{"id":99,"date":"2025-08-19T23:05:54","date_gmt":"2025-08-19T21:05:54","guid":{"rendered":"https:\/\/blog.kihr.online\/?p=99"},"modified":"2025-08-19T23:47:55","modified_gmt":"2025-08-19T21:47:55","slug":"ssh-keys-in-bitwarden","status":"publish","type":"post","link":"https:\/\/blog.kihr.online\/?p=99","title":{"rendered":"SSH Keys in Bitwarden"},"content":{"rendered":"Lesedauer<\/span> < 1<\/span> Minute<\/span><\/span>\n

Bitwarden recently introduced a special SSH Key<\/strong> item type, which allows you to securely generate, store, and manage SSH key pairs inside your vault.<\/p>\n\n\n\n

By default, Bitwarden can generate new SSH keys for you<\/strong>. This is the recommended option if you are setting up new infrastructure or accounts, since you can create and manage keys directly inside Bitwarden.<\/p>\n\n\n\n

However, if you already have existing SSH keys, you might want to import them into Bitwarden instead of generating new ones. <\/p>\n\n\n\n\n\n\n\n

This is possible, but there is a catch: many existing keys are still in the older PEM format<\/strong>, starting with:<\/p>\n\n\n\n

-----BEGIN RSA PRIVATE KEY-----<\/pre>\n\n\n\n
If you try to import such a key into Bitwarden via \u201cSSH Key \u2192 Import from clipboard\u201d<\/strong>, you\u2019ll get the error:<\/p>\n\n\n\n
Format not supported<\/pre>\n\n\n\n
\n
<\/p>\n<\/blockquote>\n\n\n\n
Solution<\/h2>\n\n\n\n
Bitwarden only accepts SSH keys in the new OpenSSH format<\/strong>, which looks like this:<\/p>\n\n\n\n
-----BEGIN OPENSSH PRIVATE KEY-----
.
.
.
-----END OPENSSH PRIVATE KEY-----<\/pre>\n\n\n\n
To convert an existing RSA key into the required format, simply run:<\/p>\n\n\n\n
ssh-keygen -p -N "" -f ~\/.ssh\/id_rsa<\/code><\/pre><\/div>\n\n\n\n
Description:<\/p>\n\n\n\n
    \n
  • -p<\/code> \u2192 rewrite the key (\u201cchange passphrase\u201d mode)<\/li>\n\n\n\n
  • -N \"\"<\/code> \u2192 keep an empty passphrase<\/li>\n\n\n\n
  • -f<\/code> \u2192 specify the key file<\/li>\n<\/ul>\n\n\n\n
    After this, your private key will be in the correct OpenSSH format<\/strong> and can be imported into Bitwarden without issues.
    Bitwarden will automatically generate the Public Key<\/strong> and the Fingerprint<\/strong> during import.<\/p>\n\n\n\n
    Summary<\/h2>\n\n\n\n
      \n
    • Option 1: Let Bitwarden generate new SSH keys<\/strong> (recommended for new setups)<\/li>\n\n\n\n
    • Option 2: Import your existing SSH keys<\/strong> \u2013 just convert them to the OpenSSH format first with ssh-keygen -p -N \"\" -f ~\/.ssh\/id_rsa<\/code>.<\/li>\n<\/ul>\n\n\n\n
      This way, you can securely store both new and old SSH keys in Bitwarden.<\/p>\n","protected":false},"excerpt":{"rendered":"
      Lesedauer<\/span>  < 1<\/span> Minute<\/span><\/span>Learn how to import existing SSH keys into Bitwarden by converting them to the OpenSSH format, or let Bitwarden generate new keys for you.<\/p>\n","protected":false},"author":2,"featured_media":110,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[51,52],"tags":[53,54,55,32],"class_list":["post-99","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-tools","tag-bitwarden","tag-key-management","tag-openssh","tag-ssh","entry","has-media"],"_links":{"self":[{"href":"https:\/\/blog.kihr.online\/index.php?rest_route=\/wp\/v2\/posts\/99","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.kihr.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.kihr.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.kihr.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.kihr.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=99"}],"version-history":[{"count":6,"href":"https:\/\/blog.kihr.online\/index.php?rest_route=\/wp\/v2\/posts\/99\/revisions"}],"predecessor-version":[{"id":113,"href":"https:\/\/blog.kihr.online\/index.php?rest_route=\/wp\/v2\/posts\/99\/revisions\/113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.kihr.online\/index.php?rest_route=\/wp\/v2\/media\/110"}],"wp:attachment":[{"href":"https:\/\/blog.kihr.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=99"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.kihr.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=99"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.kihr.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=99"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}