I've been accessing my AWS EC2 instance from Ubuntu for years with no issues. I'd like to also connect to it from a Windows machine. The procedure seems straight forward... copy my *.pem
file to the Windows machine and convert to *.ppk
using PuTTYgen.
The Amazon instructions provide the following...
But when I open PuTTYgen, I get...
No option is available for SSH-2 RSA.
What am I missing here? How do I create a .ppk
in SSH-2 RSA format, when there isn't a given option?
It explicitly mentions that all key types (with obvious exception of the "SSH-1 (RSA)") are for SSH-2. The current version of the SSH protocol, SSH-2, supports several different key types, although specific servers may not support all of them. PuTTYgen can generate: An RSA key for use with the SSH-2 protocol.
The public key begins with ssh-rsa followed by a string of characters. Highlight entire public key within the PuTTY Key Generator and copy the text. Launch PuTTY and log into the remote server with your existing user credentials. Paste the public key into the authorized_keys file.
To run PuTTYgen, Go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen. You will see a window for the PuTTY Key Generator on your screen. Voila! Now you can generate public or private key pair using PuTTYgen.
TLDR: Just skip the step 2:
Under Type of key to generate, choose RSA.
If you're using an older version of PuTTYgen, choose SSH-2 RSA.
The AWS documentation is wrong here. To convert an existing private key file (pem to ppk) in PuTTYgen, you do not need to select key type. PuTTYgen will automatically detect key type from the private key file. You will see key type of the loaded key in the two top boxes.
Also note that while currently AWS always generates RSA keys, if they ever change that, just do not worry and keep the key as it was generated, no matter what type it will be.
The selection, that the documentation incorrectly refers to, is for "generating" new keys only (as its label clearly says). It has no effect at all for converting existing keys.
Anyway, to answer the question: That's the first "RSA" option:
The SSH-2 is de-facto standard these days. So in the recent versions of PuTTYgen, they opted not to mention the version explicitly (to save a space for the new ECDSA and ED25519 key types).
The screenshot in AWS documentation is from an older version of PuTTYgen that did not support the ECDSA and ED25519 key types.
Check the PuTTYgen documentation. It explicitly mentions that all key types (with obvious exception of the "SSH-1 (RSA)") are for SSH-2.
The current version of the SSH protocol, SSH-2, supports several different key types, although specific servers may not support all of them. PuTTYgen can generate:
- An RSA key for use with the SSH-2 protocol.
- A DSA key for use with the SSH-2 protocol.
- An ECDSA (elliptic curve DSA) key for use with the SSH-2 protocol.
- An EdDSA key (Edwards-curve DSA, another elliptic curve algorithm) for use with the SSH-2 protocol.
PuTTYgen can also generate an RSA key suitable for use with the old SSH-1 protocol (which only supports RSA); for this, you need to select the ‘SSH-1 (RSA)’ option. Since the SSH-1 protocol is no longer considered secure, it's rare to need this option.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With