e3e5784e |
1 | \cfg{man-identity}{puttygen}{1}{2004-03-24}{PuTTY tool suite}{PuTTY tool suite} |
2 | |
3 | \H{puttygen-manpage} Man page for PuTTYgen |
4 | |
5 | \S{puttygen-manpage-name} NAME |
6 | |
7 | \cw{puttygen} - public-key generator for the PuTTY tools |
8 | |
9 | \S{puttygen-manpage-synopsis} SYNOPSIS |
10 | |
11 | \c puttygen ( keyfile | -t keytype [ -b bits ] ) |
12 | \e bbbbbbbb iiiiiii bb iiiiiii bb iiii |
27507d53 |
13 | \c [ -C new-comment ] [ -P ] [ -q ] |
14 | \e bb iiiiiiiiiii bb bb |
e3e5784e |
15 | \c [ -O output-type | -l | -L | -p ] |
16 | \e bb iiiiiiiiiii bb bb bb |
17 | \c [ -o output-file ] |
18 | \e bb iiiiiiiiiii |
19 | |
20 | \S{puttygen-manpage-description} DESCRIPTION |
21 | |
22 | \c{puttygen} is a tool to generate and manipulate SSH public and |
23 | private key pairs. It is part of the PuTTY suite, although it can |
24 | also interoperate with the private key formats used by some other |
25 | SSH clients. |
26 | |
27 | When you run \c{puttygen}, it does three things. Firstly, it either |
28 | loads an existing key file (if you specified \e{keyfile}), or |
29 | generates a new key (if you specified \e{keytype}). Then, it |
30 | optionally makes modifications to the key (changing the comment |
31 | and/or the passphrase); finally, it outputs the key, or some |
32 | information about the key, to a file. |
33 | |
34 | All three of these phases are controlled by the options described in |
35 | the following section. |
36 | |
37 | \S{puttygen-manpage-options} OPTIONS |
38 | |
39 | In the first phase, \c{puttygen} either loads or generates a key. |
40 | The options to control this are: |
41 | |
42 | \dt \e{keyfile} |
43 | |
44 | \dd Specify a private key file to be loaded. This private key file can |
2e85c969 |
45 | be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2 |
46 | key format, or in either of the SSH-2 private key formats used by |
e3e5784e |
47 | OpenSSH and ssh.com's implementation. |
48 | |
49 | \dt \cw{\-t} \e{keytype} |
50 | |
51 | \dd Specify a type of key to generate. The acceptable values here are |
2e85c969 |
52 | \c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to |
53 | generate SSH-1 keys). |
e3e5784e |
54 | |
55 | \dt \cw{\-b} \e{bits} |
56 | |
57 | \dd Specify the size of the key to generate, in bits. Default is 1024. |
58 | |
27507d53 |
59 | \dt \cw{\-q} |
60 | |
61 | \dd Suppress the progress display when generating a new key. |
62 | |
e3e5784e |
63 | In the second phase, \c{puttygen} optionally alters properties of |
64 | the key it has loaded or generated. The options to control this are: |
65 | |
66 | \dt \cw{\-C} \e{new\-comment} |
67 | |
68 | \dd Specify a comment string to describe the key. This comment string |
69 | will be used by PuTTY to identify the key to you (when asking you to |
70 | enter the passphrase, for example, so that you know which passphrase |
71 | to type). |
72 | |
73 | \dt \cw{\-P} |
74 | |
75 | \dd Indicate that you want to change the key's passphrase. This is |
76 | automatic when you are generating a new key, but not when you are |
77 | modifying an existing key. |
78 | |
79 | In the third phase, \c{puttygen} saves the key or information |
80 | about it. The options to control this are: |
81 | |
82 | \dt \cw{\-O} \e{output\-type} |
83 | |
84 | \dd Specify the type of output you want \c{puttygen} to produce. |
85 | Acceptable options are: |
86 | |
87 | \lcont{ |
88 | |
89 | \dt \cw{private} |
90 | |
91 | \dd Save the private key in a format usable by PuTTY. This will either |
2e85c969 |
92 | be the standard SSH-1 key format, or PuTTY's own SSH-2 key format. |
e3e5784e |
93 | |
94 | \dt \cw{public} |
95 | |
2e85c969 |
96 | \dd Save the public key only. For SSH-1 keys, the standard public key |
97 | format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the |
e3e5784e |
98 | public key will be output in the format specified in the IETF |
99 | drafts, which is a multi-line text file beginning with the line |
100 | \q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}. |
101 | |
102 | \dt \cw{public-openssh} |
103 | |
2e85c969 |
104 | \dd Save the public key only, in a format usable by OpenSSH. For SSH-1 |
e3e5784e |
105 | keys, this output format behaves identically to \c{public}. For |
2e85c969 |
106 | SSH-2 keys, the public key will be output in the OpenSSH format, |
e3e5784e |
107 | which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}). |
108 | |
109 | \dt \cw{fingerprint} |
110 | |
111 | \dd Print the fingerprint of the public key. All fingerprinting |
112 | algorithms are believed compatible with OpenSSH. |
113 | |
114 | \dt \cw{private-openssh} |
115 | |
2e85c969 |
116 | \dd Save an SSH-2 private key in OpenSSH's format. This option is not |
117 | permitted for SSH-1 keys. |
e3e5784e |
118 | |
119 | \dt \cw{private-sshcom} |
120 | |
2e85c969 |
121 | \dd Save an SSH-2 private key in ssh.com's format. This option is not |
122 | permitted for SSH-1 keys. |
e3e5784e |
123 | |
124 | If no output type is specified, the default is \c{private}. |
125 | |
126 | } |
127 | |
128 | \dt \cw{\-o} \e{output\-file} |
129 | |
130 | \dd Specify the file where \c{puttygen} should write its output. If |
131 | this option is not specified, \c{puttygen} will assume you want to |
132 | overwrite the original file if the input and output file types are |
133 | the same (changing a comment or passphrase), and will assume you |
134 | want to output to stdout if you are asking for a public key or |
135 | fingerprint. Otherwise, the \c{\-o} option is required. |
136 | |
137 | \dt \cw{\-l} |
138 | |
139 | \dd Synonym for \q{\cw{-O fingerprint}}. |
140 | |
141 | \dt \cw{\-L} |
142 | |
143 | \dd Synonym for \q{\cw{-O public-openssh}}. |
144 | |
145 | \dt \cw{\-p} |
146 | |
147 | \dd Synonym for \q{\cw{-O public}}. |
148 | |
2285d016 |
149 | The following options do not run PuTTYgen as normal, but print |
150 | informational messages and then quit: |
151 | |
27507d53 |
152 | \dt \cw{\-h}, \cw{\-\-help} |
2285d016 |
153 | |
154 | \dd Display a message summarizing the available options. |
155 | |
27507d53 |
156 | \dt \cw{\-V}, \cw{\-\-version} |
157 | |
158 | \dd Display the version of PuTTYgen. |
159 | |
2285d016 |
160 | \dt \cw{\-\-pgpfp} |
161 | |
162 | \dd Display the fingerprints of the PuTTY PGP Master Keys, to aid |
163 | in verifying new files released by the PuTTY team. |
164 | |
e3e5784e |
165 | \S{puttygen-manpage-examples} EXAMPLES |
166 | |
2e85c969 |
167 | To generate an SSH-2 RSA key pair and save it in PuTTY's own format |
e3e5784e |
168 | (you will be prompted for the passphrase): |
169 | |
170 | \c puttygen -t rsa -C "my home key" -o mykey.ppk |
171 | |
172 | To generate a larger (2048-bit) key: |
173 | |
174 | \c puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk |
175 | |
176 | To change the passphrase on a key (you will be prompted for the old |
177 | and new passphrases): |
178 | |
179 | \c puttygen -P mykey.ppk |
180 | |
181 | To change the comment on a key: |
182 | |
183 | \c puttygen -C "new comment" mykey.ppk |
184 | |
185 | To convert a key into OpenSSH's private key format: |
186 | |
187 | \c puttygen mykey.ppk -O private-openssh -o my-openssh-key |
188 | |
189 | To convert a key \e{from} another format (\c{puttygen} will |
190 | automatically detect the input key type): |
191 | |
192 | \c puttygen my-ssh.com-key -o mykey.ppk |
193 | |
194 | To display the fingerprint of a key (some key types require a |
195 | passphrase to extract even this much information): |
196 | |
197 | \c puttygen -l mykey.ppk |
198 | |
199 | To add the OpenSSH-format public half of a key to your authorised |
200 | keys file: |
201 | |
202 | \c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys |
203 | |
204 | \S{puttygen-manpage-bugs} BUGS |
205 | |
206 | There's currently no way to supply passphrases in batch mode, or |
207 | even just to specify that you don't want a passphrase at all. |