System Administration & Network Administration
amazon-ec2 public-key private-key ssh-keygen
Updated Sun, 17 Jul 2022 17:11:30 GMT

How to get a .pem file from ssh key pair?

I created a key pair using ssh-keygen and get the two clasic id_rsa and

I imported the public key into my AWS EC2 account.

Now I created a windows instance and to decrypt that instance password, AWS console is asking me for a .pem file. How I can get that .pem file from my two id_rsa and files?


According to this, this command can be used:

ssh-keygen -f id_rsa -e -m pem

This will convert your public key to an OpenSSL compatible format. Your private key is already in PEM format and can be used as is (as Michael Hampton stated).

Double check if AWS isn't asking for a (X.509) certificate in PEM format, which would be a different thing than your SSH keys.

Comments (5)

  • +1 – But they don't need the public key do they? They need the private key for decrypting their password from the AWS Console — Jul 16, 2015 at 18:40  
  • +1 – There's also good information on this here:… — Jul 16, 2015 at 20:17  
  • +1 – This doesn't work on OS X (ssh -v ==> OpenSSH_6.2p2) — Mar 03, 2016 at 20:50  
  • +5 – contrary to the documentation, it will output PUBLIC key in PEM format, not the private one. currently ssh-keygen does not support converting private keys. — Aug 10, 2018 at 08:44  
  • +3id_rsa contains the keypair, not just the private key. — Jul 30, 2020 at 07:41  

Linked Articles

Local articles referenced by this article: