Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

openpgp2ssh(1) [debian man page]

OPENPGP2SSH(1)						    BSD General Commands Manual 					    OPENPGP2SSH(1)

NAME

     openpgp2ssh -- translate OpenPGP keys to SSH keys

SYNOPSIS

     openpgp2ssh < mykey.gpg

     gpg --export $KEYID | openpgp2ssh $KEYID

     gpg --export-secret-key $KEYID | openpgp2ssh $KEYID

DESCRIPTION

     openpgp2ssh takes an OpenPGP-formatted primary key and associated subkeys on standard input, and spits out the requested equivalent SSH-style
     key on standard output.

     If the data on standard input contains no subkeys, you can invoke openpgp2ssh without arguments.  If the data on standard input contains mul-
     tiple keys (e.g. a primary key and associated subkeys), you must specify a specific OpenPGP key identifier as the first argument to indicate
     which key to export.  The key ID is normally the 40 hex digit OpenPGP fingerprint of the key or subkey desired, but openpgp2ssh will accept
     as few as the last 8 digits of the fingerprint as a key ID.

     If the input contains an OpenPGP RSA public key, it will be converted to the OpenSSH-style single-line keystring, prefixed with the key type
     (`ssh-rsa').  This format is suitable (with minor alterations) for insertion into known_hosts files and authorized_keys files.

     If the input contains an OpenPGP RSA secret key, it will be converted to the equivalent PEM-encoded private key.

     openpgp2ssh is part of the monkeysphere(7) framework for providing a PKI for SSH.

CAVEATS

     The keys produced by this process are stripped of all identifying information, including certifications, self-signatures, etc.  This is
     intentional, since ssh attaches no inherent significance to these features.

     openpgp2ssh will produce output for any requested RSA key.  This means, among other things, that it will happily export revoked keys, unveri-
     fiable keys, expired keys, etc.  Make sure you do your own key validation before using this tool!

EXAMPLES

     gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin

     This pushes the secret key into the active ssh-agent(1).  Tools such as ssh(1) which know how to talk to the ssh-agent(1) can now rely on the
     key.

AUTHOR

     openpgp2ssh and this man page were written by Daniel Kahn Gillmor <dkg@fifthhorseman.net>.

BUGS

     openpgp2ssh only works with RSA keys.  DSA keys are the only other key type available in both OpenPGP and SSH, but they are currently unsup-
     ported by this utility.

     openpgp2ssh only accepts raw OpenPGP packets on standard input.  It does not accept ASCII-armored input.  openpgp2ssh Currently only exports
     into formats used by the OpenSSH.	It should support other key output formats, such as those used by lsh(1) and putty(1).

     Secret key output is currently not passphrase-protected.

     openpgp2ssh currently cannot handle passphrase-protected secret keys on input.

SEE ALSO

     pem2openpgp(1), monkeysphere(1), monkeysphere(7), ssh(1), monkeysphere-authentication(8), monkeysphere-host(8)

BSD
								  March 1,, 2009							       BSD

Check Out this Related Man Page

SSH-KEYCONVER(1)					    BSD General Commands Manual 					  SSH-KEYCONVER(1)

NAME

     ssh-keyconvert -- convert ssh v1 keys and authorization files

SYNOPSIS

     ssh-keyconvert [-k] [-o output_file] identity_file ...
     ssh-keyconvert [-a] [-o output_file] authorization_file ...

DESCRIPTION

     ssh-keyconvert converts RSA public and private keys used for public key based user authentication with protocol version 1 to the format used
     with protocol version 2.

     When using RSA user authentication with SSH protocol version 1, the client uses the private key from $HOME/.ssh/identity to provide its iden-
     tity to the server. The server grants or denies access based on whether the public part of this key is listed in $HOME/.ssh/authorized_keys.

     SSH protocol version 2 supports both DSA and RSA keys, but the way RSA keys are stored are differently. On the client, the default file name
     is .ssh/id_rsa rather than .ssh/identity, and the file's format is different as well. On the server, the public porting of the key can still
     be stored in .ssh/authorized_keys, but the key notation has changed as well.  Therefore, when switching from protocol version 1 to version 2,
     you either have to create a new identity key using ssh-keygen(1) and add that key to the server's authorized_keys file, or you need to con-
     vert your keys using ssh-keyconvert.

     By default, ssh-keyconvert will try to guess the type of file that is to be converted.  If it fails to guess correctly, you can tell if what
     type of conversion to perform by specifying the -k option to convert the private key, or the -a option to convert an authorisation file.

     When converting your private keys stored in .ssh/identity, ssh-keyconvert will read the private key, prompting you for the pass phrase if the
     key is protected by a pass phrase. If the -o option is given, it will write the private key to the specified file, using version 2 syntax. If
     the key was protected by a pass phrase, it will use the same pass phrase to protect the new file.	It will also write the public portion of
     the key to a second file, using the specified file name with ``.pub'' appended.  If the -o option was not given, private and public key will
     be written to id_rsa and id_rsa.pub, respectively, relative to the directory of the input key file.

     If the destination file already exists, ssh-keyconvert will prompt the user for confirmation before overwriting the file, unless the -f
     option is given.

     When converting your authorized_keys file, ssh-keyconvert will ignore any keys in SSH version 2 format. Any public keys in version 1 format
     will be converted and appended to the output file using the new syntax. If the -o option is given, keys are appended to the specified file.
     If it is not given, ssh-keyconvert will append all keys to the input file.

     Note that ssh-keyconvert does not check for duplicate keys, so if you run it on .ssh/authorized_keys more several times, the converted keys
     will show up several times.

OPTIONS

     -k      Convert private key file(s). The default is to guess the type of file that should be converted.

     -a      Convert authorized_keys file(s). The default is to guess the type of file that should be converted.

     -o outfile
	     Specify the name of the output file.  When converting an authorization file, all public keys will be appended to this file.  For pri-
	     vate key conversion, the private and public components of the key will be stored in outfile and outfile.pub, respectively.  Note that
	     since every key must be stored in a separate file, you cannot use this option when you specify several input files.

     -f      When converting a key file, and the output file already exists, ssh-keyconvert will ask the user whether to overwrite the file. Using
	     this option forces overwriting.

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  ssh-keyconvert was contributed by Olaf Kirch.

SEE ALSO

     ssh(1), ssh-add(1), ssh-agent(1), sshd(8)

     J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf-secsh-publickeyfile-01.txt, March 2001, work in progress material.

BSD
								 February 2, 2002							       BSD
Man Page