you are hijacking this thread... but anyway... please refer to the original question, how to easily convert X.509 certificate to SSH public key. the best method should avoid using the private key. newer ssh-keygen supports exactly that. ----- Original Message -----
From: "Sven Kieske" <S.Kieske@mittwald.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org Sent: Friday, August 22, 2014 1:24:17 PM Subject: Re: [ovirt-users] Proper way to change and persist vdsm configuration options
well yeah, it does not generate pkcs#8 by default but you can easily convert existing keys via openssl:
openssl pkcs8 -topk8 -v2 des3 \ -in test_rsa_key.old -passin 'pass:super secret passphrase' \ -out test_rsa_key -passout 'pass:super secret passphrase' see this page for more details: http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-key...
newer ssh-keygen versions use PBKDF2 by default and not MD5 anymore.
HTH
Am 22.08.2014 10:51, schrieb Alon Bar-Lev:
the ssh-keygen does not.
-- Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen