Using putty to scp from windows to Linux. Use scp privkey.pem source user@host. Browse other questions tagged linux windows ssh putty scp or ask your own. May 08, 2019 PuTTY uses this format as well; so if you have generated an SSH-1 private key using OpenSSH or ssh.com’s client, you can use it with WinSCP, and vice versa. Hence, the export options are not available if you have generated an SSH-1 key.1. You can also use WinSCP /keygen command-line switch to convert the private key from other formats.
PuTTYgen is an key generator tool for creating SSH keys for PuTTY. It is analogous to the ssh-keygen tool used in some other SSH implementations. The basic function is to create public and private key pairs. PuTTY stores keys in its own format in.ppk files. However, the tool can also convert keys to and from other formats.
Previous | Contents | Index | Next
- Chapter 5: Using PSCP to transfer files securely
- 5.2 PSCP Usage
PSCP, the PuTTY Secure Copy client, is a tool for transferring files securely between computers using an SSH connection.
If you have an SSH-2 server, you might prefer PSFTP (see chapter 6) for interactive use. PSFTP does not in general work with SSH-1 servers, however.
5.1 Starting PSCP
PSCP is a command line application. This means that you cannot just double-click on its icon to run it and instead you have to bring up a console window. With Windows 95, 98, and ME, this is called an ‘MS-DOS Prompt’ and with Windows NT, 2000, and XP, it is called a ‘Command Prompt’. It should be available from the Programs section of your Start Menu.
To start PSCP it will need either to be on your
PATH
or in your current directory. To add the directory containing PSCP to your PATH
environment variable, type into the console window: This will only work for the lifetime of that particular console window. To set your
PATH
more permanently on Windows NT, 2000, and XP, use the Environment tab of the System Control Panel. On Windows 95, 98, and ME, you will need to edit your AUTOEXEC.BAT
to include a set
command like the one above. 5.2 PSCP Usage
Once you've got a console window to type into, you can just type
pscp
on its own to bring up a usage message. This tells you the version of PSCP you're using, and gives you a brief summary of how to use PSCP: (PSCP's interface is much like the Unix
scp
command, if you're familiar with that.) 5.2.1 The basics
To receive (a) file(s) from a remote server:
So to copy the file
/etc/hosts
from the server example.com
as user fred
to the file c:tempexample-hosts.txt
, you would type: To send (a) file(s) to a remote server:
So to copy the local file
c:documentsfoo.txt
to the server example.com
as user fred
to the file /tmp/foo
you would type: You can use wildcards to transfer multiple files in either direction, like this:
However, in the second case (using a wildcard for multiple remote files) you may see a warning saying something like ‘warning: remote host tried to write to a file called ‘
terminal.c
’ when we requested a file called ‘*.c
’. If this is a wildcard, consider upgrading to SSH-2 or using the ‘-unsafe
’ option. Renaming of this file has been disallowed’. This is due to a fundamental insecurity in the old-style SCP protocol: the client sends the wildcard string (
*.c
) to the server, and the server sends back a sequence of file names that match the wildcard pattern. However, there is nothing to stop the server sending back a different pattern and writing over one of your other files: if you request *.c
, the server might send back the file name AUTOEXEC.BAT
and install a virus for you. Since the wildcard matching rules are decided by the server, the client cannot reliably verify that the filenames sent back match the pattern. PSCP will attempt to use the newer SFTP protocol (part of SSH-2) where possible, which does not suffer from this security flaw. If you are talking to an SSH-2 server which supports SFTP, you will never see this warning. (You can force use of the SFTP protocol, if available, with
-sftp
- see section 5.2.2.6.) If you really need to use a server-side wildcard with an SSH-1 server, you can use the
-unsafe
command line option with PSCP: This will suppress the warning message and the file transfer will happen. However, you should be aware that by using this option you are giving the server the ability to write to any file in the target directory, so you should only use this option if you trust the server administrator not to be malicious (and not to let the server machine be cracked by malicious people). Alternatively, do any such download in a newly created empty directory. (Even in ‘unsafe’ mode, PSCP will still protect you against the server trying to get out of that directory using pathnames including ‘
..
’.) ![Scp using putty generated key calculator Scp using putty generated key calculator](/uploads/1/2/6/0/126089277/742067088.png)
5.2.1.1 user
The login name on the remote server. If this is omitted, and
host
is a PuTTY saved session, PSCP will use any username specified by that saved session. Otherwise, PSCP will attempt to use the local Windows username. 5.2.1.2 host
The name of the remote server, or the name of an existing PuTTY saved session. In the latter case, the session's settings for hostname, port number, cipher type and username will be used.
![Scp using putty Scp using putty](/uploads/1/2/6/0/126089277/590650194.png)
5.2.1.3 source
One or more source files. Wildcards are allowed. The syntax of wildcards depends on the system to which they apply, so if you are copying from a Windows system to a UNIX system, you should use Windows wildcard syntax (e.g.
*.*
), but if you are copying from a UNIX system to a Windows system, you would use the wildcard syntax allowed by your UNIX shell (e.g. *
). If the source is a remote server and you do not specify a full pathname (in UNIX, a pathname beginning with a
/
(slash) character), what you specify as a source will be interpreted relative to your home directory on the remote server. 5.2.1.4 target
The filename or directory to put the file(s). When copying from a remote server to a local host, you may wish simply to place the file(s) in the current directory. To do this, you should specify a target of
.
. For example: ...would copy
/home/tom/.emacs
on the remote server to the current directory. As with the
source
parameter, if the target is on a remote server and is not a full path name, it is interpreted relative to your home directory on the remote server. 5.2.2 Options
PSCP accepts all the general command line options supported by the PuTTY tools, except the ones which make no sense in a file transfer utility. See section 3.8.3 for a description of these options. (The ones not supported by PSCP are clearly marked.)
PSCP also supports some of its own options. The following sections describe PSCP's specific command-line options.
5.2.2.1 -ls
list remote files
If the
-ls
option is given, no files are transferred; instead, remote files are listed. Only a hostname specification and optional remote file specification need be given. For example: The SCP protocol does not contain within itself a means of listing files. If SCP is in use, this option therefore assumes that the server responds appropriately to the command
ls -la
; this may not work with all servers. If SFTP is in use, this option should work with all servers.
5.2.2.2 -p
preserve file attributes
By default, files copied with PSCP are timestamped with the date and time they were copied. The
-p
option preserves the original timestamp on copied files. 5.2.2.3 -q
quiet, don't show statistics
By default, PSCP displays a meter displaying the progress of the current transfer:
The fields in this display are (from left to right), filename, size (in kilobytes) of file transferred so far, estimate of how fast the file is being transferred (in kilobytes per second), estimated time that the transfer will be complete, and percentage of the file so far transferred. The
-q
option to PSCP suppresses the printing of these statistics. 5.2.2.4 -r
copies directories recursively
By default, PSCP will only copy files. Any directories you specify to copy will be skipped, as will their contents. The
-r
option tells PSCP to descend into any directories you specify, and to copy them and their contents. This allows you to use PSCP to transfer whole directory structures between machines. 5.2.2.5 -batch
avoid interactive prompts
If you use the
-batch
option, PSCP will never give an interactive prompt while establishing the connection. If the server's host key is invalid, for example (see section 2.2), then the connection will simply be abandoned instead of asking you what to do next. This may help PSCP's behaviour when it is used in automated scripts: using
-batch
, if something goes wrong at connection time, the batch job will fail rather than hang. 5.2.2.6 -sftp
, -scp
force use of particular protocol
As mentioned in section 5.2.1, there are two different file transfer protocols in use with SSH. Despite its name, PSCP (like many other ostensible
scp
clients) can use either of these protocols. The older SCP protocol does not have a written specification and leaves a lot of detail to the server platform. Wildcards are expanded on the server. The simple design means that any wildcard specification supported by the server platform (such as brace expansion) can be used, but also leads to interoperability issues such as with filename quoting (for instance, where filenames contain spaces), and also the security issue described in section 5.2.1.
The newer SFTP protocol, which is usually associated with SSH-2 servers, is specified in a more platform independent way, and leaves issues such as wildcard syntax up to the client. (PuTTY's SFTP wildcard syntax is described in section 6.2.2.) This makes it more consistent across platforms, more suitable for scripting and automation, and avoids security issues with wildcard matching.
Normally PSCP will attempt to use the SFTP protocol, and only fall back to the SCP protocol if SFTP is not available on the server.
The
-scp
option forces PSCP to use the SCP protocol or quit. The
-sftp
option forces PSCP to use the SFTP protocol or quit. When this option is specified, PSCP looks harder for an SFTP server, which may allow use of SFTP with SSH-1 depending on server setup. 5.2.3 Return value
PSCP returns an
ERRORLEVEL
of zero (success) only if the files were correctly transferred. You can test for this in a batch file, using code such as this: 5.2.4 Using public key authentication with PSCP
Like PuTTY, PSCP can authenticate using a public key instead of a password. There are three ways you can do this.
Firstly, PSCP can use PuTTY saved sessions in place of hostnames (see section 5.2.1.2). So you would do this:
- Run PuTTY, and create a PuTTY saved session (see section 4.1.2) which specifies your private key file (see section 4.22.8). You will probably also want to specify a username to log in as (see section 4.14.1).
- In PSCP, you can now use the name of the session instead of a hostname: type
pscp sessionname:file localfile
, wheresessionname
is replaced by the name of your saved session.
Secondly, you can supply the name of a private key file on the command line, with the
-i
option. See section 3.8.3.18 for more information. Thirdly, PSCP will attempt to authenticate using Pageant if Pageant is running (see chapter 9). So you would do this:
- Ensure Pageant is running, and has your private key stored in it.
- Specify a user and host name to PSCP as normal. PSCP will automatically detect Pageant and try to use the keys within it.
For more general information on public-key authentication, see chapter 8.
If you want to provide feedback on this manual or on the PuTTY tools themselves, see the Feedback page.
[PuTTY release 0.68]PuTTYgen is a key generator tool for creating pairs of public and private SSH keys. It is one of the components of the open-source networking client PuTTY. Although originally written for Microsoft Windows operating system, it is now officially available for multiple operating systems including macOS, Linux. PuTTYgen.exe is the graphical tool on Windows OS. While on the other side, Linux OS has the only command-line version could be accessible using SSH commands.
- 1 Download PuTTYgen
- 1.1 Download PuTTYgen on Windows
- 1.2 Download PuTTYgen for Mac
- 1.3 Download PuTTYgen for Ubuntu/Linux
- 1.3.3 Types of Keys Supported on PuTTYgen
Puttygen aka Putty Key Generator
The key generation utility – PuTTYgen can create various public-key cryptosystems including Rivest–Shamir–Adleman (RSA), Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), and Edwards-curve Digital Signature Algorithm (EdDSA) keys.
The aforementioned public-key cryptosystems principally focus on secure data transmission and digital signatures.
Although PuTTYgen collects keys in its native file format i.e. .ppk files, the keys can easily be converted to any file format. For Windows, the software interface is PuTTYgen.exe, whereas, for Linux OS the command-line adaptation is available using SSH commands.
How to use PuTTYgen?
PuTTYgen is used to generate public or private key pair for creating SSH keys. Below is the complete guidance about how to generate RSA key in the Windows operating system:
- Once you install the PuTTY on your machine, you can easily run PuTTYgen. For the same, go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen.
- You will see the PuTTY key generator dialog box on your screen
- You will find a “Generate” button in that dialog. Clicking on it will lead to generating the keys for you.
- Now you will need to add a unique key passphrase in the Key passphrase and Confirm passphrase field.
- Click on the “Save Public Key” and “Save Private Key” buttons to save your public and private keys.
- You will see the text starting with ssh-RSA in the Public key for pasting into OpenSSH authorized_keys file field which is located at the top of the window. Copy that entire text to your clipboard by pressing ctrl+c as you will require the key to paste on your clipboard in the public key tool of control panel or directly on the cloud server.
Various Ways to Use RSA Key Pair
RSA key pair generated through PuTTYgen is used in two various ways defined as below:
- To assign while creating a new cloud server
You can choose the public key from the given list of keys at the time of creating a cloud server. If you don’t find your key in that list, then first add and then assign it. - Assign to an existing cloud server
At the time of connecting to the cloud server, first of all, you need to tell PuTTY to use it for utilizing your newly created RSA key pair.
PuTTYgen being a component of the terminal emulator PuTTY does not have to be downloaded separately, hence, comes with the PuTTY .msi installation package. You can follow the simple steps to download PuTTYgen software for your system. That is the reason why you don’t need to download PuTTYgen separately. Once you download PuTTY software, you will be able to install and run PuTTYgen easily in no time. Below is the complete instruction about how to download and install PuTTY on Windows.
Apart from that, it is also integrated into third-party programs such as WinSCP installation package. Below you can find a complete PuTTYgen download and installation guide for all operating systems.
Download PuTTYgen on Windows
To download PuTTYgen the primary requisite is to acquire the copy of PuTTY installation package. For the 64-bit operating system, one must install the 64-bit version of PuTTY, i.e. putty-64bit-<version>-installer.msi.Similarly, for the 32-bit operating system, the respective 32-bit version of PuTTY, i.e. putty-<version>-installer.msi needs to be installed.
To get PuTTY, go to PuTTY Installation Download page, whereby the complete installation package will be available with setup instructions, installation guide, and download links to all other components of PuTTY such as putty.exe, pscp.exe, psftp.exe, puttytel.exe, plink.exe, pageant.exe and putty.zip.
Following the successful download of the PuTTY installation package. It is time to install the program. Go to How to install PuTTY on Windows, whereby you will find the step by step guidance for PuTTY installation for Windows operating system.
After successfully downloading and installing PuTTY on your Windows machine, you are just 2-3 clicks away to run PuTTYgen. Follow the below-given step by step guidance to run PuTTYgen:
Run PuTTYgen on Windows
To run PuTTYgen, Go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen. You will see a window for the PuTTY Key Generator on your screen.
Voila! Now you can generate public or private key pair using PuTTYgen.
Download PuTTYgen for Mac
Below is the detailed guide to download PuTTYgen on Mac operating system. Mac OS has a built-in command-line SSH client known as Terminal. To utilize it, go to Finder and then opt for Go -> utilities from the top menu. After that find the terminal which supports SSH connections to remote servers.
However, to run PuTTYgen for mac, the first one must have to install PuTTY. There are multiple ways to install PuTTY, which are Homebrew or MacPorts. Both alternatives will also install the command-line of adaptations of PuTTYgen.
Ported PuTTY for Mac
Mac has the port of PuTTY which can be installed in various ways described as below:
- Installation using Homebrew:
First, install the ‘brew command line’ Once installed use the below-given command to install PuTTY:-sudo brew install putty
- Installation using MacPorts:
First of all, one must install MacPorts and then use the command-line to install PuTTY. Here is the command to install PuTTY via MacPortssudo port install putty
Additionally, a user can also add a shortcut to the desktop by writing the following command line–cp /opt/local/bin/putty ~/Desktop/PuTTY
However, there is an alternative way to install PuTTY on Mac OS. Cyberduck is a widely used Mac OS SSH Client. Once PuTTY installed on the Mac OS, a user can convert PuTTY derived private key format to OpenSSH.
To convert the private key to standard PEM format, type the following command –
puttygen privatekey.ppk -O private-openssh -o privatekey.pem
You can also read the guide to convert .pem file to .ppk using puttygen.
Download PuTTYgen for Ubuntu/Linux
To download PuTTYgen for Ubuntu (Linux) operating system, a user to first install PuTTY. However, in some Linux distributions, the SSH key generation tool – PuTTYgen needs to be installed independently from the PuTTY client.
For example, Debian Linux requires the below-given code to install PuTTYgen:
sudo apt install putty-tools
Generate Key Pair for Authentication in Linux
To create the key pair for authentication in Linux use the below command:-
Putty Scp Download
puttygen -t rsa -b 2048 -C 'user@host' -o keyfile.ppk
Various Command Line Options of PuTTY in Linux
Below are few important command line options in the Linux operating system for PuTTY:
PuTTYgen [-t keytype [-b bits] [-q] | keyfile]
[-C new-comment] [-P]
[-O output-type | -p | -l | -L]
[-o output-file]
[-C new-comment] [-P]
[-O output-type | -p | -l | -L]
[-o output-file]
Options:
- Keyfile – It is the name of the existing key file to read at the time of changing the current key.
- –t keytype – The command specifies the type of key to creating. Its acceptable values are RSA and dsa.rsa1.
- -b bits – This command specifies a total number of bit in a particular key. 1024 is the perfect size for DSA key, while 2048 or 4096 are the perfect size for RSA keys.
- –q – The command suppresses the message about progress at the time of key generation.
- -C new-comment – The command will specify the comment to describe the key. It can be used for the new and/or existing key. Key operation is not affected by a comment. However, it is used to recognize the key owner, it’s not reliable completely as any value can be applied to it.
- –P – Using the command will update the passphrase of a key. Passphrase helps to encrypt the private key. As passphrase can’t add or update on a command line, it prompts a new passphrase tool to alter it.
- –old-passphrase-file – The old password of the key remains in this file. The command is used when the key is protected by a passphrase.
- –new-passphrase file – This command prompts the new passphrase of the key. It comes in the action either at the time of generating a new key or while applying –P command to change the passphrase.
- -O output-type – This command defines what to give in output. By default, the private key is the output.
Thus, above are the prominent commands of PuTTYgen in Linux operating system. Besides that, there are many other commands available to perform various tasks from the command prompt in Linux at flank speed.
Types of Keys Supported on PuTTYgen
Scp Using Putty Generated Key C Key
It is important to know the types of key PuTTYgen supports prior to using it. Below are the key types that it currently supports for SSH-2 and SSH-1 protocol:-
Scp Using Putty
- SSH-1 protocol:- For SSH-1 only supports one key i.e. Rivest–Shamir–Adleman (RSA)
- SSH-2 protocol: – SSH-2 supports multiple key types that include – Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA) and Ed25519.
Scp Using Key
The above description is a detailed brief on downloading and running PuTTYgen on all major operating systems. For further details please check the Download PuTTY page.