LinuxCommandLibrary

dropbearconvert

Convert SSH key formats for Dropbear

TLDR

Convert an OpenSSH private key to the Dropbear format

$ dropbearconvert openssh dropbear [path/to/input_key] [path/to/output_key]
copy

Convert a Dropbear private key to the OpenSSH format
$ dropbearconvert dropbear openssh [path/to/input_key] [path/to/output_key]
copy

SYNOPSIS

dropbearconvert [options] oldtype oldkey newtype newkey

PARAMETERS

-b bits
    Size of key to generate (default 1024)

-f file
    Output fingerprint to file

-p pass
    Set new passphrase to pass

-c comment
    Set new comment field

-R
    Output randomart for new key to stderr

DESCRIPTION

dropbearconvert is a utility from the Dropbear SSH implementation, used to convert private host keys between Dropbear's native format and OpenSSH's format. Dropbear is a lightweight SSH server and client optimized for resource-constrained environments like embedded systems, routers, and IoT devices.

This tool ensures interoperability when migrating between Dropbear and OpenSSH setups, avoiding the need to regenerate keys. It supports RSA, DSS, and ECDSA key types. The conversion process reads the input key from the specified old format file and writes a new key in the target format, preserving the key material while adapting headers and structures.

Common use cases include converting OpenSSH host keys for use with Dropbear servers or vice versa. Options allow customization like setting key size, passphrases, comments, fingerprints, and visual randomart. Passphrases can be applied during conversion for added security. The tool is non-interactive and command-line only, making it suitable for scripts and automation.

It's particularly valuable in DevOps pipelines for consistent key management across hybrid SSH deployments.

CAVEATS

Supports only RSA, DSS, ECDSA keys between dropbear and openssh formats. Input keys must be unencrypted or passphrase provided indirectly. No support for Ed25519 or other modern types.

EXAMPLE

dropbearconvert openssh /etc/ssh/ssh_host_rsa_key dropbear dropbear_host_rsa_key
Converts OpenSSH RSA host key to Dropbear format.

dropbearconvert dropbear id_dsa openssh id_dsa_new -p mypass -c 'My new key'
Converts Dropbear DSA key to OpenSSH with passphrase and comment.

HISTORY

Developed by Matt Johnston as part of Dropbear SSH (since 2002), for lightweight alternatives to OpenSSH. dropbearconvert added to facilitate key format conversions in embedded Linux distributions like OpenWRT and BusyBox.

SEE ALSO

dropbearkey(8), ssh-keygen(1), dropbear(8)

Copied to clipboard