How to Convert Multi-Line SSH Public Key to One-Line Format for authorized_keys


8 views

When working with SSH public keys, you'll often encounter two primary formats:

  • The traditional one-line format used in authorized_keys
  • The multi-line SSH2 format with headers and footers

The key you received follows the SSH2 format which includes:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20190107"
AAAAB3NzaC1yc2EAAAABJQAAAQEAucNIPbPoaEqyBAKtk3LTfM/hiZlWomTdQEf7
zUI4LGz91aZYIZNpWGTAUZKuFLdIEsktxQTNwEJNWMe2QocqQWyPGA+xL08ZP7Xk
VEbVOyH0nQ3ZHptgmyH4y4+bbAWXAROL3078h2iwtsCO343VQKg1iSNvemnLafA5
9/RtkcCR8SxH+NEXcc8MwGOE9gLX2pph4bxrFz9R6yyw3oRGVLt4uU9BlD3+LXg1
plUzc2KZXEt8Zr04I0Fd865zyiB8Q+2ZEPvHf7MMaW66FRe4BXCI7LMh/voXi0C8
H4NDIu1GZr7dNxgbEO05ZnASMofpLDU6cq7LFVl0BQG8gt1hOw==
---- END SSH2 PUBLIC KEY ----

To convert this to the one-line format needed for authorized_keys:

  1. Remove the first line (---- BEGIN SSH2 PUBLIC KEY ----)
  2. Remove any comment lines (starting with Comment:)
  3. Remove the last line (---- END SSH2 PUBLIC KEY ----)
  4. Join all the remaining lines into a single line

The resulting one-line key should look like:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAucNIPbPoaEqyBAKtk3LTfM/hiZlWomTdQEf7zUI4LGz91aZYIZNpWGTAUZKuFLdIEsktxQTNwEJNWMe2QocqQWyPGA+xL08ZP7XkVEbVOyH0nQ3ZHptgmyH4y4+bbAWXAROL3078h2iwtsCO343VQKg1iSNvemnLafA59/RtkcCR8SxH+NEXcc8MwGOE9gLX2pph4bxrFz9R6yyw3oRGVLt4uU9BlD3+LXg1plUzc2KZXEt8Zr04I0Fd865zyiB8Q+2ZEPvHf7MMaW66FRe4BXCI7LMh/voXi0C8H4NDIu1GZr7dNxgbEO05ZnASMofpLDU6cq7LFVl0BQG8gt1hOw==

For frequent conversions, you can use these command-line approaches:

Using sed:

sed -e '/----/d' -e '/Comment/d' -e '/^$/d' original_key.pub | tr -d '\n'

Using awk:

awk '!/----|Comment/{printf "%s",$0}' original_key.pub

Once converted, you can append it to authorized_keys:

echo "ssh-rsa AAAAB3NzaC1yc2E..." >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

To ensure your key works correctly:

ssh-keygen -l -f ~/.ssh/authorized_keys

This should display the key fingerprint without errors.

  • Extra whitespace in the key
  • Incorrect permissions on authorized_keys (should be 600)
  • Missing ssh-rsa prefix (for RSA keys)
  • Line breaks in the middle of the key

When working with SSH authentication, you'll encounter public keys in different formats. The most common format found in authorized_keys is the one-line OpenSSH format, but some tools generate multi-line SSH2 public key format (as shown in the example).

The multi-line format contains:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20190107"
AAAAB3NzaC1yc2EAAAABJQAAAQEAucNIPbPoaEqyBAKtk3LTfM/hiZlWomTdQEf7
zUI4LGz91aZYIZNpWGTAUZKuFLdIEsktxQTNwEJNWMe2QocqQWyPGA+xL08ZP7Xk
VEbVOyH0nQ3ZHptgmyH4y4+bbAWXAROL3078h2iwtsCO343VQKg1iSNvemnLafA5
9/RtkcCR8SxH+NEXcc8MwGOE9gLX2pph4bxrFz9R6yyw3oRGVLt4uU9BlD3+LXg1
plUzc2KZXEt8Zr04I0Fd865zyiB8Q+2ZEPvHf7MMaW66FRe4BXCI7LMh/voXi0C8
H4NDIu1GZr7dNxgbEO05ZnASMofpLDU6cq7LFVl0BQG8gt1hOw==
---- END SSH2 PUBLIC KEY ----

Manual Conversion

The simplest way is to manually extract the base64 encoded portion:

  1. Remove the BEGIN/END headers
  2. Remove the Comment line
  3. Join all the base64 lines into one continuous string

The result should look like:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAucNIPbPoaEqyBAKtk3LTfM/hiZlWomTdQEf7zUI4LGz91aZYIZNpWGTAUZKuFLdIEsktxQTNwEJNWMe2QocqQWyPGA+xL08ZP7XkVEbVOyH0nQ3ZHptgmyH4y4+bbAWXAROL3078h2iwtsCO343VQKg1iSNvemnLafA59/RtkcCR8SxH+NEXcc8MwGOE9gLX2pph4bxrFz9R6yyw3oRGVLt4uU9BlD3+LXg1plUzc2KZXEt8Zr04I0Fd865zyiB8Q+2ZEPvHf7MMaW66FRe4BXCI7LMh/voXi0C8H4NDIu1GZr7dNxgbEO05ZnASMofpLDU6cq7LFVl0BQG8gt1hOw==

Automated Conversion with ssh-keygen

For more reliable conversion, use ssh-keygen:

# Save the key to a temporary file
echo "---- BEGIN SSH2 PUBLIC KEY ----
Comment: \"rsa-key-20190107\"
AAAAB3NzaC1yc2EAAAABJQAAAQEAucNIPbPoaEqyBAKtk3LTfM/hiZlWomTdQEf7
zUI4LGz91aZYIZNpWGTAUZKuFLdIEsktxQTNwEJNWMe2QocqQWyPGA+xL08ZP7Xk
VEbVOyH0nQ3ZHptgmyH4y4+bbAWXAROL3078h2iwtsCO343VQKg1iSNvemnLafA5
9/RtkcCR8SxH+NEXcc8MwGOE9gLX2pph4bxrFz9R6yyw3oRGVLt4uU9BlD3+LXg1
plUzc2KZXEt8Zr04I0Fd865zyiB8Q+2ZEPvHf7MMaW66FRe4BXCI7LMh/voXi0C8
H4NDIu1GZr7dNxgbEO05ZnASMofpLDU6cq7LFVl0BQG8gt1hOw==
---- END SSH2 PUBLIC KEY ----" > temp_key.pub

# Convert using ssh-keygen
ssh-keygen -i -f temp_key.pub > converted_key.pub

After conversion, verify the key fingerprint matches the original:

ssh-keygen -lf converted_key.pub

Compare the output with the fingerprint of the original key.

Once converted, append to authorized_keys:

cat converted_key.pub >> ~/.ssh/authorized_keys

For programmatic handling, use this Python script:

import re

def convert_ssh2_to_openssh(key_data):
    # Extract base64 part
    match = re.search(r'---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----', 
                     key_data, re.DOTALL)
    if not match:
        return None
    
    content = match.group(1)
    # Remove comments
    content = re.sub(r'^Comment:.*$', '', content, flags=re.MULTILINE)
    # Remove whitespace and join lines
    key = re.sub(r'\s+', '', content)
    return f"ssh-rsa {key}"

# Example usage:
key_data = """---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20190107"
AAAAB3NzaC1yc2EAAAABJQAAAQEAucNIPbPoaEqyBAKtk3LTfM/hiZlWomTdQEf7
zUI4LGz91aZYIZNpWGTAUZKuFLdIEsktxQTNwEJNWMe2QocqQWyPGA+xL08ZP7Xk
VEbVOyH0nQ3ZHptgmyH4y4+bbAWXAROL3078h2iwtsCO343VQKg1iSNvemnLafA5
9/RtkcCR8SxH+NEXcc8MwGOE9gLX2pph4bxrFz9R6yyw3oRGVLt4uU9BlD3+LXg1
plUzc2KZXEt8Zr04I0Fd865zyiB8Q+2ZEPvHf7MMaW66FRe4BXCI7LMh/voXi0C8
H4NDIu1GZr7dNxgbEO05ZnASMofpLDU6cq7LFVl0BQG8gt1hOw==
---- END SSH2 PUBLIC KEY ----"""

print(convert_ssh2_to_openssh(key_data))