PuTTYgen, part of the open source network networking client PuTTY, is a crucial generating tool to create public and private SSH keys for servers. The native file format of PuTTY is .ppk files. Additionally, the tool is used for SSH connectivity. So users can use PuTTY to connect and securely transfer data from localhost to remote system.
The.pub file is your public key, and the other file is the corresponding private key. If you don’t have these files (or you don’t even have a.ssh directory), you can create them by running a program called ssh-keygen, which is provided with the SSH package on Linux/macOS systems and comes with Git for Windows.
But to use PuTTY, the private keys must be in the native format of the application. So for example, as Amazon Elastic Compute Cloud (EC2), a core part of the cloud-computing platform, generates Privacy-Enhanced Mail (PEM) file format, a user must first convert the file to .ppk file format before connecting to Linux Instance (virtual server on Amazon Web Services) from a Windows machine.
The EC2 allows users to lease virtual systems so that they can run their applications on it.
However if one plans to use PuTTY’s SSH client to connect, then they are first required to convert the .pem file to .ppk using PuTTYgen and then use PuTTY application to join local and remote hosts.
- 4 Converting .Pem to .Ppk on Unix or Linux
What Is the .Pem File Format?
Privacy-Enhanced Mail (PEM) file extension is a format that is mainly used to transmit data, certificates, email and cryptographic keys privately. The PEM file format is a tamperproof and secure way of storing and transferring data.
As a ‘.pem file’ can store multiple types of data; it represents data with appropriate suffix. While the most common is .pem suffix, others include .key for private keys and .cer or .crt for certificates. The PEM file format encodes it with the binary-to-text encoding scheme – base64 so that it represents binary data in ASCII string.
Even though the technological advancements have led to a more secure alternative to PEM container, it is still leveraged to store public and private certificates, root certificates and many others.
Unlike most file formats that are easy to convert via online conversion tools, a user requires a specific application to convert files that have .pem extensions. PuTTYgen is one such application that quickly converts f .pem files to .ppk.
Convert .Pem to .Ppk using PuTTYgen
The primary requisite is to download and install PuTTY application. As part of the networking client, PuTTYgen does not have to be downloaded separately. Users must download the latest version of the app and install the entire suite. Once installed, PuTTYgen will be ready to convert .pem files to .ppk format. We will provide detail steps to convert files on both operating systems – Windows and Unix.
Converting .Pem to .Ppk on Windows
- Click on Start menu> All Programs > PuTTY > PuTTYgen.
- The following window will present with options on the crucial a user wants to generate. Select the option ‘RSA (Rivest–Shamir–Adleman). RSA is a public-key cryptosystem that is commonly used to transmit data securely. Users with an older version of PuTTY should select the option – ‘SSH-2 RSA.’
- Next, click on the option ‘Load.’ As PuTTY supports its native file format, it will only show files that have .ppk file extension. Therefore, users have to choose the ‘All Files’ option from the drop-down bar. It will display all key files included the .pem file.
- Now, select the .pem file that you want to convert. As aforementioned that PuTTYgen is used for SSH connectivity, so it crucial for users to select the specific file that they plan to convert and click ‘Open.’ To confirm, click on ‘OK.’
- In the resultant window, click on ‘Save private key’ which will convert and save the key file in PuTTY compatible format.
- PuTTYgen will prompt a warning of saving the key without a passphrase. Hit ‘Yes’ on it.
- Now, give the name to your file and PuTTYgen will automatically add .ppk file extension.
Note – Passphrases provide extra protection, but it sometimes gets annoying as each time a user copies files they have to enter the passphrase. Although, it entirely depends on the user if they wish or don’t wish to add the extra layer of protection
Once the file is converted to PuTTY compatible format, users can connect their local machine with remote servers.
Converting .Pem to .Ppk on Unix or Linux
To convert the file on Unix is far simpler than Windows. Users are first required to install PuTTY application on their Unix machines. Once done, all a user must do is enter a one-line command. First, run the PuTTYgen command and type the below-written command:
$ sudo puttygen pemKey.pem -o ppkKey.ppk -O private
Voila! The .pem files will quickly be converted to PuTTY native file format. Users can connect via PuTTY to remote servers from local systems using the newly created .ppk files on both Windows and Unix.
Connect Using PuTTY
Once the .pem file is converted .ppk then users can connect to remote hosts using PuTTY’s SSH client. Below are steps to launch a PuTTY session.
- First, open PuTTY and input the host IP address. Please note that an SSL VPN connection must be established if the connection is to with 10.X private address.
- Now, from the category pane, navigate to Connection and expand SSH and the Auth.
- Click on ‘Browse’ and select the newly converted .ppk file, that was generated using PuTTYgen.
- Now to commence the PuTTY session, choose the option ‘open.’
Note: If the remote and local hosts connect for the first time using PuTTY then the application will pop up a dialog box confirming the authenticity of the connection. It just provides an added layer of security, so click ‘Yes’ when it appears.
Transferring Files Using PuTTY
Interestingly, one can also use PuTTY applications another component the PuTTY Secure Copy client (PSCP) to transfer files to remote servers. The PSCP is a Secure copy protocol (SCP) client that enables secure transfer of files from localhost to remote hosts.
If users are not comfortable using the command-line tool they can choose another Graphic user interface-based SCP client. One of the notable is WinSCP – an open-source multi-protocol supportive application for Microsoft Windows.
Back to PSCP, users are required to use the private key they generated while converting the .pem file to the .ppk file.
Converting a .pem file to a .ppk using PuTTYgen may now seem simple. The above information also briefs users on using PuTTY’s SSH client to connect virtual servers with local machines.
PuTTYgen is a key generator tool for creating pairs of public and private SSH keys. It is one of the components of the open-source networking client PuTTY. Although originally written for Microsoft Windows operating system, it is now officially available for multiple operating systems including macOS, Linux. PuTTYgen.exe is the graphical tool on Windows OS. While on the other side, Linux OS has the only command-line version could be accessible using SSH commands.
- 1 Download PuTTYgen
- 1.1 Download PuTTYgen on Windows
- 1.2 Download PuTTYgen for Mac
- 1.3 Download PuTTYgen for Ubuntu/Linux
- 1.3.3 Types of Keys Supported on PuTTYgen
Puttygen aka Putty Key Generator
The key generation utility – PuTTYgen can create various public-key cryptosystems including Rivest–Shamir–Adleman (RSA), Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), and Edwards-curve Digital Signature Algorithm (EdDSA) keys.
The aforementioned public-key cryptosystems principally focus on secure data transmission and digital signatures.
Although PuTTYgen collects keys in its native file format i.e. .ppk files, the keys can easily be converted to any file format. For Windows, the software interface is PuTTYgen.exe, whereas, for Linux OS the command-line adaptation is available using SSH commands.
How to use PuTTYgen?
PuTTYgen is used to generate public or private key pair for creating SSH keys. Below is the complete guidance about how to generate RSA key in the Windows operating system:
- Once you install the PuTTY on your machine, you can easily run PuTTYgen. For the same, go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen.
- You will see the PuTTY key generator dialog box on your screen
- You will find a “Generate” button in that dialog. Clicking on it will lead to generating the keys for you.
- Now you will need to add a unique key passphrase in the Key passphrase and Confirm passphrase field.
- Click on the “Save Public Key” and “Save Private Key” buttons to save your public and private keys.
- You will see the text starting with ssh-RSA in the Public key for pasting into OpenSSH authorized_keys file field which is located at the top of the window. Copy that entire text to your clipboard by pressing ctrl+c as you will require the key to paste on your clipboard in the public key tool of control panel or directly on the cloud server.
Various Ways to Use RSA Key Pair
RSA key pair generated through PuTTYgen is used in two various ways defined as below:
- To assign while creating a new cloud server
You can choose the public key from the given list of keys at the time of creating a cloud server. If you don’t find your key in that list, then first add and then assign it.
- Assign to an existing cloud server
At the time of connecting to the cloud server, first of all, you need to tell PuTTY to use it for utilizing your newly created RSA key pair.
PuTTYgen being a component of the terminal emulator PuTTY does not have to be downloaded separately, hence, comes with the PuTTY .msi installation package. You can follow the simple steps to download PuTTYgen software for your system. That is the reason why you don’t need to download PuTTYgen separately. Once you download PuTTY software, you will be able to install and run PuTTYgen easily in no time. Below is the complete instruction about how to download and install PuTTY on Windows.
Apart from that, it is also integrated into third-party programs such as WinSCP installation package. Below you can find a complete PuTTYgen download and installation guide for all operating systems.
Download PuTTYgen on Windows
To download PuTTYgen the primary requisite is to acquire the copy of PuTTY installation package. For the 64-bit operating system, one must install the 64-bit version of PuTTY, i.e. putty-64bit-<version>-installer.msi.Similarly, for the 32-bit operating system, the respective 32-bit version of PuTTY, i.e. putty-<version>-installer.msi needs to be installed.
To get PuTTY, go to PuTTY Installation Download page, whereby the complete installation package will be available with setup instructions, installation guide, and download links to all other components of PuTTY such as putty.exe, pscp.exe, psftp.exe, puttytel.exe, plink.exe, pageant.exe and putty.zip.
Putty Key File
Following the successful download of the PuTTY installation package. It is time to install the program. Go to How to install PuTTY on Windows, whereby you will find the step by step guidance for PuTTY installation for Windows operating system.
After successfully downloading and installing PuTTY on your Windows machine, you are just 2-3 clicks away to run PuTTYgen. Follow the below-given step by step guidance to run PuTTYgen:
Run PuTTYgen on Windows
To run PuTTYgen, Go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen. You will see a window for the PuTTY Key Generator on your screen.
Voila! Now you can generate public or private key pair using PuTTYgen.
Download PuTTYgen for Mac
Below is the detailed guide to download PuTTYgen on Mac operating system. Mac OS has a built-in command-line SSH client known as Terminal. To utilize it, go to Finder and then opt for Go -> utilities from the top menu. After that find the terminal which supports SSH connections to remote servers.
However, to run PuTTYgen for mac, the first one must have to install PuTTY. There are multiple ways to install PuTTY, which are Homebrew or MacPorts. Both alternatives will also install the command-line of adaptations of PuTTYgen.
Ported PuTTY for Mac
Mac has the port of PuTTY which can be installed in various ways described as below:
- Installation using Homebrew:
First, install the ‘brew command line’ Once installed use the below-given command to install PuTTY:-
sudo brew install putty
- Installation using MacPorts:
First of all, one must install MacPorts and then use the command-line to install PuTTY. Here is the command to install PuTTY via MacPorts
sudo port install putty
Additionally, a user can also add a shortcut to the desktop by writing the following command line
–cp /opt/local/bin/putty ~/Desktop/PuTTY
However, there is an alternative way to install PuTTY on Mac OS. Cyberduck is a widely used Mac OS SSH Client. Once PuTTY installed on the Mac OS, a user can convert PuTTY derived private key format to OpenSSH.
To convert the private key to standard PEM format, type the following command –
puttygen privatekey.ppk -O private-openssh -o privatekey.pem
You can also read the guide to convert .pem file to .ppk using puttygen.
Download PuTTYgen for Ubuntu/Linux
To download PuTTYgen for Ubuntu (Linux) operating system, a user to first install PuTTY. However, in some Linux distributions, the SSH key generation tool – PuTTYgen needs to be installed independently from the PuTTY client.
For example, Debian Linux requires the below-given code to install PuTTYgen:
sudo apt install putty-tools
Generate Key Pair for Authentication in Linux
To create the key pair for authentication in Linux use the below command:-
puttygen -t rsa -b 2048 -C '[email protected]' -o keyfile.ppk
Various Command Line Options of PuTTY in Linux
Below are few important command line options in the Linux operating system for PuTTY:
PuTTYgen [-t keytype [-b bits] [-q] keyfile]
[-C new-comment] [-P]
[-O output-type -p -l -L]
- Keyfile – It is the name of the existing key file to read at the time of changing the current key.
- –t keytype – The command specifies the type of key to creating. Its acceptable values are RSA and dsa.rsa1.
- -b bits – This command specifies a total number of bit in a particular key. 1024 is the perfect size for DSA key, while 2048 or 4096 are the perfect size for RSA keys.
- –q – The command suppresses the message about progress at the time of key generation.
- -C new-comment – The command will specify the comment to describe the key. It can be used for the new and/or existing key. Key operation is not affected by a comment. However, it is used to recognize the key owner, it’s not reliable completely as any value can be applied to it.
- –P – Using the command will update the passphrase of a key. Passphrase helps to encrypt the private key. As passphrase can’t add or update on a command line, it prompts a new passphrase tool to alter it.
- –old-passphrase-file – The old password of the key remains in this file. The command is used when the key is protected by a passphrase.
- –new-passphrase file – This command prompts the new passphrase of the key. It comes in the action either at the time of generating a new key or while applying –P command to change the passphrase.
- -O output-type – This command defines what to give in output. By default, the private key is the output.
Thus, above are the prominent commands of PuTTYgen in Linux operating system. Besides that, there are many other commands available to perform various tasks from the command prompt in Linux at flank speed.
Types of Keys Supported on PuTTYgen
It is important to know the types of key PuTTYgen supports prior to using it. Below are the key types that it currently supports for SSH-2 and SSH-1 protocol:-
- SSH-1 protocol:- For SSH-1 only supports one key i.e. Rivest–Shamir–Adleman (RSA)
- SSH-2 protocol: – SSH-2 supports multiple key types that include – Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA) and Ed25519.
The above description is a detailed brief on downloading and running PuTTYgen on all major operating systems. For further details please check the Download PuTTY page.