: :

Add Comment | Related Links | TrackBack
Related Content

PuTTY Key Generator saves public key in different format than authorized_keys file

Spent quite a few hours today setting up ssh key authentication on my client and server. Most of that time has been dealing with "Server refused our key" message upon connection. I had generated several private/public key pairs, SSH-2 (RSA) and SSH-2 (DSA), then saved them disk with the "Save public key" and "Save private key" buttons. Finally, I copied the public key file to "authorized_keys" in the ".ssh" directory on the server.

It turned out that the public key file that PuTTY Key Generator created is in a different format than the public key shown in the "Public key for pasting into OpenSSH authorized_keys file:" text box. The following is an example of what needs to go into the "authorized_keys" file (although I splitted the key up into multiple lines for easy reading, everything is on a single line).


The following is what ended up in the public key file generated by PuTTY Key Generator with the "Save public key" button. See the discrepancy? Note that the key is separated into four separate lines.

Comment: "rsa-key-20060124"

I don't know what is the purpose of generating the public key in this format and which application understands this format. But the easiest way to get the correct public key into the "authorized_keys" file is to copy-and-paste the public key text in the PuTTY Key Generator window.

But there are situations where you have the public key text file, but no PuTTY Key Generator handy. The easiest way is to convert that public key text file into the correct format by hand. Start the string with "ssh-rsa", or "ssh-dss" if the public key is SSH-2 DSA type. Next copy and concatenate the four public key lines into one line and append it after the starting string. Finally, take the string in quotes, behind "Comment:", and append it to the end of the line. That is the public authentication key useable in "authorized_keys" file.

Chieh Cheng
Tue, 24 Jan 2006 17:37:50 -0800

Thanks a ton for this;

I'm a newbie at Unix systems and TLS/SSL, and have had to learn both for firedrills recently:
Been trying to use OpenSSH over PuTTy to find the fingerprint for a certificate - by looking over your article and comparing to my various exported keys, i eventually realized i was exporting the wrong Standard of Key (RFC4716 instead of OpenSSH2) -____- Changed the key out, OpenSSH stoped barfing and grabbed it, got my fingerprint, onwards to glory. Thanks a ton.

Fri, 27 Apr 2012 03:37:09 +0400

Add Comment | Related Links | TrackBack
Related Content

Did your message disappear? Read the Forums FAQ.

Related Links

Add Comment

Spam Control | * indicates required field
Your Name: *
Remember Me!
Comment: *
File attachment is optional. Please do not attach a file to your submission unless it is relevent.
Attach File:
(20 MB Max)
Spam Protection: * Answer of 9 + 7?
Click button only once, please!


TrackBack only accepted from WebSite-X Suite web sites. Do not submit TrackBacks from other sites.

Send Ping | TrackBack URL | Spam Control

No TrackBacks yet. TrackBack can be used to link this thread to your weblog, or link your weblog to this thread. In addition, TrackBack can be used as a form of remote commenting. Rather than posting the comment directly on this thread, you can posts it on your own weblog. Then have your weblog sends a TrackBack ping to the TrackBack URL, so that your post would show up here.

Messages, files, and images copyright by respective owners.

Articles | Wiki
Forums | Latest | RSS
Library | Links | News
Search | Store | Help

628 Users Online

Hacking Digital Cameras
Fun for Photographers

Amazon Associate

Copyright © 2004 - 2024. All Rights Reserved.