dropbearconvert

Convert an OpenSSH private key to the Dropbear format

$ dropbearconvert openssh dropbear [path/to/input_key] [path/to/output_key]

$ dropbearconvert dropbear openssh [path/to/input_key] [path/to/output_key]

dropbearconvert <format_in> <format_out> <key_in> <key_out>
Alternatively, options can be used: dropbearconvert [-i <key_in_format>] [-o <key_out_format>] [-f <file_in>] [-e <file_out>] [-t <key_type>] [-s <passphrase>] [-S <passphrase>]

<format_in> | -i <key_in_format>
    Specifies the format of the input key. Options are openssh (for private keys) or openssh_public (for public keys).

<format_out> | -o <key_out_format>
    Specifies the desired output key format. Options include dropbear (for private keys), dropbear_public (for public keys), or dropbear_authorized_keys (for an authorized_keys entry).

<key_in> | -f <file_in>
    The path to the input key file (OpenSSH format).

<key_out> | -e <file_out>
    The path where the converted key will be saved (Dropbear format).

-t <key_type>
    Explicitly specifies the type of the key if it cannot be inferred (e.g., rsa, dss, ecdsa, ed25519).

-s <passphrase>
    Provides the passphrase for the input key if it is encrypted.

-S <passphrase>
    Sets a passphrase for the output key. Note that Dropbear private keys are typically not encrypted by default.

dropbearconvert is a utility designed to facilitate the conversion of SSH keys between the widely used OpenSSH format and the native format utilized by the Dropbear SSH server and client. This tool is essential for environments where Dropbear is deployed, such as embedded systems or routers, as Dropbear often requires its own key format for proper authentication and operation.

It supports converting both private and public keys of various types, including RSA, DSS, ECDSA, and Ed25519, from OpenSSH to Dropbear's format. Additionally, it can convert OpenSSH public keys directly into the Dropbear authorized_keys format, which is crucial for managing remote access. The command offers flexibility by allowing specification of input and output formats and file paths, along with options to handle encrypted input keys and set passphrases for output keys.

When converting private keys, exercise caution as this involves handling sensitive cryptographic material. While dropbearconvert supports setting a passphrase for the output key, Dropbear's native private key format is often unencrypted. Ensure proper file permissions (e.g., 600 for private keys) on the output file to prevent unauthorized access. The command specifically supports OpenSSH version 2 key formats.

Dropbear uses a slightly different internal representation for SSH keys compared to OpenSSH. This conversion utility resolves this incompatibility, allowing keys generated by ssh-keygen (part of OpenSSH) to be used with Dropbear, and vice-versa (though direct Dropbear key generation is done via dropbearkey).

A frequent use case is converting an OpenSSH private key (e.g., id_rsa) into a Dropbear private key for use with a Dropbear server, or converting an OpenSSH public key (e.g., id_rsa.pub) into an entry suitable for Dropbear's authorized_keys file on a server.

dropbearconvert is an integral part of the Dropbear SSH project. Dropbear was developed as a lightweight, small, and efficient SSH 2 server and client, primarily for embedded systems and other resource-constrained environments. dropbearconvert emerged as a necessary tool to bridge the compatibility gap between Dropbear's specific key format and the more commonly used OpenSSH key format, enabling seamless key management across different SSH implementations.

dropbear(8), dbclient(1), dbshell(1), dropbearkey(1), ssh(1), ssh-keygen(1)