\S{puttygen-manpage-options} OPTIONS
In the first phase, \c{puttygen} either loads or generates a key.
-The options to control this are:
+Note that generating a key requires random data (from
+\c{/dev/random}), which can cause \c{puttygen} to pause, possibly for
+some time if your system does not have much randomness available.
+
+The options to control this phase are:
\dt \e{keyfile}
\dt \cw{\-t} \e{keytype}
\dd Specify a type of key to generate. The acceptable values here are
-\c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to
-generate SSH-1 keys).
+\c{rsa}, \c{dsa}, \c{ecdsa}, and \c{ed25519} (to generate SSH-2 keys),
+and \c{rsa1} (to generate SSH-1 keys).
\dt \cw{\-b} \e{bits}
-\dd Specify the size of the key to generate, in bits. Default is 1024.
+\dd Specify the size of the key to generate, in bits. Default is 2048.
\dt \cw{\-q}
\dd Suppress the progress display when generating a new key.
+\dt \cw{\-\-old\-passphrase} \e{file}
+
+\dd Specify a file name; the first line will be read from this file
+(removing any trailing newline) and used as the old passphrase.
+\s{CAUTION:} If the passphrase is important, the file should be stored
+on a temporary filesystem or else securely erased after use.
+
In the second phase, \c{puttygen} optionally alters properties of
the key it has loaded or generated. The options to control this are:
\dd Save the public key only. For SSH-1 keys, the standard public key
format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the
-public key will be output in the format specified in the IETF
-drafts, which is a multi-line text file beginning with the line
+public key will be output in the format specified by RFC 4716,
+which is a multi-line text file beginning with the line
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
\dt \cw{public-openssh}
\dt \cw{private-openssh}
-\dd Save an SSH-2 private key in OpenSSH's format. This option is not
+\dd Save an SSH-2 private key in OpenSSH's format, using the oldest
+format available to maximise backward compatibility. This option is not
permitted for SSH-1 keys.
+\dt \cw{private-openssh-new}
+
+\dd As \c{private-openssh}, except that it forces the use of OpenSSH's
+newer format even for RSA, DSA, and ECDSA keys.
+
\dt \cw{private-sshcom}
\dd Save an SSH-2 private key in ssh.com's format. This option is not
\dd Synonym for \q{\cw{-O public}}.
+\dt \cw{\-\-new\-passphrase} \e{file}
+
+\dd Specify a file name; the first line will be read from this file
+(removing any trailing newline) and used as the new passphrase. If the
+file is empty then the saved key will be unencrypted. \s{CAUTION:} If
+the passphrase is important, the file should be stored on a temporary
+filesystem or else securely erased after use.
+
The following options do not run PuTTYgen as normal, but print
informational messages and then quit:
\c puttygen -t rsa -C "my home key" -o mykey.ppk
-To generate a larger (2048-bit) key:
+To generate a larger (4096-bit) key:
-\c puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk
+\c puttygen -t rsa -b 4096 -C "my home key" -o mykey.ppk
To change the passphrase on a key (you will be prompted for the old
and new passphrases):
keys file:
\c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys
-
-\S{puttygen-manpage-bugs} BUGS
-
-There's currently no way to supply passphrases in batch mode, or
-even just to specify that you don't want a passphrase at all.