I am trying to get a ssh cert for sftp setup with 3rd party vendor in pem format and should be SSH2, using RSA algo with the Key lengths of 2048.
Do the below steps make some sense (Please correct me if I am wrong)
- First, I need to create a key pair.
ssh-keygen -f ssh_host_rsa_key -N '' -b 2048 -t rsa
- Convert them to ssh2/RFC4716 format.
ssh-keygen -ef ssh_host_rsa_key -mRFC4716(private key)
- Crate a CA key pair and try to sign the pub key with CA private key and derive the SSH cert.
- Once we have the SSH cert, convert it into PEM format.
I followed the below process but struck here.
First, created a key pair with 2048 length (command:
ssh-keygen -f ssh_host_rsa_key -N ‘’ -b 2048 -t rsa
) Private key starts with (BEGIN OPENSSH PRIVATE KEY) Public key starts with (ssh-rsa)Converted the private key( I believe private key will contain keypair(pri key+ pub key_) to SSH2/RFC4716 format and named the new file ssh_host_rsa_key_4716) Command: ssh-keygen -ef ssh_host_rsa_key -mRFC4716 > ssh_host_rsa_key_4716)
The private key changed to SSH2 format but public key is still (starts with ssh-rsa). So I manually converted the public key to ssh2 format.
However, when I created pair of CA keys and tried to sign the public key with CA private key, it took the original pub key with(ssh-rsa format) but not the converted ssh2 format pub key.
Can you please give your input or any guidance?
I tried different key combinations but for some reason I am missing some basic things. Trying to generate an ssh cert for SFTP setup but stuck on the way.