How To Generate Putty Keys wit Puttygen?
Puttygen is used to generate ssh public and private keys for putty. We can use a different type of encryption algorithms bit sizes and ssh versions. In this tutorial, we will look at useful examples of puttygen.
Install Puttygen To Linux
puttygen is provided with putty packages most of the Linux distributions like Ubuntu, Debian, Fedora, CentOS, RedHat.
puttygen tool is provided with the
putty package in Debian, Mint, Ubuntu, Kali.
$ sudo apt install putty
Fedora, CentOS, RedHat
puttygen tool is provided with the
putty package in Fedora, CentOS, RedHat.
$ sudo yum install putty
Windows binaries are provided with the following URL.
Syntax of puttygen is like below. puttygen is simple command where there are two parameters named KEYFILE, OPTIONS.
puttygen KEYFILE OPTINONS
KEYFILEis the file we read
OPTIONSare used to specify size, output key file etc.
Create Key From puttygen GUI
puttygen tool is provided with a GUI in Windows operating systems. We can download this GUI tool which is explained in the Download For Windows section. Then from the tool, we will be provided a simple screen where we can set different parameters about the cryptographic key creation.
We can see that there is 3 main part of the window.
Keypart provides the key in ASCII format
Actionspart will provide buttons for Key generation, Load Existing Key, Save Public Key, Save Private Key.
Parameterspart provides the key type selection like
SSH-1 (RSA)and the size of the key as bits where default size is 2048 which is accepted as secure.
Create 2048 RSA Key with Puttygen GUI
We can generate an RSA key which is 2048 bit by using the following configuration for the puttygen. We will click to the
Generate button with the default parameters. As cryptography and security are based randomness puttygen need real random data which can be provided with the random mouse hovering over the screen.
At the end of the key generation, the following screen will appear where information about the generated key will be presented.
Key fingerprintis a value which uniquely identifies the created key
Key commentis a short description of the created key.
Key passphraseis a passphrase or password to encrypt created key.
We can also create different type and size of the keys by changing parameters like below.
- Create 2048 DSA Key with Puttygen GUI
- Create 4096 RSA Key with Puttygen GUI
- Create 4096 DSA Key with Puttygen GUI
Load Existing Key To Puttygen GUI
We can load existing puttygen generated a key or key pairs easily. We will use the
Load button where we can specify the key file.
Save Generated Public Key To A File
After creating a Public and Private Key Pair we can save these created keys. We can save generated Public Key into a file with the
Save public key.
Save Generated Private Key To A File
We can also save the generated Private Key into the file with the
Save private key button like below.
Create Key with Default Options From Command Line
We can generate keys with the following command. In this example, we will generate an RSA type key file named
ppk is the extension of the putty keys.
$ puttygen -t rsa -o test.ppk
Set Key Size From Command Line
We have the option to set the size of the putty key. More in size means more secure but less performance. But the performance loss is negligible. We can set the size with
-b option. We will provide size as bit unit. In this example, we will set the key file size
4096 bit .
$ puttygen -t rsa -b 4096 -o test.ppk
Change Passphrase From Command Line
Keys are protected with symmetric encryption. This means
ppk keys are encrypted and we need to use a passphrase. We can also change the current passphrase with
-P option. In order to change the existing passphrase, we should provide old passphrase too.
$ puttygen mykey.ppk -P
Set Comment To Key From Command Line
In the enterprise environment, we may have multiple keys where we cannot remember actually what it was. Or we may need to put some comment about keys on the key file. We can use –
C and the comment we want to set.
$ puttygen mykey.ppk -C "My key"