How to convert SSH keypairs generated using PuTTYgen (Windows) into key-pairs used by ssh-agent and Keychain (Linux)

Asked 8/2, 2010 at 18:55 Answered 6/5, 2021 at 16:48

Solved git putty keychain ssh-keys pageant

513

I've generated key pairs using PuTTYgen and been logging in using Pageant, so that I have to enter my pass-phrase only once when my system boots.

How do I achieve this in Linux? I've heard of keychain but I hear that it uses a different key pair format - I don't want to change my Windows keys and it would be nice if I could seamlessly connect in the same manner in both Windows and Linux.

Pusey answered 8/2, 2010 at 18:55 Comment(2)

There shouldn't be any problems using the keys in linux as well... just copy them over and add the pub to authorized keys... though admittedly I don't entirely understand your question. – Babbittry 8/2, 2010 at 19:11

Nope , there is - I know this much that the key formats used by PuttyGen and ssh-agent are different , and they have to be converted explicitly - see Kaleb's detailed answer below. – Pusey 9/2, 2010 at 5:7

771

puttygen supports exporting your private key to an OpenSSH compatible format. You can then use OpenSSH tools to recreate the public key.

Open PuttyGen
Click Load
Load your private key
Go to Conversions->Export OpenSSH and export your private key
Copy your private key to ~/.ssh/id_dsa (or id_rsa).
Create the RFC 4716 version of the public key using ssh-keygen
```
ssh-keygen -e -f ~/.ssh/id_dsa > ~/.ssh/id_dsa_com.pub
```
Convert the RFC 4716 version of the public key to the OpenSSH format:
```
ssh-keygen -i -f ~/.ssh/id_dsa_com.pub > ~/.ssh/id_dsa.pub
```

See this and this for more information.

Herren answered 8/2, 2010 at 19:18 Comment(6)

For those who get It is required that your private key files are NOT accessible by others error like I had run cd ~/.ssh and chmod 700 id_rsa – Backward 15/10, 2012 at 17:48

You mean chmod 600 id_rsa. The file shouldn't need to be executable. :) – Vertebra 12/11, 2012 at 19:44

This answer was the key to getting ssh from the windows command line using passwordless keys for me (specifically for git access). Would have saved me hours of pain if I had seen it earlier! Thanks! – Monmouthshire 25/1, 2013 at 12:20

Can puttygen be executed from the CLI? – Libava 10/11, 2014 at 10:3

I assume this is something new, but if you open your private key in puttygen, then it will automatically show you an OpenSSH compatible, copyable, public key string in the UI. – Autocade 3/5, 2015 at 18:55

This is also helpful for users wanting to use Git for Windows as ssh client instead of PuTTY. Thanks! – Mendicity 6/8, 2020 at 12:38

189

If all you have is a public key from a user in PuTTY-style format, you can convert it to standard openssh format like so:

ssh-keygen -i -f keyfile.pub > newkeyfile.pub

References

Source: ~~http://www.treslervania.com/node/408~~
Mirror: https://web.archive.org/web/20120414040727/http://www.treslervania.com/node/408.

Copy of article

I keep forgetting this so I'm gonna write it here. Non-geeks, just keep walking.

The most common way to make a key on Windows is using Putty/Puttygen. Puttygen provides a neat utility to convert a linux private key to Putty format. However, what isn't addressed is that when you save the public key using puttygen it won't work on a linux server. Windows puts some data in different areas and adds line breaks.

The Solution: When you get to the public key screen in creating your key pair in puttygen, copy the public key and paste it into a text file with the extension .pub. You will save you sysadmin hours of frustration reading posts like this.

HOWEVER, sysadmins, you invariably get the wonky key file that throws no error message in the auth log except, no key found, trying password; even though everyone else's keys are working fine, and you've sent this key back to the user 15 times.
ssh-keygen -i -f keyfile.pub > newkeyfile.pub
Should convert an existing puttygen public key to OpenSSH format.

Faerie answered 4/4, 2012 at 16:44 Comment(7)

Also, you may want to copy the user's comment from the Comment: line and paste it on the same line as the new key, separated with a space. I don't know why ssh-keygen won't do this by default. – Lunar 6/2, 2017 at 12:1

This gives me an error of: decode blob failed: invalid format – Leukas 10/1, 2018 at 8:44

If you read the original article, the key detail is that this approach only works if you copy the key from puttygen when going through it's UI, it will not convert an already generated key from files produced by puttygen. – Extant 10/4, 2018 at 14:44

Can I use the same tool to convert it the other way? – Ative 26/9, 2018 at 9:18

yes, looks like you're looking at: ssh-keygen -e -f openssh_key.pub > putty.pub – Honebein 13/9, 2019 at 17:27

It's funny that this is exactly what I was looking for, and also exactly what title is suggesting that question is about. This is not the answer to the question though. +1 for answering the title and helping me out :) – Tutti 21/11, 2019 at 23:12

I get the same error as @ChrisStryczynski. Oddly, the file I'm looking at appears to be decimal? I'm assuming this was the file puttygen saved, not the text copied from the window. – Serviette 17/12, 2019 at 21:11

168

Newer versions of PuTTYgen (mine is 0.64) are able to show the OpenSSH public key to be pasted in the linux system in the .ssh/authorized_keys file, as shown in the following image:

enter image description here

Halie answered 30/3, 2015 at 10:45 Comment(3)

This answer covers how to set up key authentication on a remote that uses OpenSSH format. But in order to use a Putty-generated key on a Linux client, this answer is insufficient. I followed the accepted answer and it worked splendidly. – Dodger 8/8, 2016 at 21:59

This is a great answer for getting your putty keys into GitHub though, thanks! – Hadden 6/10, 2022 at 16:55

The top answer covers doing both the private and public key, but it's a bit long winded and in many cases you're only after the public, in which case this answer is the quickest and easiest thanks. (The original question isn't entirely clear whether they need both or just the public.) – Denyse 27/9, 2023 at 14:50

Alternatively if you want to grab the private and public keys from a PuTTY formated key file you can use puttygen on *nix systems. For most apt-based systems puttygen is part of the putty-tools package.

Outputting a private key from a PuTTY formated keyfile:

$ puttygen keyfile.pem -O private-openssh -o avdev.pvk

For the public key:

$ puttygen keyfile.pem -L

Ation answered 14/5, 2013 at 16:37 Comment(3)

If for some reason you MUST do this on a Windows box (cannot securely transfer all the keys to a *nix) and have so many keys using the GUI is cumbersome, try compiling the Unix source under Cygwin. That puttygen.exe will give you CLI "batch mode" like described above. – Isreal 22/8, 2013 at 23:29

OSX: brew install putty – Orbicular 13/11, 2016 at 12:4

That should be reversed: puttygen inppk -O private-openssh -o outpem and puttygen inppk -L (or ssh-keygen -y -f outpem) – Pelion 27/12, 2016 at 8:2

sudo apt-get install putty

This will automatically install the puttygen tool.

Now to convert the PPK file to be used with SSH command execute the following in terminal

puttygen mykey.ppk -O private-openssh -o my-openssh-key

Then, you can connect via SSH with:

ssh -v [email protected] -i my-openssh-key

http://www.graphicmist.in/use-your-putty-ppk-file-to-ssh-remote-server-in-ubuntu/#comment-28603

Architrave answered 2/12, 2016 at 15:35 Comment(3)

This does not really show more than, what is already in the answer by @John Jawed – Buckbuckaroo 2/12, 2016 at 16:35

The arguments explain what they represent. +1 – Cottony 26/7, 2017 at 2:17

GREAT! This works. In addition, to install putty on Macos : brew install putty – Virtuoso 20/4, 2018 at 14:24

I recently had this problem as I was moving from Putty for Linux to Remmina for Linux. So I have a lot of PPK files for Putty in my .putty directory as I've been using it's for 8 years. For this I used a simple for command for bash shell to do all files:

cd ~/.putty
for X in *.ppk; do puttygen $X -L > ~/.ssh/$(echo $X | sed 's,./,,' | sed 's/.ppk//g').pub; puttygen $X -O private-openssh -o ~/.ssh/$(echo $X | sed 's,./,,' | sed 's/.ppk//g').pvk; done;

Very quick and to the point, got the job done for all files that putty had. If it finds a key with a password it will stop and ask for the password for that key first and then continue.

Shod answered 2/7, 2013 at 14:4 Comment(2)

For lazy ppl like me, here is copy-paste to get puttygen on ubuntu: sudo apt-get install putty-tools – Indehiscent 22/4, 2014 at 11:15

"simple" - I'd hate to see complicated! – Recurrence 14/11, 2018 at 1:42

It's probably easier to create your keys under linux and use PuTTYgen to convert the keys to PuTTY format.

PuTTY Faq: A.2.2

Closing answered 8/2, 2010 at 19:10 Comment(1)

Unfortunately it's not an option if you have existing keys that you have to use. – Backward 15/10, 2012 at 17:32

I think what TCSgrad was trying to ask (a few years ago) was how to make Linux behave like his Windows machine does. That is, there is an agent (pageant) which holds a decrypted copy of a private key so that the passphrase only needs to be put in once. Then, the ssh client, putty, can log in to machines where his public key is listed as "authorized" without a password prompt.

The analog for this is that Linux, acting as an ssh client, has an agent holding a decrypted private key so that when TCSgrad types "ssh host" the ssh command will get his private key and go without being prompted for a password. host would, of course, have to be holding the public key in ~/.ssh/authorized_keys.

The Linux analog to this scenario is accomplished using ssh-agent (the pageant analog) and ssh-add (the analog to adding a private key to pageant).

The method that worked for me was to use: $ ssh-agent $SHELL That $SHELL was the magic trick I needed to make the agent run and stay running. I found that somewhere on the 'net and it ended a few hours of beating my head against the wall.

Now we have the analog of pageant running, an agent with no keys loaded.

Typing $ ssh-add by itself will add (by default) the private keys listed in the default identity files in ~/.ssh .

A web article with a lot more details can be found here

Perkoff answered 12/1, 2013 at 13:36 Comment(0)

PPK → OpenSSH RSA with PuttyGen & Docker.

Private key:

docker run --rm -v $(pwd):/app zinuzoid/puttygen private.ppk -O private-openssh -o my-openssh-key

Public key:

docker run --rm -v $(pwd):/app zinuzoid/puttygen private.ppk -L -o my-openssh-key.pub

Uund answered 18/5, 2020 at 10:52 Comment(0)

-2

Even faster than reopening puttygen, what I have often done is:

Duplicate the public key file.
In the copy, place the word "ssh-rsa " at the beginning.
Remove the begin/end comment lines and all other line breaks.
Save. The result is a one line key that works for openssh.

Heroin answered 6/5, 2021 at 16:48 Comment(1)

The question is about using key chain, so about the private key, not the public key. – Buckbuckaroo 6/5, 2021 at 17:46

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

References

Copy of article

Recommended topics

Hot tags