PuTTYgen in Linux - SSH key generator

PuTTYgen is a SSH key creation tool for the Linux version of PuTTY. It works similar to ssh-keygen tool in OpenSSH.

PuTTYgen is a SSH key creation tool for the Linux version of PuTTY. It works similar to ssh-keygen tool in OpenSSH.

Its basic function is to create public key and private key pairs. PuTTY stores keys in its own format in .ppk files. However, the tool can also convert key formats.

Setting

In some Linux distributions, the PuTTYgen tool needs to be installed separately from the PuTTY client. For example, in Debian Linux, the following command will install it:

 sudo aptitude install putty-tools 

Create a new key pair for authentication

To create a new key pair for authentication from the command line, use the following command:

 puttygen -t rsa -b 2048 -C "user @ host" -o keyfile.ppk 

You should use passphrases for key files for interactive use. The key file is used for automation (for example, WinSCP usually has a blank passphrase).

Install public key as an authentication key on a server

With both the Tectia SSH and OpenSSH servers, access to the account is configured by creating a public key, copying the public key to the server and adding public key to the ~ / .ssh / authorized_keys file.

To extract the public key, use:

 puttygen -L keyfile.ppk 

Then log into the server, edit the authorized_keys file with your favorite editor, then cut and paste the public key with the above command into the authorized_keys file. Save file. Configure PuTTY to use your private key file ( keyfile.ppk ). Then check if the login is working.

Change the passphrase for a key

There is an advice for you that all SSH keys should be recreated and changed periodically. Universal SSH Key Manager can automate this. Changing the passphrase is a must, nothing can be replaced. These instructions can also be used to add passphrases to the generated key without a password.

Use the following command to change the passphrase:

 puttygen keyfile.ppk -P 

This will prompt you to set a new passphrase and write the result back to keyfile.ppk with the new passphrase.

Export a private key to Tectia SSH or OpenSSH

It is very rare to export a private key from PuTTY to Tectia SSH or OpenSSH. However, this process is still described here, because sometimes it may be necessary. For example, when an application is switched to Linux using the cloud and the destination server for file transfer cannot easily be reconfigured to change an authenticated key.

Both SSH and OpenSSH support the private key OpenSSH file format, so use that key file format described here. Tectia SSH also supports a number of other formats.

To convert an existing PuTTY private key for Tectia or OpenSSH, use the command:

 puttygen keyfile.ppk -O private-openssh -o keyfile 

Then copy the keyfile to the .ssh folder on the host where Tectia or OpenSSH will be run.

Command line options

The basic command line of PuTTYgen:

  1. Specify the key file to read or the type of key and the size to create.
  2. Optional action to perform (for example, changing passphrases)
  3. Optional type and output file.

The basic command line is:

 puttygen [-t keytype [-b bits] [-q] | keyfile] 
[-C new-comment] [-P]
[-O output-type | -p | -l | -L]
[-o output-file]

Options are:

  1. keyfile : The name of the existing key file to read, when modifying an existing key.
  2. -t keytype : Specify the type of key to create. Accepted values ​​include rsa and dsa. rsa1 is also supported to create legacy SSH-1 keys, but they are never needed.
  3. -b bits : Specifies the number of bits in the key. For DSA keys, 1024 is the right size. For RSA keys, 2048 or even 4096 bits are recommended.
  4. -q : Removes notifications about progress during key generation.
  5. -C new-comment : Specify a comment to describe the key. Comments do not affect the operation of the key. You can specify additional comments for new keys or for existing keys to change their comments. Usually, comments will be used to identify the main owner, but because any value can be specified without a specific base.
  6. -P : Request to change the passphrase of the key. The tool will prompt to create a new passphrase. Cannot specify a passphrase on the command line. The passphrase will be used to encrypt private key.
  7. --old-passphrase-file file : Specifies a file to read the key's old passphrase. This is only necessary if using an existing key, protected by a passphrase.
  8. --new-passphrase file : Specify a new passphrase for the key. This can be used when creating a new key or with the -P option to change the passphrase.
  9. -O output-type : Specifies what is exported. By default, private key will be output. The following values ​​can be specified:

- private : Private key in the proprietary PuTTY key format as a .ppk file.

- fingerprint : Export the key of the key. Fingerprint uniquely identifies the key and can, for example, be read by phone to ensure the key is what is mentioned.

- public : Save the public key corresponding to private key. For SSH2 key, the public key will be exported in the format specified by RFC 4716. For example, this format is supported by Tectia SSH. The keys in that format will look like this:

 ---- BEGIN SSH2 PUBLIC KEY ---- Comment: user@example.comAAAAB3NzaC1yc2EAAAABIwAAAIEA1on8gxCGJJWSRT4uOrR13mUaUk0hRf4RzxSZ1zRb YYFw8pfGesIFoEuVth4HKyF8k1y4mRUnYHP1XNMNMJl1JcEArC2asV8sHf6zSPVffozZ 5TT4SfsUu / iKy9lUcCfXzwre4WWZSXXcPff + = ---- END SSH2 EHtWshahu3WzBdnGxm5Xoi89zcE PUBLIC KEY ---- 

- public-openssh : Save public key, in the proprietary format of OpenSSH. This format is also supported by Tectia SSH as follows:

 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN + Mh3U / 3We4VYtV1QmWUFIzFLTUeegl1Ao5 / QGtCRGAZn8bxX9KlCrrWISIjSYAwCajIEGSPEZwPNMBoK8XD8Q = cow@example.com 

- private-openssh : Convert private key to OpenSSH format. This can only be used for SSH2 keys.

- private-sshcom : Convert private key to the format used by Tectia SSH.

- private-openssh : Includes private key for the format used by OpenSSH. This format is also supported by Tectia SSH.

  1. -l is like fingerprint -O .
  2. -L is similar to -O public-openssh .
  3. -p is like -O public .
  4. -o output-file : Specify the output file. This option is required when creating a new key. If not, when changing the passphrase or comment, the original file will be overwritten by default. When exporting the public key or fingerprint, the default is standard output.
  5. -h or --help : Outputs help summarize text and usage.
  6. -V or --version : Output the version number of the tool.
  7. --pgpfp : Export the fingerprints of PGP Master keys used for new versions of PuTTY.

See more:

  1. Establish point-to-point SSH connection
  2. How to access SSH on Windows 7 using Cygwin
  3. Back up the entire website with SSH Command Line
5 ★ | 2 Vote