PIsP (formerly PuTTYGen): Step-by-Step SSH Key Creation and Usage

What PIsP is

PIsP (formerly PuTTYGen) is a lightweight key-generation utility for creating SSH key pairs (public/private) used to authenticate to SSH servers. It supports RSA, ECDSA, Ed25519 and other key types, and can export keys in formats compatible with OpenSSH and PuTTY clients.

Before you start

• Assumption: you’re on a desktop OS (Windows, macOS, or Linux) and have PIsP installed.
• Goal: generate an SSH key pair, save the private key securely, and deploy the public key to a remote server for passwordless SSH login.

Step-by-step: generate a new key pair

1. Open PIsP.
2. Choose key type and size.
   • RSA: 3072 or 4096 bits (compatible widely).
   • Ed25519: recommended for strong security and small keys (default if available).
   • ECDSA: choose if you need compatibility with systems requiring ECDSA.
3. Set key options.
   • Comment: enter an identifier like [email protected] or machine name.
   • Passphrase: set a strong passphrase for the private key (recommended). Leave blank only if automated, but be aware of security risk.
4. Generate the key.
   • Click Generate and follow any entropy prompts (move mouse, type).
5. Review the generated key.
   • Verify key type, fingerprint, and comment shown by PIsP.
6. Save private key.
   • Click Save private key. Choose a secure filename and location (e.g., ~/.ssh/id_pisp or C:\Users\You.ssh\id_pisp.ppk).
   • If PIsP uses a proprietary format (like PuTTY PPK), consider also exporting to OpenSSH format if needed (next step).
7. Export public key (OpenSSH format).
   • Copy the public key text from the PIsP window or click Save public key. For OpenSSH servers, ensure the public key string starts with ssh-ed25519 or ssh-rsa, etc.
8. Optional: Export to other formats.
   • Use PIsP’s export options to save in OpenSSH, PEM, or PuTTY PPK formats as required by your tools.

Step-by-step: install the public key on a remote server

1. Log into the remote server with password or another method.
2. Create .ssh directory (if missing):
   • mkdir -p ~/.ssh
   • chmod 700 ~/.ssh
3. Add public key to authorized_keys:
   • Append the public key line to ~/.ssh/authorized_keys (use echo ‘ssh-…’ >> ~/.ssh/authorized_keys or open an editor).
   • chmod 600 ~/.ssh/authorized_keys
4. Test SSH login using PIsP-compatible client (or OpenSSH).
   • With PuTTY or PIsP-compatible client, load the private key (PPK) in the client and connect.
   • With OpenSSH: if you exported an OpenSSH private key, place it at ~/.ssh/id_pisp and run ssh -i ~/.ssh/id_pisp user@host.

Common tasks and tips

• Convert between formats: Use PIsP export/import or tools like puttygen (CLI) to convert between PPK and OpenSSH PEM formats.
• Key passphrase: Use a passphrase and an SSH agent (Pageant on Windows or ssh-agent on UNIX) for usability + security.
• Key rotation: Regularly generate new keys and remove old public keys from remote authorized_keys.
• Permissions: Strict filesystem permissions on private keys are required (chmod 600).
• Fingerprint verification: When adding a public key to a server, note its fingerprint and verify it later to detect tampering.

Troubleshooting

• Permission denied (publickey): Ensure the server’s ~/.ssh and authorizedkeys permissions are correct and the public key is present and well-formed.
• Key not accepted: Confirm key format (OpenSSH vs PPK) and that the server’s SSHD accepts the chosen key type.
• Passphrase prompts repeatedly: Use an SSH agent to cache decrypted keys.

Code
 ffON2NH02oMAcqyoh2UU MQCbz04ET5EljRmK3YpQ CPXAhl7VTkj2dHDyAYAf” data-copycode=“true” role=“button” aria-label=“Copy Code”>Copy CodeCopied
# create .ssh dir and set permissions mkdir -p ~/.ssh && chmod 700 ~/.ssh# append public key (replace keyfile.pub with your exported public key file) cat keyfile.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys

 
test ssh with explicit key
 
ssh -i ~/.ssh/id_pisp user@host