What is the difference between an OpenSSH key and PuTTY key?

  • I've found that ssh-keygen ("ssh" package) produces different keys from puttygen ("putty" package).

    If I create public and private keys with ssh-keygen some SSH servers will not accept my keys. If I create keys with puttygen only one server does accept it.

    Why don't Linux repositories propose some common solution (package) for it?

    I've found another package ssh-3.2.9.1 which creates keys that work with PuTTY. But why isn't there any handy solution in SSH?

    For starters PuTTYGen offers explicitly to **convert** keys. So the native formats which OpenSSH and PuTTY use to *store* keys are different. However, the supported algorithms are compatible. A guess I'd have is that you entered some funky value in the field that allows you to give the number of bits (e.g. DSA seems to *require* 1024 bit) for the generated key in PuTTYGen or alternatively that you picked something like RSA-1 which most servers will have disabled these days. Unfortunately the question doesn't really state what you tried and expected.

  • OpenSSH is the de facto standard implementation of the SSH protocol. If PuTTY and OpenSSH differ, PuTTY is the one that's incompatible.

    If you generate a key with OpenSSH using ssh-keygen with the default options, it will work with virtually every server out there. A server that doesn't accept such a key would be antique, using a different implementation of SSH, or configured in a weird restrictive way. Keys of a non-default type may not be supported on some servers. In particular, ECDSA keys make session establishment very slightly faster, but they are only supported by recent versions of OpenSSH.

    PuTTY uses a different key file format. It comes with tools to convert between its own .ppk format and the format of OpenSSH.

    This ssh-3.2.9.1 you found is a commercial product which has its own different private key format. There isn't any reason to use it instead of OpenSSH. It can only be less compatible, it requires paying, and there's about zero tutorials on how to use it out there.

    Something being widespread or dominant does *not* mean it is good.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM