Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which starts with:
-----BEGIN OPENSSH PRIVATE KEY-----
JSch does not support this key format.
You can use ssh-keygen
to convert the key to the classic OpenSSH format:
ssh-keygen -p -f <privateKeyFile> -m pem -P passphrase -N passphrase
This “abuses” -p
(change passphrase) command. It will overwrite the private key file identified by the -f
option with a new private key in the classic OpenSSH format (pem
). You can keep the current passphrase as the new passphrase. If the key was not encrypted with a passphrase, use ""
instead of passphrase
. After, you can use ssh-keygen -y -e -f <privateKeyFile> >temp.pub
to compare public keys and verify the existing public key works with the new format of private key.
For Windows users: Note that ssh-keygen.exe
is now built-in in Windows 10/11. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.
On Windows, you can also use PuTTYgen (from PuTTY package):
- Start PuTTYgen
- Load the key
- Go to Conversions > Export OpenSSH key.
For RSA keys, it will use the classic format.
If you are creating a new key with ssh-keygen
, just add -m PEM
to generate the new key in the classic format:
ssh-keygen -m PEM