Free tool · Runs in your browser

PPK to OpenSSH Key Converter

Convert a PuTTY .ppk private key to the OpenSSH format (Ed25519 and RSA) so you can use it with ssh, scp, and servers. Runs entirely in your browser - your key is never uploaded - with the exact PuTTYgen command shown for offline use.

Conversion runs entirely in your browser - your key is never uploaded. For production keys, converting locally with PuTTYgen is the gold standard.

PuTTY private key (.ppk)

Prefer to convert offline with PuTTYgen?

puttygen command
# Private key:
puttygen key.ppk -O private-openssh -o id_ed25519
# Public key:
puttygen key.ppk -O public-openssh -o id_ed25519.pub

Why .ppk and OpenSSH differ

PuTTY on Windows stores keys in its own .ppk (PuTTY Private Key) format, which bundles the public key, private key, a comment, and an integrity check (MAC) in one text file. The rest of the SSH world - ssh, scp, servers, CI systems - uses the OpenSSH format. So when you move between PuTTY and everything else, you have to convert.

This tool converts a .ppk to OpenSSH - the direction you need to use a PuTTY key with ssh. Going the other way? Convert OpenSSH to PPK instead. The key material is identical between the formats; only the packaging differs.

Converting with PuTTYgen (offline)

The official, fully offline route is PuTTYgen. In the GUI: Load your key, then Conversions → Export OpenSSH key (or save as .ppk for the reverse). On the command line:

  • puttygen key.ppk -O private-openssh -o id_ed25519 - .ppk to OpenSSH
  • puttygen id_ed25519 -o key.ppk - OpenSSH to .ppk

This tool generates these exact commands for you, so you can convert on your own machine if you prefer.

Save the key and set permissions

After converting to OpenSSH, save the private key into ~/.ssh/ and lock it down: chmod 600 ~/.ssh/id_ed25519 and chmod 700 ~/.ssh. SSH refuses to use a private key that other users can read. Our chmod calculator explains the numbers, and the SSH config generator helps you wire the key to a host.

Passphrase-protected keys

A key encrypted with a passphrase must be decrypted before it can be converted in the browser. Remove the passphrase first - ssh-keygen -p -f id_ed25519 for OpenSSH keys, or PuTTYgen for .ppk - or just use the offline puttygen command, which prompts for the passphrase locally. This tool never asks for your passphrase.

Is it safe to convert a key online?

This converter runs 100% client-sidewith no network calls - you can confirm that with your browser's network tab open while converting. Still, a private key is sensitive: for production or long-lived keys, prefer the offline PuTTYgen command. This tool is ideal for test keys and quick migrations.

Key formats at a glance

FormatUsed byTypical file
.ppkPuTTY, Pageant, PuTTYgen (Windows)mykey.ppk
OpenSSHssh, ssh-keygen, scp, sftpid_ed25519 / id_rsa
PEMOpenSSL, older OpenSSH, some cloudsid_rsa (BEGIN RSA PRIVATE KEY)
PPK & OpenSSH FAQ

Frequently asked questions

Paste or upload the .ppk on this page with the direction set to ".ppk to OpenSSH" and copy the OpenSSH private and public keys. Offline, run puttygen key.ppk -O private-openssh -o id_ed25519. Note that modern OpenSSH format is what ssh expects; classic PEM is only needed for older tools.
No - the OpenSSH ssh client does not read .ppk files. Convert the .ppk to an OpenSSH private key first (with this tool or puttygen), save it in ~/.ssh, chmod 600 it, and then ssh -i can use it.
Set the direction to "OpenSSH to .ppk", paste your OpenSSH private key, and download the generated key.ppk. Offline, run puttygen id_ed25519 -o key.ppk. The .ppk can then be loaded by PuTTY or Pageant.
This tool does the conversion entirely in your browser and never uploads your key - you can verify there are no network requests. For production keys, the safest option is still to convert offline with PuTTYgen; the tool shows you that exact command.
Encrypted keys must be decrypted first. Remove the passphrase with PuTTYgen (or ssh-keygen -p for OpenSSH keys), then convert, or use the offline puttygen command which prompts for the passphrase locally. The tool detects encrypted keys and points you to the command.
They store the same key material in different containers. .ppk is PuTTY-specific and includes a built-in integrity MAC; OpenSSH format (id_ed25519, id_rsa) is the standard used by ssh and almost everything else. Converting just repackages the key - it does not change or weaken it.
Leaving PuTTY behind?

A modern SSH client, no key juggling.

CtrlOps uses standard OpenSSH keys and manages them for you - generate, store, and assign keys per server, encrypted on your own machine. Migrating off PuTTY? This is where your converted keys feel at home.

Start instantly· No credit card· No sneaky autorenewals