How to convert SSH keypairs generated using PuTTYgen (Windows) into key-pairs used by ssh-agent and Keychain (Linux)
https://stackoverflow.com/questions/2224066
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've generated key pairs using PuTTYgen and been logging in using Pageant, so that I have to enter my pass-phrase only once when my system boots.
How do I achieve this in Linux? I've heard of keychain but I hear that it uses a different key pair format - I don't want to change my Windows keys and it would be nice if I could seamlessly connect in the same manner in both Windows and Linux.
Solution
puttygen supports exporting your private key to an OpenSSH compatible format. You can then use OpenSSH tools to recreate the public key.
- Open PuttyGen
- Click Load
- Load your private key
- Go to
Conversions->Export OpenSSHand export your private key - Copy your private key to
~/.ssh/id_dsa(orid_rsa). Create the RFC 4716 version of the public key using
ssh-keygenssh-keygen -e -f ~/.ssh/id_dsa > ~/.ssh/id_dsa_com.pubConvert the RFC 4716 version of the public key to the OpenSSH format:
ssh-keygen -i -f ~/.ssh/id_dsa_com.pub > ~/.ssh/id_dsa.pub
OTHER TIPS
If all you have is a public key from a user in PuTTY-style format, you can convert it to standard openssh format like so:
ssh-keygen -i -f keyfile.pub > newkeyfile.pub
References
- Source:
http://www.treslervania.com/node/408 - Mirror: https://web.archive.org/web/20120414040727/http://www.treslervania.com/node/408.
Copy of article
I keep forgetting this so I'm gonna write it here. Non-geeks, just keep walking.
The most common way to make a key on Windows is using Putty/Puttygen. Puttygen provides a neat utility to convert a linux private key to Putty format. However, what isn't addressed is that when you save the public key using puttygen it won't work on a linux server. Windows puts some data in different areas and adds line breaks.
The Solution: When you get to the public key screen in creating your key pair in puttygen, copy the public key and paste it into a text file with the extension .pub. You will save you sysadmin hours of frustration reading posts like this.
HOWEVER, sysadmins, you invariably get the wonky key file that throws no error message in the auth log except, no key found, trying password; even though everyone else's keys are working fine, and you've sent this key back to the user 15 times.
ssh-keygen -i -f keyfile.pub > newkeyfile.pubShould convert an existing puttygen public key to OpenSSH format.
Newer versions of PuTTYgen (mine is 0.64) are able to show the OpenSSH public key to be pasted in the linux system in the .ssh/authorized_keys file, as shown in the following image:
Alternatively if you want to grab the private and public keys from a PuTTY formated key file you can use puttygen on *nix systems. For most apt-based systems puttygen is part of the putty-tools package.
Outputting a private key from a PuTTY formated keyfile:
$ puttygen keyfile.pem -O private-openssh -o avdev.pvk
For the public key:
$ puttygen keyfile.pem -L
sudo apt-get install putty
This will automatically install the puttygen tool.
Now to convert the PPK file to be used with SSH command execute the following in terminal
puttygen mykey.ppk -O private-openssh -o my-openssh-key
Then, you can connect via SSH with:
ssh -v user@example.com -i my-openssh-key
http://www.graphicmist.in/use-your-putty-ppk-file-to-ssh-remote-server-in-ubuntu/#comment-28603
I recently had this problem as I was moving from Putty for Linux to Remmina for Linux. So I have a lot of PPK files for Putty in my .putty directory as I've been using it's for 8 years. For this I used a simple for command for bash shell to do all files:
cd ~/.putty
for X in *.ppk; do puttygen $X -L > ~/.ssh/$(echo $X | sed 's,./,,' | sed 's/.ppk//g').pub; puttygen $X -O private-openssh -o ~/.ssh/$(echo $X | sed 's,./,,' | sed 's/.ppk//g').pvk; done;
Very quick and to the point, got the job done for all files that putty had. If it finds a key with a password it will stop and ask for the password for that key first and then continue.
It's probably easier to create your keys under linux and use PuTTYgen to convert the keys to PuTTY format.
I think what TCSgrad was trying to ask (a few years ago) was how to make Linux behave like his Windows machine does. That is, there is an agent (pageant) which holds a decrypted copy of a private key so that the passphrase only needs to be put in once. Then, the ssh client, putty, can log in to machines where his public key is listed as "authorized" without a password prompt.
The analog for this is that Linux, acting as an ssh client, has an agent holding a decrypted private key so that when TCSgrad types "ssh host" the ssh command will get his private key and go without being prompted for a password. host would, of course, have to be holding the public key in ~/.ssh/authorized_keys.
The Linux analog to this scenario is accomplished using ssh-agent (the pageant analog) and ssh-add (the analog to adding a private key to pageant).
The method that worked for me was to use: $ ssh-agent $SHELL That $SHELL was the magic trick I needed to make the agent run and stay running. I found that somewhere on the 'net and it ended a few hours of beating my head against the wall.
Now we have the analog of pageant running, an agent with no keys loaded.
Typing $ ssh-add by itself will add (by default) the private keys listed in the default identity files in ~/.ssh .
A web article with a lot more details can be found here
