Skip to main content

Convert a PEM/PPK to KVG Format Authentication Key

This scenario is appropriate when importing a key pair from a signed certificate certified by a CA signing authority.

  1. Conversion of an encrypted PPK requires a password, whereas an unencrypted PEM file does not:

    sshkeyconvert.exe -i user_ppk.pem -o user_ppk.kvg -p mypass

  2. Configure agtssh to use the public/private key for authentication. Change the target address line to add the authkey option to user_ppk.kvg and copy the file into the script folder.

    For public key authentication, the adminid is used to decrypt the authentication key file and systempw is used to authenticate for sudo (if sudo is set in privileged escalation mode).

See usage information for sshkeyconvert .

Common error

Unable to find or validate private SSH authentication key [<path>] - [fall through/unknown key type.]. Falling back to username+password login.

Indicates that the format of the authentication key provides is unrecognized. It's important to understand that agtssh does not take PEM/PPK format keys. They need to be converted into the kvg format.

sshkeyconvert

The sshkeyconvert program is used to convert SSH public/private keys. The key pairs can be converted into KVGroup or PuTTY format, and can be either saved to a file or sent to stdout.

Keys generated by sshkeyconvert or PuTTY’s puttygen utility are supported by this program.

Usage
sshkeyconvert [options]

The arguments are described in the following table:

Argument

Description

-i <filename>

The name of the key file to convert.

-o <filename>

The name of the key output file. If omitted, the stream is written to stdout, with the exception of SSHv1 KVGroup format keys.

Conditions

  • A passphrase must be specified when converting keys. Keys will not be converted if the wrong passphase is given.

  • A key output file must be provided if the key input file format is SSHv1 and the key format is KVGroup.

  • Keys not generated from a recent PuTTY version (ie. older than v0.72) cannot be converted by this program.

Examples

  1. To use sshkeyconvert to to convert a KVGroup format key file (non-SSHv1) called testkvg.kvg into PuTTY format and write to stdout, type:

    sshkeyconvert.exe -i "\Program Files\Bravura Security\Bravura Security Fabric\default\script\testkvg.kvg"

  2. To use sshkeyconvert to to convert a PuTTY format key file (non-SSHv1) called testputty.ppk into KVGroup format and write to stdout, type:

    sshkeyconvert.exe -i "\Program Files\Bravura Security\Bravura Security Fabric\default\script\testputty.ppk"

  3. To use sshkeyconvert to convert a KVGroup format key file called testkvg.kvg into a PuTTY format key file called kvg2ppk.ppk, type:

    sshkeyconvert.exe -i "\Program Files\Bravura Security\Bravura Security Fabric\default\script\testkvg.kvg" -o "\Program Files\Bravura Security\Bravura Security Fabric\default\script\kvg2ppk.ppk"

  4. To use sshkeyconvert to convert a PuTTY format key file called testputty.ppk into a KVGroup format key file called ppk2kvg.kvg, type:

    sshkeyconvert.exe -i "\Program Files\Bravura Security\Bravura Security Fabric\default\script\testputty.ppk" -o "\Program Files\Bravura Security\Bravura Security Fabric\default\script\ppk2kvg.kvg"
In this section: