Learn how to convert SSH key to PEM format on Linux using ssh-keygen. Follow this step-by-step guide to safely convert your RSA 4096-bit private key for compatibility with legacy systems and applications.
SSH keys are widely used for secure server access, and RSA 4096-bit keys provide strong encryption. In some cases, you may need to convert your private SSH key to PEM format for compatibility with certain applications, tools, or older SSH clients. This guide explains how to perform the conversion safely on Linux.
Table of Contents
Why Convert SSH Key to PEM Format?
Modern OpenSSH keys are often generated in the newer OpenSSH format by default. However, some tools, such as certain legacy SSH clients, Java applications, or OpenSSL-based software, require keys in the traditional PEM format. Converting ensures compatibility without regenerating a new key pair.
Step 1: Backup Your Private Key
Before making any changes, create a backup of your original private key:
cp ~/.ssh/id_rsa_4096 ~/.ssh/id_rsa_4096.backupThis ensures you can restore your key if anything goes wrong during the conversion process.
Step 2: Convert the Key to PEM Format
Use ssh-keygen to convert your RSA private key to PEM format:
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa_4096Explanation of the command:
-p: Prompts to change the passphrase (you can leave it unchanged by pressing Enter).-m PEM: Converts the key to PEM format.-f ~/.ssh/id_rsa_4096: Specifies the private key file to convert.
After running this command, your private key will be in PEM format and compatible with legacy systems that require it.
Step 3: Verify the Conversion
To verify the key is still valid and readable, you can check the fingerprint:
ssh-keygen -lf ~/.ssh/id_rsa_4096If the fingerprint matches the original key, the conversion was successful.
Best Practices
- Always keep a backup of your original private key before conversion.
- Use a strong passphrase to protect your private key.
- Never share your private key; only the public key should be distributed.
- Ensure proper file permissions on your private key:
chmod 600 ~/.ssh/id_rsa_4096
chmod 644 ~/.ssh/id_rsa_4096.pubConclusion
Converting your SSH RSA 4096-bit key to PEM format on Linux is simple and ensures compatibility with legacy tools and applications. By following the steps above, you can maintain the security of your SSH keys while making them usable in a wider range of environments.