KB Article #180119
How to extract the SSH public key from a Login certificate
Problem
Sometimes you might need to use an existing SSH login key for another account. This article will show how to extract the SSH key from the available certificate (located on the Login Certificates tab under the original account).
Resolution
SecureTransport works internally with certificates, and all imported SSH keys are converted to X509 certificates, and then the SSH key is extracted from the certificate on the fly. For this reason we can't export the SSH public key directly and a couple of additional steps are required to extract it from the certificate.
The instructions below requre the OpenSSL and the ssh-keygen
tools, so they can be carried out on Linux only.
1. Log in to ST's Admin UI as Master Administrator and navigate to the account and then to the Certificates -> Login Certificates page.
2. Open the required certificate and export it as .crt file, for example logincert.crt
.
3. Transfer the logincert.crt
file to a Linux server.
4. Extract the certificate's public key:
openssl x509 -pubkey -in logincert.crt -noout > x509-key.pub
5. Covert the certificate's public key to an OpenSSH public key:
ssh-keygen -i -m pkcs8 -f x509-key.pub > SSH-pub-key.pub
The resulting SSH-pub-key.pub
can now be imported in SecureTransport.