User Tools

Site Tools


SSH Keys in Solid Explorer

Solid Explorer supports many options for additional storages. With that comes SSH mount point support. However, Solid Explorer expects an SSH key to be in a given format and appears to not support the new OpenSSH 2.0 format. Therefore, we need an SSL formatted key, i.e. DSA or (preferably) RSA.

Thankfully, it's easy (if strange) to produce a converted copy of your private key. Be sure to back it up first, though; we're going to overwrite it temporarily:

# Copy your original (probably OpenSSH format already) to a safe place.
# The '-p' flag tells it to preserve permissions.
cp -p .ssh/id_rsa /some/place/safe
# We're technically exporting the public key to a file, and counting on
# a side effect in ssh-keygen that changes the private key for us. If this
# looks contradictory, that's okay; ssh-keygen needs a private key in order
# to generate the public key, so it needs to convert the private key anyway.
ssh-keygen -e -m PEM -p >

Note the -p argument to ssh-keygen: it will prompt you for your private key passphrase and ask for a new one! You can use the same passphrase – it doesn't matter, really – because we're just triggering a key change. When you use this switch along with -m PEM, it internally changes the format of the private key! (Source: manpage) This is because you need a private key in order to generate its matching public key.

So, let's move on:

# check the format of the key
head -n 1 .ssh/id_rsa
# Expect this output:
# If you see the above, copy the now-converted private key somewhere.
cp -p .ssh/id_rsa /some/place/safe/id_rsa.rsa

Once you've done the above, you can (A) re-run ssh-keygen with ssh-keygen -e -p -m RFC4716 and be sure to set your passphrase again, or (B) copy the old one over with cp /some/place/safe/id_rsa ~/.ssh/id_rsa and it'll sort itself out.

Now that we have our private key in the correct format, get it onto the phone however you need to and hook it up to Solid Explorer. It should prompt you for the passphrase and open up your SSH shares!

The core cause behind this issue was an update in OpenSSH causing the default storage format for private keys to favor RFC4716 over OpenSSL formats. Ideally, one should be able to tell SSH to store keys in multiple formats. That is not likely, however, so it's good to just keep a pre-made RSA export handy. You never know when a program like Solid Explorer might need it.

android/ssh_key_solid_explorer.txt · Last modified: 2023-10-21 11:03 by zlg