Manipulating ssh keys files in Linux and Windows Environments

Sometimes it becomes necessary to perform maintenance operations on ssh keys in your aspera environment. You may have to remove an passphrase from a key or convert a key generated by the putty utility over to a key file that can be used by openSSh.  This article will go over the procedures to:
  • Remove a passphrase from a private key (both openSSH and Putty generated keys)
  • Convert between keys generated by the PuTTY utility  and those generated by openSSH

removing passphrases from openSSH keys

For any private key that has been generated using openssh you must know the passphrase in order to remove it:

  1. First, navigate the directory containing the private/public key pair, for a particular user this is generally found in $HOME/.ssh
  2. Backup the existing keys:

    mkdir key_backup
    cp id_rsa* key_backup

  3. Perform the following command:

    openssl rsa -in id_rsa -out id_rsa_new

  4. Now id_rsa_new will contain the private key with the passphrase removed, at this point you can

    rm id_rsa
    mv id_rsa_new id_rsa

  5. Make sure the permissions are set correctly:

    chmod 400 id_rsa

Removing the passphrase from a putty private key:

On a Windows Host:

Use the puttygen program on a Windows host to remove the passphrase from a .ppk private key. Puttygen is a key management utility that is bundled with the PuTTY SSh client. You can download it here

Install and launch the utility, click on load and browse to the location of your private key file.



Enter the original passphrase,

Remove the entries in the Key Passphrase and Confirm Passphrase fields.

Click on the Save private key button and save the the updated key to a NEW file.
Backup the old key and replace it with the new one just created.

On a Linux Host:

Recent distros of Linux will have packages available that allow you to run a console version of puttygen for linux. If not, you can download the unix sources from

And compile them yourself. Run the puttygen tool as follows:

puttygen test.ppk -o test1.ppk -P

It will prompt you for the the original passphrase, followed by a prompt for the new passphrase, hit return twice, the output .ppk file will not contain a passphrase.


Converting between PuTTY keys and openSSH keys

On a linux system, use puttygen to convert a putty generated key to an openssh key. To conver private keys, use the command:

puttygen puttykeyfile.ppk -O private-openssh -o openssh_private_keyfile_rsa

Where puttykeyfile.ppk should be replaced by the name of your putty generated public key file and openssh_private_keyfile_rsa should be replaced by the name of the openssh private key that you are trying to generate.  To generate an openssh public key from either a Putty private key or a PuTTY public key, a similar command can be used:

puttygen puttykeyfile.ppk -O public-openssh -o

Be sure to backup any key file that you are going to manipulate before performing any of these operations.

Powered by Zendesk