name and SSH2 keys remains the same if your current SSH2 key is an OpenSSH key."

We are able to connect to the new host though the migration hasn't happened. I want to confirm that my key pair is OpenSSH format. Is there a way to do this?

Improve this question
0

1 Answer 1

Reset to default
0

Assuming the question is about the private key file: If you can use it with OpenSSH's ssh and sftp clients, then it's "an OpenSSH key" – the server can't really tell the difference.

The format only matters when installing the public key on the server (i.e. when adding it to OpenSSH's authorized_keys or similar), but from the quoted message sounds like that has already been done previously (i.e. existing keys carried over), so that's probably not a concern here.

There is not much standardization between key file formats used for SSH2; however, all of them only differ in their "packaging" – the actual data stored in them is the same, so the exact same key can be freely converted between e.g. OpenSSH and PuTTY and PKCS#8 and SSH.COM formats.

In particular, a server has no way of knowing whether you have an "OpenSSH key" on your side. What's sent over the network by SSH clients is always sent in a standard format (and only the public key is sent); the SSH client loads whatever key file format it uses and automatically produces the correct network format to be sent to the server during authentication.

Most key formats used by SSH software are text-based, so you can open them with Notepad:

  • One long line that starts with ssh-XXX AAAAxxxxx... – an OpenSSH public key.
  • Starts with -----BEGIN OPENSSH PRIVATE KEY----- – an OpenSSH private key (often called "new format" or "OpenSSH format").
  • Starts with -----BEGIN PRIVATE KEY----- – a PKCS#8 private key, created by older OpenSSH versions (often called "PEM format" or "OpenSSL format").
  • Starts with -----BEGIN ENCRYPTED PRIVATE KEY----- – also PKCS#8 but with a passphrase.
  • Starts with -----BEGIN RSA PRIVATE KEY----- – a PKCS#1 private key, similar to PKCS#8 but older. (Again often called "PEM format" and comes from OpenSSL.)
  • Starts with PuTTY-User-Key-File-2 – a PuTTY private key.
  • Starts with ---- END SSH2 PUBLIC KEY ---- – an SSH.COM public key. (It's a commercial SSHv2 client/server product that likes to claim being "the" SSH.)
  • Starts with ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- – an SSH.COM private key.

Almost always, some combination of puttygen or ssh-keygen commands can be used to transform the key from one format to another.

Improve this answer
1
  • "Starts with ---- END SSH2 PUBLIC KEY ----" – Does it really start with END? Quite peculiar.
    – Kamil Maciorowski
    Commented Jul 11, 2023 at 18:32

Not the answer you're looking for? Browse other questions tagged .