e3e5784e |
1 | \cfg{man-identity}{puttygen}{1}{2004-03-24}{PuTTY tool suite}{PuTTY tool suite} |
2 | |
3 | \H{puttygen-manpage} Man page for PuTTYgen |
4 | |
5 | \S{puttygen-manpage-name} NAME |
6 | |
7 | \cw{puttygen} - public-key generator for the PuTTY tools |
8 | |
9 | \S{puttygen-manpage-synopsis} SYNOPSIS |
10 | |
11 | \c puttygen ( keyfile | -t keytype [ -b bits ] ) |
12 | \e bbbbbbbb iiiiiii bb iiiiiii bb iiii |
27507d53 |
13 | \c [ -C new-comment ] [ -P ] [ -q ] |
14 | \e bb iiiiiiiiiii bb bb |
e3e5784e |
15 | \c [ -O output-type | -l | -L | -p ] |
16 | \e bb iiiiiiiiiii bb bb bb |
17 | \c [ -o output-file ] |
18 | \e bb iiiiiiiiiii |
19 | |
20 | \S{puttygen-manpage-description} DESCRIPTION |
21 | |
22 | \c{puttygen} is a tool to generate and manipulate SSH public and |
23 | private key pairs. It is part of the PuTTY suite, although it can |
24 | also interoperate with the private key formats used by some other |
25 | SSH clients. |
26 | |
27 | When you run \c{puttygen}, it does three things. Firstly, it either |
28 | loads an existing key file (if you specified \e{keyfile}), or |
29 | generates a new key (if you specified \e{keytype}). Then, it |
30 | optionally makes modifications to the key (changing the comment |
31 | and/or the passphrase); finally, it outputs the key, or some |
32 | information about the key, to a file. |
33 | |
34 | All three of these phases are controlled by the options described in |
35 | the following section. |
36 | |
37 | \S{puttygen-manpage-options} OPTIONS |
38 | |
39 | In the first phase, \c{puttygen} either loads or generates a key. |
6475463f |
40 | Note that generating a key requires random data (from |
41 | \c{/dev/random}), which can cause \c{puttygen} to pause, possibly for |
42 | some time if your system does not have much randomness available. |
43 | |
44 | The options to control this phase are: |
e3e5784e |
45 | |
46 | \dt \e{keyfile} |
47 | |
48 | \dd Specify a private key file to be loaded. This private key file can |
2e85c969 |
49 | be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2 |
50 | key format, or in either of the SSH-2 private key formats used by |
e3e5784e |
51 | OpenSSH and ssh.com's implementation. |
52 | |
53 | \dt \cw{\-t} \e{keytype} |
54 | |
55 | \dd Specify a type of key to generate. The acceptable values here are |
2e85c969 |
56 | \c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to |
57 | generate SSH-1 keys). |
e3e5784e |
58 | |
59 | \dt \cw{\-b} \e{bits} |
60 | |
61 | \dd Specify the size of the key to generate, in bits. Default is 1024. |
62 | |
27507d53 |
63 | \dt \cw{\-q} |
64 | |
65 | \dd Suppress the progress display when generating a new key. |
66 | |
e3e5784e |
67 | In the second phase, \c{puttygen} optionally alters properties of |
68 | the key it has loaded or generated. The options to control this are: |
69 | |
70 | \dt \cw{\-C} \e{new\-comment} |
71 | |
72 | \dd Specify a comment string to describe the key. This comment string |
73 | will be used by PuTTY to identify the key to you (when asking you to |
74 | enter the passphrase, for example, so that you know which passphrase |
75 | to type). |
76 | |
77 | \dt \cw{\-P} |
78 | |
79 | \dd Indicate that you want to change the key's passphrase. This is |
80 | automatic when you are generating a new key, but not when you are |
81 | modifying an existing key. |
82 | |
83 | In the third phase, \c{puttygen} saves the key or information |
84 | about it. The options to control this are: |
85 | |
86 | \dt \cw{\-O} \e{output\-type} |
87 | |
88 | \dd Specify the type of output you want \c{puttygen} to produce. |
89 | Acceptable options are: |
90 | |
91 | \lcont{ |
92 | |
93 | \dt \cw{private} |
94 | |
95 | \dd Save the private key in a format usable by PuTTY. This will either |
2e85c969 |
96 | be the standard SSH-1 key format, or PuTTY's own SSH-2 key format. |
e3e5784e |
97 | |
98 | \dt \cw{public} |
99 | |
2e85c969 |
100 | \dd Save the public key only. For SSH-1 keys, the standard public key |
101 | format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the |
4b33f610 |
102 | public key will be output in the format specified by RFC 4716, |
103 | which is a multi-line text file beginning with the line |
e3e5784e |
104 | \q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}. |
105 | |
106 | \dt \cw{public-openssh} |
107 | |
2e85c969 |
108 | \dd Save the public key only, in a format usable by OpenSSH. For SSH-1 |
e3e5784e |
109 | keys, this output format behaves identically to \c{public}. For |
2e85c969 |
110 | SSH-2 keys, the public key will be output in the OpenSSH format, |
e3e5784e |
111 | which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}). |
112 | |
113 | \dt \cw{fingerprint} |
114 | |
115 | \dd Print the fingerprint of the public key. All fingerprinting |
116 | algorithms are believed compatible with OpenSSH. |
117 | |
118 | \dt \cw{private-openssh} |
119 | |
2e85c969 |
120 | \dd Save an SSH-2 private key in OpenSSH's format. This option is not |
121 | permitted for SSH-1 keys. |
e3e5784e |
122 | |
123 | \dt \cw{private-sshcom} |
124 | |
2e85c969 |
125 | \dd Save an SSH-2 private key in ssh.com's format. This option is not |
126 | permitted for SSH-1 keys. |
e3e5784e |
127 | |
128 | If no output type is specified, the default is \c{private}. |
129 | |
130 | } |
131 | |
132 | \dt \cw{\-o} \e{output\-file} |
133 | |
134 | \dd Specify the file where \c{puttygen} should write its output. If |
135 | this option is not specified, \c{puttygen} will assume you want to |
136 | overwrite the original file if the input and output file types are |
137 | the same (changing a comment or passphrase), and will assume you |
138 | want to output to stdout if you are asking for a public key or |
139 | fingerprint. Otherwise, the \c{\-o} option is required. |
140 | |
141 | \dt \cw{\-l} |
142 | |
143 | \dd Synonym for \q{\cw{-O fingerprint}}. |
144 | |
145 | \dt \cw{\-L} |
146 | |
147 | \dd Synonym for \q{\cw{-O public-openssh}}. |
148 | |
149 | \dt \cw{\-p} |
150 | |
151 | \dd Synonym for \q{\cw{-O public}}. |
152 | |
2285d016 |
153 | The following options do not run PuTTYgen as normal, but print |
154 | informational messages and then quit: |
155 | |
27507d53 |
156 | \dt \cw{\-h}, \cw{\-\-help} |
2285d016 |
157 | |
158 | \dd Display a message summarizing the available options. |
159 | |
27507d53 |
160 | \dt \cw{\-V}, \cw{\-\-version} |
161 | |
162 | \dd Display the version of PuTTYgen. |
163 | |
2285d016 |
164 | \dt \cw{\-\-pgpfp} |
165 | |
166 | \dd Display the fingerprints of the PuTTY PGP Master Keys, to aid |
167 | in verifying new files released by the PuTTY team. |
168 | |
e3e5784e |
169 | \S{puttygen-manpage-examples} EXAMPLES |
170 | |
2e85c969 |
171 | To generate an SSH-2 RSA key pair and save it in PuTTY's own format |
e3e5784e |
172 | (you will be prompted for the passphrase): |
173 | |
174 | \c puttygen -t rsa -C "my home key" -o mykey.ppk |
175 | |
176 | To generate a larger (2048-bit) key: |
177 | |
178 | \c puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk |
179 | |
180 | To change the passphrase on a key (you will be prompted for the old |
181 | and new passphrases): |
182 | |
183 | \c puttygen -P mykey.ppk |
184 | |
185 | To change the comment on a key: |
186 | |
187 | \c puttygen -C "new comment" mykey.ppk |
188 | |
189 | To convert a key into OpenSSH's private key format: |
190 | |
191 | \c puttygen mykey.ppk -O private-openssh -o my-openssh-key |
192 | |
193 | To convert a key \e{from} another format (\c{puttygen} will |
194 | automatically detect the input key type): |
195 | |
196 | \c puttygen my-ssh.com-key -o mykey.ppk |
197 | |
198 | To display the fingerprint of a key (some key types require a |
199 | passphrase to extract even this much information): |
200 | |
201 | \c puttygen -l mykey.ppk |
202 | |
203 | To add the OpenSSH-format public half of a key to your authorised |
204 | keys file: |
205 | |
206 | \c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys |
207 | |
208 | \S{puttygen-manpage-bugs} BUGS |
209 | |
210 | There's currently no way to supply passphrases in batch mode, or |
211 | even just to specify that you don't want a passphrase at all. |