Check public/private RSA keypairs

[Claus Strasburger]

Hi together,
i have a tinc vpn running on several local networks as well as on
clients and am writing on a little "zeroconfig" tool to add new (newbie)
clients to the net without having to vnc to them for ages.
To do this easier, i wanted to have a possibility to check somehow if
the public key stored on the server mathes the provate key on the
client, or if it needs to be regenerated.
Now i figured i can output the public key to a private one by using
openssl rsa -in rsa_key.priv -pubout
this one will print out a public key in the same format as the public
key stored in the hosts file, i tested it with some clients, and every
private key will generate a pubkey different to the one in the hostfile,
but each of these clients do work in my vpn, so the public/private
keypairs must match.
A second command i found by googling
ssh-keygen -y -f rsa_key.priv
will output something that ist totally different to the original.

openssl rsa -in rsa_key.priv -pubout:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0P8+wFjp+VT/TsDaiDRsTBnpS
Qdkd6OvEnyMJtCux1bKed9oqPMxJdny0oqY4TEdaHoc4muFJd9uag1v2BWNJRSTX
r+/BpX2RbVhccG9wFanDBzDw+txe/dXko+4YqmRM1o1Ezlb1/s+pofT3M2GosbBV
5BptKHVQY9eUYKULnQIDAQAB
-----END PUBLIC KEY-----

ssh-keygen -y -f rsa_key.priv:
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAgQC0P8+wFjp+VT/TsDaiDRsTBnpSQdkd6OvEnyMJtCux
1bKed9oqPMxJdny0oqY4TEdaHoc4muFJd9uag1v2BWNJRSTXr+/BpX2RbVhccG9wFanDBzDw+txe/dXk
o+4YqmRM1o1Ezlb1/s+pofT3M2GosbBV5BptKHVQY9eUYKULnQ==

original tinc-hostfile:
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALQ/z7AWOn5VP9OwNqINGxMGelJB2R3o68SfIwm0K7HVsp532io8zEl2
fLSipjhMR1oehzia4Ul325qDW/YFY0lFJNev78GlfZFtWFxwb3AVqcMHMPD63F79
1eSj7hiqZEzWjUTOVvX+z6mh9PczYaixsFXkGm0odVBj15RgpQudAgMBAAE=
-----END RSA PUBLIC KEY-----

what commands tell me whether my keys match without having to start tinc
and try connecting?

sincerely,
nixnick