Today I Learned: How to Convert a PPK Key File to OpenSSH Format

A coworker uses Putty to generate an SSH public/private keypair. Putty (wonderful little utility that it is) generates those files in a proprietary format / container file which must be unpacked to be usable by OpenSSH. Here's how to do that "unpacking" on Linux or OSX.

See the quick tutorial on SuperUser, as well as my original commit on my Github TIL repo.

Step One: Install Putty

You need putty, or at least the tools that come with it.

$ brew install putty $
# OR
$ sudo apt install putty

Step Two: Generate OpenSSH Key Files

Generate the private key from the PPK file:

$ puttygen mborn.ppk -O private-openssh -o ~/.ssh/myKey

Generate the public key from the PPK file:

$ puttygen mborn.ppk -O public-openssh -o ~/.ssh/

Step Three: Allow DSS Key Format

For whatever reason, Putty seems to only support generating a key file in DSS format. This causes an error something like this (use the `-v` flag to display verbose errors in ssh):

Skipping ssh-dss key /Users/me/.ssh/myKey - not in PubkeyAcceptedKeyTypes

This is because the ssh-dss key format was disabled in OpenSSH 7.0. To re-enable `ssh-dss`, add the following to your `~/.ssh/config` file OR your global `/etc/ssh/ssh_config` file. (Thanks to gryphonitsolutions for the tip.)


(ps. I would love pointers on how to convert a PPK to RSA instead of DSS! This would save us from any issues with this step.)

Step Four: Reload SSH Service

You may need to restart the SSH service if you made config updates in `/etc/ssh/ssh_config` instead of your local config file:

$ sudo launchctl stop com.openssh.sshd
$ sudo launchctl start com.openssh.sshd

Jul 02, 2022