Converting SSH2 RSA Private Key to .pem using openssl

Question

I am trying to connect to remote server using Ganymed API.

String SFTPHOST = "10.91.35.169";
String SFTPUSER = "amxadmin";
int SFTPPORT = 60022;
File keyfile = new File("/home/jbadmin/.ssh2/id_rsa_2048_a"); 
String keyfilePass = null; // will be ignored if not needed
Connection conn = new Connection(SFTPHOST);
conn.connect();

conn.authenticateWithPublicKey(SFTPUSER, keyfile, keyfilePass);

I am getting the below exception when i run the above piece of code.

java.io.IOException: Publickey authentication failed.
at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:331)
at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:499)
at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:546)

Caused by: java.io.IOException: Invalid PEM structure, '-----BEGIN...' missing
at ch.ethz.ssh2.crypto.PEMDecoder.parsePEM(PEMDecoder.java:141)
at ch.ethz.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:321)
at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:240)

After Careful reading of api docs, i came to know allowed key format is .pem

When i try to convert SSH2 RSA format based private key to .pem format, using openssl i am getting the below error.

[jbadmin@xxxxxxx .ssh2]$ openssl req -x509 -key /home/jbadmin/.ssh2/id_rsa_2048_a -nodes -days 365 -newkey rsa:2048 -out id_rsa_2048_a.pem
unable to load Private Key
139994671441736:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

My Private Key:

[jbadmin@xxxxxx.ssh2]$ cat id_rsa_2048_a
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: jbadmin
Comment: "2048-bit rsa, jbadmin@x01bicallapp1a, Tue Dec 29 2015 11:38:\
----------------------------
----------------------------
---- END SSH2 ENCRYPTED PRIVATE KEY ----

Please suggest me if there is any other way of doing it using openssl or ssh-keygen-g3

Answer 1

I just answered your question on Unix&Linux.
Since your question here is still standing, however, I won't let it go unanswered.

ssh-keygen -p can convert between SSH2 and PEM formats:

 -m key_format
         Specify a key format for key generation, the -i (import),
         -e (export) conversion options, and the -p change
         passphrase operation. The latter may be used to convert
         between OpenSSH private key and PEM private key formats.
         The supported key formats are: “RFC4716” (RFC 4716/SSH2
         public or private key), “PKCS8” (PKCS8 public or private
         key) or “PEM” (PEM public key). By default OpenSSH will
         write newly-generated private keys in its own format, but
         when converting public keys for export the default format
         is “RFC4716”. Setting a format of “PEM” when generating or
         updating a supported private key type will cause the key to
         be stored in the legacy PEM private key format.

From SSH2 to PEM:

ssh-keygen -p -f id_rsa -m PEM

From PEM to SSH2:

ssh-keygen -p -f id_rsa -m SSH2

Warning: The specified file gets overwritten and updated in-place!

Note: While ssh-keygen-g3 is linked to a commercial product, ssh-keygen is the more common, open-source counterpart. You can get it for free on your system, and it is available for Linux, Windows, FreeBSD and PASE among others. If you prefer, you can perform the conversion on a system that has it: SSH2/PEM keys are just plain text files after all, just be careful not to leave them around.