less than 1 minute read

Splitting PEM SSH Keys

Services such as Amazon AWS provide SSH keys as PEM (.pem) files. While this can be consumed by the ssh command they do not always work well with ssh-add and ssh-agents.

User OpenSSL to reformat and split a PEM key

  1. Convert the PEM file

     openssl pkey < *pem_file*.pem > *exported_key*


     openssl pkey < demo.pem > demo
  2. Export public key

     openssl rsa -in *exported_key* -pubout > *public_key*.pub


     openssl rsa -in demo -pubout > demo.pub
  3. Permissions

    Remember to set permissions on private key to 400

     chmod 600 *exported_key*


     chmod 600 demo
  4. Apply a passphrase

    Secure the key with a passphrase

     ssh-keygen -p -f *exported_key*


     ssh-keygen -p -f demo
     Enter new passphrase (empty for no passphrase):
     Enter same passphrase again:
     Your identification has been saved with the new passphrase.