PuTTYgen, also known as ‘’PuTTY Key Generator’’ is a utility tool used to generate public and private keys for PuTTY. It is an integral part of the free and open source terminal client PuTTY. Initially developed for Windows, it is now officially available for Mac, and Linux OS .
PuTTYgen saves the private key in its own .ppk file format. It has ability to convert keys to other format for compatible with various SSH Clients. It supports two types of key, for SSH-1 protocol RSA (Rivest Shamir Adlman) and for SSH-2 DSA (Digital Signature Algorithm), ECDSA (Elliptic Curve Digital Signature Algorithm), and ed25519 – EdDSA (Edward Digital Signature Curve).
Table of Contents
Download and Install PuTTYgen on Windows
To download PuTTYgen for Windows, you need to have PuTTY software installed on your Windows pc. It comes bundled with the PuTTY installation package. Once PuTTY on windows is downloaded and installed successfully, user can access PuTTYgen in Windows. Alternatively, You can download it separately, if the entire PuTTY suite is not needed.
PuTTYgen.exe tool is used on Windows operating system and is suitable for both 32-bit and 64-bit version. You should have to download latest version PuTTY according to your OS-supporting version.
If WindowOS is 32-bit, then (putty-<version>-installer.msi) version and for 64-bit (putty-64bit-<version>-installer.msi) version of PuTTY download.
List of Windows operating systems that support PuTTYgen:
- Window 7.
- Windows 8.
- Window 8.1
- Windows XP.
- Windows 10.
- Windows 11.
and support for almost any Windows OS.
How to Run PuTTYgen on Windows Operating System:
To run PuTTYgen, go to Windows > Start Menu > All Programs > PuTTY > PuTTYgen.
Now click on PuTTYgen and the PuTTY Key Generator Windows appear.
Use PuTTYgen for Creating a new SSH key Pair on Windows:
PuTTYgen is a RSA and DSA key generator tool with more advanced security options. Here we provide the process to generate RSA key in Windows:
Open PuTTYgen Window, Select the Type of key to generate to RSA and the number of bits in key to 2048.
Moving the mouse continuously to add more complexity on the generating key to prevent unauthorized access.
Now add a unique key passphrase in the key passphrase and confirm passphrase to secure the private key file.
It is highly recommended to use passphrase for key which is designed for active use security. When connecting to remote server, it improves security by preventing unauthorized user using private key for authentication.
Click on Save Private Key and Save Public Key to save the public or private key pair.
These public and private key pairs are commonly used for secure communication like SSH (Secure Shell) for authentication and encryption.
Changing the Passphrase of Key:
To modify the passphrase of private key, click on Load and select the created or existing private key file. Enter the current passphrase of the key. Then go to key passphrase section and enter new passphrase for the key. After this click on save private key button to save the file with new passphrase.
You can also convert pem file to ppk file format.
Configure PuTTY to use SSH Key:
Firstly, configure PuTTY SSH session with remote server. Then in PuTTY configuration windows left panel, go to Connection>SSH>Auth>Credentials. Click on Browse and select the previously generated private key.
Enter the passphrase of key. Then click on Open to start the connection. Enter the password and username when prompted. By this you connect to remote server without password.
Download and Install PuTTYgen on Linux
In the Linux operating system, PuTTYgen can be obtained by command line which is managed by SSH commands. To acquire PuTTYgen in Linux/ubuntu, download PuTTY first. In some Linux distro, PuTTYgen can download independently from the PuTTY client.
For instance, in Debian Linux distribution PuTTYgen obtained by executing command: –
sudo apt install putty-tools
This install the PuTTY suite package and access PuTTYgen by running command:
puttygen
then press enter.
Generating new Key Pairs for SSH Authentication in Linux:
Create a new RSA Key pair for authentication in Linux terminal, by executing command: –
puttygen –t rsa –b 2048 –C “user@host” –o keyfile.ppk
Change the Passphrase of the Private Key:
Modify passphrase of the existing private key, by performing command:
puttygen -P mykey.ppk
After this you will prompted to enter the old passphrase and then enter new passphrase.
Changing the Comment on Key:
Run this command to alter the comment associated with the private key:
puttygen -C “new comment” mykey.ppk
Command Line Option on Linux Server:
PuTTYgen support various command line options in Linux:
PuTTYgen [-t key type [-b bits] [-q] | keyfile]
[ -C new-comment] [-P]
[-O output-type |-p | -1 |-L]
[-o output-file]
Here:
key file – This is the name of an existing key file that PuTTYgen command will load and convert.
-t key type – This command identifies the type of new key to generate. Its allowable values are rsa and dsa.rsa1.
-b bits – Identifies the number of bits in a particular key. It is recommended that 1024 bits for DSA keys and 2048 or 2096 bits for RSA keys are perfect size.
-q – This command prevents the message about progress during the time of key generation.
-C new-comment – This command identifies a comment to provide details about key. The comment does not have any effect on the key operation. The comment can be used for both the new key and the existing key. The comment can be used to determine key owner, but cannot depend upon it because any other value can be applied to it.
-P – This command will change the passphrase of the key. The passphrase encrypts the private key. The tool results in a new passphrase. The Passphrase cannot be on the command line.
-old-passphrase-file It identifies the file from which the old passphrase key will read. This command is only used for keys that are protected by a passphrase.
-new-passphrase -file – This command prompt to enter a new passphrase of the key. This is used when the -p command changes the passphrase or at the time of creating a new SSH key.
-O output type – This command convert the private key to another format. for example -O private-openssh change the private key to the OpenSSH format.
-o output-file – This command identifies the output file. This option allows to specify the file to which the generated key or transform key will be saved.
-h or –help – The help text is output.
-L – This command specify the supported key types.
-V or –version – The different number of version tools produced.
Hence, these are a few important PuTTYgen commands in the Linux operating system. There are other SSH commands in Linux to perform in the command line terminal.
These options provide a way to customize the behavior of PuTTYgen from the command line, allowing you to generate and convert cryptographic keys. Depending on your specific use case, you would use different combinations of these options.
Download and Install PuTTYgen on Mac
To acquire PuTTYgen for Mac operating system, you must install PuTTY first. Both Mac and Linux OS has built-in command line interface, allowing to access PuTTYgen by using via SSH commands. You can find command line on utility option from the top menu. After that find the terminal to support the SSH connection for remote connection.
In Macos, PuTTYgen installed by using package manager like Homebrew, MacPorts method.
Homebrew Method: –
If you don’t have Homebrew installed, first install it and execute command to install PuTTY SSH client: –
brew install putty
after completing the PuTTY installation, enter puttygen in terminal to open PuTTYgen,
MacPorts Method: –
PuTTYgen is also installed by Macports. First install MacPorts on your system.
However PuTTYgen does not come directly with PuTTY package in Macports method. To download PuTTYgen execute this command: –
sudo port install putty +puttygen
Note: + sign is used to add the additional feature that you want when installing the port.
after complete installation, to open PuTTYgen run command: –
puttygen
PuTTYgen is a versatile and powerful tool for generating and managing SSH keys across various operating systems. Its graphical interface and command-line capabilities make it essential for secure authentication and strengthen remote server connections.