e3e5784e |
1 | \cfg{man-identity}{puttygen}{1}{2004-03-24}{PuTTY tool suite}{PuTTY tool suite} |
2 | |
3 | \H{puttygen-manpage} Man page for PuTTYgen |
4 | |
5 | \S{puttygen-manpage-name} NAME |
6 | |
7 | \cw{puttygen} - public-key generator for the PuTTY tools |
8 | |
9 | \S{puttygen-manpage-synopsis} SYNOPSIS |
10 | |
11 | \c puttygen ( keyfile | -t keytype [ -b bits ] ) |
12 | \e bbbbbbbb iiiiiii bb iiiiiii bb iiii |
13 | \c [ -C new-comment ] [ -P ] |
14 | \e bb iiiiiiiiiii bb |
15 | \c [ -O output-type | -l | -L | -p ] |
16 | \e bb iiiiiiiiiii bb bb bb |
17 | \c [ -o output-file ] |
18 | \e bb iiiiiiiiiii |
19 | |
20 | \S{puttygen-manpage-description} DESCRIPTION |
21 | |
22 | \c{puttygen} is a tool to generate and manipulate SSH public and |
23 | private key pairs. It is part of the PuTTY suite, although it can |
24 | also interoperate with the private key formats used by some other |
25 | SSH clients. |
26 | |
27 | When you run \c{puttygen}, it does three things. Firstly, it either |
28 | loads an existing key file (if you specified \e{keyfile}), or |
29 | generates a new key (if you specified \e{keytype}). Then, it |
30 | optionally makes modifications to the key (changing the comment |
31 | and/or the passphrase); finally, it outputs the key, or some |
32 | information about the key, to a file. |
33 | |
34 | All three of these phases are controlled by the options described in |
35 | the following section. |
36 | |
37 | \S{puttygen-manpage-options} OPTIONS |
38 | |
39 | In the first phase, \c{puttygen} either loads or generates a key. |
40 | The options to control this are: |
41 | |
42 | \dt \e{keyfile} |
43 | |
44 | \dd Specify a private key file to be loaded. This private key file can |
45 | be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2 |
46 | key format, or in either of the SSH2 private key formats used by |
47 | OpenSSH and ssh.com's implementation. |
48 | |
49 | \dt \cw{\-t} \e{keytype} |
50 | |
51 | \dd Specify a type of key to generate. The acceptable values here are |
52 | \c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to |
53 | generate SSH1 keys). |
54 | |
55 | \dt \cw{\-b} \e{bits} |
56 | |
57 | \dd Specify the size of the key to generate, in bits. Default is 1024. |
58 | |
59 | In the second phase, \c{puttygen} optionally alters properties of |
60 | the key it has loaded or generated. The options to control this are: |
61 | |
62 | \dt \cw{\-C} \e{new\-comment} |
63 | |
64 | \dd Specify a comment string to describe the key. This comment string |
65 | will be used by PuTTY to identify the key to you (when asking you to |
66 | enter the passphrase, for example, so that you know which passphrase |
67 | to type). |
68 | |
69 | \dt \cw{\-P} |
70 | |
71 | \dd Indicate that you want to change the key's passphrase. This is |
72 | automatic when you are generating a new key, but not when you are |
73 | modifying an existing key. |
74 | |
75 | In the third phase, \c{puttygen} saves the key or information |
76 | about it. The options to control this are: |
77 | |
78 | \dt \cw{\-O} \e{output\-type} |
79 | |
80 | \dd Specify the type of output you want \c{puttygen} to produce. |
81 | Acceptable options are: |
82 | |
83 | \lcont{ |
84 | |
85 | \dt \cw{private} |
86 | |
87 | \dd Save the private key in a format usable by PuTTY. This will either |
88 | be the standard SSH1 key format, or PuTTY's own SSH2 key format. |
89 | |
90 | \dt \cw{public} |
91 | |
92 | \dd Save the public key only. For SSH1 keys, the standard public key |
93 | format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the |
94 | public key will be output in the format specified in the IETF |
95 | drafts, which is a multi-line text file beginning with the line |
96 | \q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}. |
97 | |
98 | \dt \cw{public-openssh} |
99 | |
100 | \dd Save the public key only, in a format usable by OpenSSH. For SSH1 |
101 | keys, this output format behaves identically to \c{public}. For |
102 | SSH2 keys, the public key will be output in the OpenSSH format, |
103 | which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}). |
104 | |
105 | \dt \cw{fingerprint} |
106 | |
107 | \dd Print the fingerprint of the public key. All fingerprinting |
108 | algorithms are believed compatible with OpenSSH. |
109 | |
110 | \dt \cw{private-openssh} |
111 | |
112 | \dd Save an SSH2 private key in OpenSSH's format. This option is not |
113 | permitted for SSH1 keys. |
114 | |
115 | \dt \cw{private-sshcom} |
116 | |
117 | \dd Save an SSH2 private key in ssh.com's format. This option is not |
118 | permitted for SSH1 keys. |
119 | |
120 | If no output type is specified, the default is \c{private}. |
121 | |
122 | } |
123 | |
124 | \dt \cw{\-o} \e{output\-file} |
125 | |
126 | \dd Specify the file where \c{puttygen} should write its output. If |
127 | this option is not specified, \c{puttygen} will assume you want to |
128 | overwrite the original file if the input and output file types are |
129 | the same (changing a comment or passphrase), and will assume you |
130 | want to output to stdout if you are asking for a public key or |
131 | fingerprint. Otherwise, the \c{\-o} option is required. |
132 | |
133 | \dt \cw{\-l} |
134 | |
135 | \dd Synonym for \q{\cw{-O fingerprint}}. |
136 | |
137 | \dt \cw{\-L} |
138 | |
139 | \dd Synonym for \q{\cw{-O public-openssh}}. |
140 | |
141 | \dt \cw{\-p} |
142 | |
143 | \dd Synonym for \q{\cw{-O public}}. |
144 | |
145 | \S{puttygen-manpage-examples} EXAMPLES |
146 | |
147 | To generate an SSH2 RSA key pair and save it in PuTTY's own format |
148 | (you will be prompted for the passphrase): |
149 | |
150 | \c puttygen -t rsa -C "my home key" -o mykey.ppk |
151 | |
152 | To generate a larger (2048-bit) key: |
153 | |
154 | \c puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk |
155 | |
156 | To change the passphrase on a key (you will be prompted for the old |
157 | and new passphrases): |
158 | |
159 | \c puttygen -P mykey.ppk |
160 | |
161 | To change the comment on a key: |
162 | |
163 | \c puttygen -C "new comment" mykey.ppk |
164 | |
165 | To convert a key into OpenSSH's private key format: |
166 | |
167 | \c puttygen mykey.ppk -O private-openssh -o my-openssh-key |
168 | |
169 | To convert a key \e{from} another format (\c{puttygen} will |
170 | automatically detect the input key type): |
171 | |
172 | \c puttygen my-ssh.com-key -o mykey.ppk |
173 | |
174 | To display the fingerprint of a key (some key types require a |
175 | passphrase to extract even this much information): |
176 | |
177 | \c puttygen -l mykey.ppk |
178 | |
179 | To add the OpenSSH-format public half of a key to your authorised |
180 | keys file: |
181 | |
182 | \c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys |
183 | |
184 | \S{puttygen-manpage-bugs} BUGS |
185 | |
186 | There's currently no way to supply passphrases in batch mode, or |
187 | even just to specify that you don't want a passphrase at all. |