Question about key file formats used by OpenSSH

[Damien Miller]

On Mon, 2 Feb 2009, Elvis Stansvik wrote:

> Hello OpenSSH developers, first post.
> 
> I'm implementing SSH agent functionality in a program of mine, with
> the ability to add/remove keys files as saved by OpenSSH. So I'm
> trying to figure out which formats OpenSSH uses natively for the
> different types of keys. The only specification related to SSH key
> file formats I've found is RFC4716 (SSH Public Key File Format).
> 
> Analysis of ssh-keygen output with varying key types shows the
> following four formats for which I haven't found any specification:
> 
>  * Something similar to RFC4716 and RFC1421, but not quite the same.
>     Used by OpenSSH for version 2 DSA and RSA private keys.

These are PEM encoded private keys as per rfc1421 - they certainly
can be read and generated by OpenSSL's PEM API/tools ("openssl rsa" and
so forth).

>  * "ssh-dss|rsa-dss [base64?] comment".
>     Used by OpenSSH for version 2 DSA and RSA public keys.

The base64 data is a public key blob encoded as per rfc4253 section 6.6.
Technically the string identifier is redundant since it is encoded in
the blob too, but it is there for humans to read.

>  * "[keysize?] [decimal number] [more decimal numbers]".
>     Used by OpenSSH for version 1 RSA public keys.

The format here is:

bits rsa_e rsa_n optional_comment

>   * ASCII header line followed by binary data.
>     Used by OpenSSH for version 1 RSA private keys.

AFAIK there is no documention for this other than the code, it is inherited
from the old ssh-1.x code.

> Are these formats specified somewhere, short of reading OpenSSH source
> code? Why not use RFC4716 natively?

The RFC4716 public key format does not work with OpenSSH's one-key-per-line
authorized_keys format and so would have broken backwards compatibility. 

-d