Today, a friend asked me to login to a Linux server and he sent me a PPK file which he uses with his Putty client in
Windows. I had to generate a Public / Private key pair from that PPK file in order to use it with my SSH client in
Ubuntu. It was really easy and took me only a few minutes. I thought I should post this in my blog so it would be
helpful to somebody, and it would also be useful to me as a quick reference in future whenever I need it again.
This is how to convert your PPK file to an OpenSSH keypair.
-
First, if you don't have putty tools installed in your computer, you have to install it. This will help us when
dealing with PPK files.
sudo apt install putty-tools
-
Now we can use the
puttygen
utility to generate an OpenSSH private key from this ppk key file. To do that, run
the following command.
puttygen <your-key-file>.ppk -O private-openssh -o <new-key-file>
Ex: puttygen key.ppk -O private-openssh -o id_rsa
Here the -O
option stands for "output-type" and it specifies the type of file we want to generate. By giving it as
"private-openssh", we tell it to generate an OpenSSH private key file. You can see the manual page by running man puttygen
if you want to learn more about the other output types. (But they aren't required now).
-
Okay, now we have the private key. We can use
ssh-keygen
to generate the relavent public key for this private key file.
ssh-keygen -y -f <new-key-file> > <new-key-file>.pub
Ex: ssh-keygen -y -f id_rsa > id_rsa.pub
Here the -y
and -f
options mean the following: (taken from the Manual page)
-y = This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.
-f filename = Specifies the filename of the key file.
I hope it's clear. We are almost done.
-
Last step is to set the right permissions for the new key pair. Usually, the SSH client expects the Key files to have permission as
400
or 600
. So let's set it.
chmod 400 id_rsa
chmod 400 id_rsa.pub
Now we should be able to login to our server using the new key pair we generated.
ssh -i .ssh/do_server/id_rsa root@xxx.xxx.xxx.xxx
I hope this will be useful to somebody in future :) If this post helped you, don't forget to leave a comment and
let me know !