Differences between SSH key generated by ssh-keygen and Puttygen

There are some key differences between SSH keys generated by ssh-keygen and Puttygen so you may run into problems importing or adding keys generated by the latter one, while importing ssh-keygen‘s keys goes swimmingly.

Here are some tips on this problem. Of course, we’re talking about public SSH keys, as private one are secret and shouldn’t be added or imported anywhere.

Public SSH key generated by ssh-keygen are as simple as possible (stored in one line, as single, not terminated string) and look like that:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwQ1EerHxB9LtK+bQbeHikGkrvEEEjz0x2WpMP6zys8HX

In most cases you can import or add them right away, by copying and pasting whole string into proper field or by uploading entire file.

Things goes a little bit more complicated with Puttygen, that is a program added as support for generating SSH Keys for famousy PuTTy program. It generates very similar public SSH key, splitting it to 64 characters per line, but when writing it to a file, it surrounds key with additional information. For example:

PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key-20050813
Public-Lines: 4
Private-Lines: 8
Private-MAC: 2a2a44e6ab921d5c8ab6bdf198ba1575e3d839c9

Plus — as you can see — it stores pair of both private and public in one file. That is, why you can’t and shouldn’t in the same time upload, paste or add this file anywhere.

Instead, copy all lines put between Public-Lines: 4 and Private-Lines: 8 and use them as SSH key in a format very similar to the one generated by ssh-keygen. Depending on to what kind of service you’re adding or uploading your public SSH keys, you may need to do some additional things with string extracted the way described above.

This includes:

  • adding space () and your e-mail in the end of SSH key string,
  • joining all lines together, to one line and single, un-terminated string,
  • prepending your key (either one- or multi-line) with type of a key (PuTTY-User-Key-File-2 field’s value, ssh-rsa in this example).

But after these (or some similar) simple operations your Puttygen’s generated public SSH key should be accepted just as it would be generated by ssh-keygen.

Alternatively, you can open Puttygen, load your private key and copy entire contents of edit field named Public key for pasting into OpenSSH authorized_keys file.

Note, that if you generate public SSH key for the very same machine, and with the same type (for example SSH RSA), using both methods (ssh-keygen and Puttygen), it may in some certain situations be equal (part between Public-Lines: 4 and Private-Lines: 8 in case of latter generator) or can differ a little bit (for example, the same beginning, different ending). I don’t know, when what happens.

Leave a Reply