ui_puttygen » Revisions »
Differences
This shows you the differences between the selected revisions of the page.
| 2019-09-17 | 2020-01-13 | ||
| Restored revision 1557330639. Undoing revision 1568708565. (martin) (hidden) | update from the latest putty documentation (less focus on ssh-1) (martin) | ||
| Line 13: | Line 13: | ||
| &screenshotpict(puttygen) | &screenshotpict(puttygen) | ||
| - | When you run PuTTYgen you will see a window where you have two choices: //Generate//, to generate a new public/private key pair, or //Load// to load in an existing private key. | + | When you run PuTTYgen you will see a window where you have two main choices: //Generate//, to generate a new public/private key pair, or //Load// to load in an existing private key. |
| ===== [[generating]] Generating a New Key ===== | ===== [[generating]] Generating a New Key ===== | ||
| Line 23: | Line 23: | ||
| * Now you're ready to [[#saving_private|save the private key to disk]]; press the //Save private key// button. | * Now you're ready to [[#saving_private|save the private key to disk]]; press the //Save private key// button. | ||
| - | Your key pair is now ready for use. You may also want to copy the public key to your server, either by copying it out of the //[[#authorized_keys|Public key for pasting into authorized_keys file]]// box, or by using the //[[#saving_public|Save public key]]// button. However, you don't need to do this immediately; if you want, you can [[#reloading|load the private key]] back into PuTTYgen later and the public key will be available for copying and pasting again. | + | Your key pair is now ready for use. You may also want to copy the public key to your server, either by copying it out of the //[[#authorized_keys|Public key for pasting into OpenSSH authorized_keys file]]// box, or by using the //[[#saving_public|Save public key]]// button. However, you don't need to do this immediately; if you want, you can [[#reloading|load the private key]] back into PuTTYgen later and the public key will be available for copying and pasting again. |
| For more details refer to guide to [[guide_public_key|setting up public key authentication]]. | For more details refer to guide to [[guide_public_key|setting up public key authentication]]. | ||
| Line 29: | Line 29: | ||
| ===== [[type]] Selecting the Type of Key ===== | ===== [[type]] Selecting the Type of Key ===== | ||
| - | Before generating a key pair using PuTTYgen, you need to select which type of key you need. PuTTYgen currently supports these types of key: | + | Before generating a key pair using PuTTYgen, you need to select which type of key you need. |
| + | |||
| + | The current version of the SSH protocol, SSH-2, supports several different key types. PuTTYgen can generate: | ||
| * An RSA key for use with the %%SSH-2%% protocol. | * An RSA key for use with the %%SSH-2%% protocol. | ||
| Line 35: | Line 37: | ||
| * An ECDSA (elliptic curve %%DSA%%) key for use with the %%SSH-2%% protocol. | * An ECDSA (elliptic curve %%DSA%%) key for use with the %%SSH-2%% protocol. | ||
| * An Ed25519 key (another elliptic curve algorithm) for use with the %%SSH-%%2 protocol. | * An Ed25519 key (another elliptic curve algorithm) for use with the %%SSH-%%2 protocol. | ||
| - | * An %%RSA%% key for use with the %%SSH-1%% protocol. | ||
| - | |||
| - | The %%SSH-2%% protocol supports more than one key type. The types supported by WinSCP are %%RSA%%, %%DSA%%, %%ECDSA%%, and Ed25519. | ||
| - | The %%SSH-1%% protocol only supports %%RSA%% keys; if you will be connecting using the %%SSH-1%% protocol, you must select the last key type or your key will be completely useless. | + | PuTTYgen can also generate an %%RSA%% key suitable for use with the old %%SSH-1%% protocol (which only supports %%RSA%%); for this, you need to select the //%%SSH-1%% (%%RSA%%)// option. Since the %%SSH-1%% protocol is no longer considered secure, it's rare to need this option. |
| ===== [[size]] Selecting the Size (Strength) of the Key ===== | ===== [[size]] Selecting the Size (Strength) of the Key ===== | ||
| Line 109: | Line 108: | ||
| If you use this option with an SSH-1 key, the file PuTTYgen saves will contain exactly the same text that appears in the //Public key for pasting// box. This is the only existing standard for SSH-1 public keys. | If you use this option with an SSH-1 key, the file PuTTYgen saves will contain exactly the same text that appears in the //Public key for pasting// box. This is the only existing standard for SSH-1 public keys. | ||
| - | ===== [[authorized_keys]] Public Key for Pasting into authorized_keys File ===== | + | ===== [[authorized_keys]] Public Key for Pasting into OpenSSH authorized_keys File ===== |
| - | All SSH-1 servers require your public key to be given to it in a one-line format before it will accept authentication with your private key. The OpenSSH server also requires this for SSH-2. | + | The OpenSSH server, among others, requires your public key to be given to it in a one-line format before it will accept authentication with your private key. (SSH-1 servers also used this method.) |
| - | The //Public key for pasting into authorized_keys file// gives the public-key data in the correct one-line format. | + | The //Public key for pasting into OpenSSH authorized_keys file// gives the public-key data in the correct one-line format. |
| For more details refer to guide to [[guide_public_key|setting up public key authentication]]. | For more details refer to guide to [[guide_public_key|setting up public key authentication]]. | ||
| Line 129: | Line 128: | ||
| ===== [[other_formats]] Dealing with Private Keys in Other Formats ===== | ===== [[other_formats]] Dealing with Private Keys in Other Formats ===== | ||
| - | Most SSH-1 clients use a standard format for storing private keys on disk. WinSCP uses this format as well; so if you have generated an SSH-1 private key using OpenSSH or ssh.com's client, you can use it with WinSCP, and vice versa. | + | SSH-2 private keys have no standard format. OpenSSH and ssh.com have different formats, and WinSCP's is different again. So a key generated with one client cannot immediately be used with another. |
| - | + | ||
| - | However, SSH-2 private keys have no standard format. OpenSSH and ssh.com have different formats, and WinSCP's is different again. So a key generated with one client cannot immediately be used with another. | + | |
| - | Using the //Import// command from the //Conversions// menu, PuTTYgen can load SSH-2 private keys in OpenSSH's format and ssh.com's format. Once you have loaded one of these key types, you can then save it back out as a PuTTY-format key (''*.PPK'') so that you can use it with the WinSCP. The passphrase will be unchanged by this process (unless you deliberately change it). You may want to change the key comment before you save the key, since OpenSSH's SSH-2 key format contains no space for a comment and ssh.com's default comment format is long and verbose. | + | Using the //Import// command from the //Conversions// menu, PuTTYgen can load SSH-2 private keys in OpenSSH's format and ssh.com's format. Once you have loaded one of these key types, you can then save it back out as a PuTTY-format key (''*.PPK'') so that you can use it with the WinSCP. The passphrase will be unchanged by this process (unless you deliberately change it). You may want to change the key comment before you save the key, since some OpenSSH key format contained no space for a comment, and ssh.com's default comment format is long and verbose. |
| PuTTYgen can also export private keys in OpenSSH format and in ssh.com format. To do so, select one of the //Export// options from the //Conversions// menu. Exporting a key works exactly like [[#saving_private|saving it]] -- you need to have typed your passphrase in beforehand, and you will be warned if you are about to save a key without a passphrase. | PuTTYgen can also export private keys in OpenSSH format and in ssh.com format. To do so, select one of the //Export// options from the //Conversions// menu. Exporting a key works exactly like [[#saving_private|saving it]] -- you need to have typed your passphrase in beforehand, and you will be warned if you are about to save a key without a passphrase. | ||
| Line 139: | Line 136: | ||
| For OpenSSH there are two options. Modern OpenSSH actually has two formats it uses for storing private keys. //Export OpenSSH key// will automatically choose the oldest format supported for the key type, for maximum backward compatibility with older versions of OpenSSH; for newer key types like Ed25519, it will use the newer format as that is the only legal option. If you have some specific reason for wanting to use OpenSSH's newer format even for RSA, DSA, or ECDSA keys, you can choose //Export OpenSSH key (force new file format)//. | For OpenSSH there are two options. Modern OpenSSH actually has two formats it uses for storing private keys. //Export OpenSSH key// will automatically choose the oldest format supported for the key type, for maximum backward compatibility with older versions of OpenSSH; for newer key types like Ed25519, it will use the newer format as that is the only legal option. If you have some specific reason for wanting to use OpenSSH's newer format even for RSA, DSA, or ECDSA keys, you can choose //Export OpenSSH key (force new file format)//. | ||
| - | Note that since only SSH-2 keys come in different formats; the export options are not available if you have generated an SSH-1 key. ((&puttydoccite)) | + | Most clients for the older SSH-1 protocol use a standard format for storing private keys on disk. PuTTY uses this format as well; so if you have generated an %%SSH-1%% private key using OpenSSH or ssh.com's client, you can use it with WinSCP, and vice versa. Hence, the export options are not available if you have generated an %%SSH-1%% key. |
| You can also use WinSCP ''[[commandline#keygen|/keygen]]'' command-line switch to convert the private key from other formats. | You can also use WinSCP ''[[commandline#keygen|/keygen]]'' command-line switch to convert the private key from other formats. | ||