- Remove a passphrase from a private key (both openSSH and Putty generated keys)
- Convert between keys generated by the PuTTY utility and those generated by openSSH
removing passphrases from openSSH keys
For any private key that has been generated using openssh you must know the passphrase in order to remove it:
- First, navigate the directory containing the private/public key pair, for a particular user this is generally found in $HOME/.ssh
- Backup the existing keys:
cp id_rsa* key_backup
- Perform the following command:
openssl rsa -in id_rsa -out id_rsa_new
- Now id_rsa_new will contain the private key with the passphrase removed, at this point you can
mv id_rsa_new id_rsa
- Make sure the permissions are set correctly:
chmod 400 id_rsa
Use the puttygen program on a Windows host to remove the passphrase from a .ppk private key. Puttygen is a key management utility that is bundled with the PuTTY SSh client. You can download it here
Install and launch the utility, click on load and browse to the location of your private key file.
Enter the original passphrase,
Remove the entries in the Key Passphrase and Confirm Passphrase fields.
Click on the Save private key button and save the the updated key to a NEW file.
Backup the old key and replace it with the new one just created.
Recent distros of Linux will have packages available that allow you to run a console version of puttygen for linux. If not, you can download the unix sources from
And compile them yourself. Run the puttygen tool as follows:
puttygen test.ppk -o test1.ppk -P
It will prompt you for the the original passphrase, followed by a prompt for the new passphrase, hit return twice, the output .ppk file will not contain a passphrase.
Converting between PuTTY keys and openSSH keys
On a linux system, use puttygen to convert a putty generated key to an openssh key. To conver private keys, use the command:
puttygen puttykeyfile.ppk -O private-openssh -o openssh_private_keyfile_rsa
Where puttykeyfile.ppk should be replaced by the name of your putty generated public key file and openssh_private_keyfile_rsa should be replaced by the name of the openssh private key that you are trying to generate. To generate an openssh public key from either a Putty private key or a PuTTY public key, a similar command can be used:
puttygen puttykeyfile.ppk -O public-openssh -o openssh_public_keyfile_rsa.pub
Be sure to backup any key file that you are going to manipulate before performing any of these operations.