When working with Azure Cloud Services' Ubuntu VMs, many developers generate keys using OpenSSL commands like:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout myPrivateKey.key -out myCert.pemThis creates an X.509 certificate and private key pair, but the resulting .key file isn't in the format expected by PuTTY-based tools.
The error message unrecognised key type occurs because:
- OpenSSL generates keys in PEM format by default
- PuTTYgen expects either OpenSSH format or its native PPK format
- The X.509 certificate wrapper complicates direct conversion
Method 1: Using OpenSSH Conversion
# First extract the RSA private key
openssl rsa -in myPrivateKey.key -out openssh_format.key
# Then convert to PPK
puttygen openssh_format.key -o myKey.ppkMethod 2: Direct PEM to PPK Conversion
puttygen myPrivateKey.key -O private -o myKey.ppkFor Windows users who need FileZilla compatibility:
- Install the latest PuTTYgen (0.76+ recommended)
- Use the conversion command:
puttygen myPrivateKey.key -t rsa -C "azure-vm-key" -o converted.ppk
For new deployments, generate PuTTY-compatible keys from the start:
ssh-keygen -t rsa -b 2048 -f azure_key
puttygen azure_key -o azure_key.ppk- Verify key permissions:
chmod 600 myPrivateKey.key - Check for hidden characters:
cat -v myPrivateKey.key - Ensure you're using absolute paths when specifying key files
After successful conversion to PPK format:
- In FileZilla: Edit > Settings > SFTP
- Click "Add key file" and select your
.ppkfile - Ensure the username matches your Azure VM's admin account
When working with Azure Cloud Services' Ubuntu VMs, many developers encounter a frustrating roadblock: the private keys generated through OpenSSL commands aren't recognized by common SSH clients like FileZilla and PuTTYgen. The specific error message:
puttygen: error loading myPrivateKey.key': unrecognised key type
occurs because OpenSSL's default key format isn't directly compatible with PuTTY's PPK format required by these clients.
The command you're using:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout myPrivateKey.key -out myCert.pem
generates a key in PKCS#8 format (when using newer OpenSSL versions) or traditional PEM format. PuTTYgen expects OpenSSH's proprietary format, creating the compatibility gap.
Here are three proven approaches to convert your keys properly:
Method 1: Using OpenSSH's ssh-keygen
# First convert to PEM format if needed
openssl rsa -in myPrivateKey.key -out myPrivateKey.pem
# Then convert to OpenSSH format
ssh-keygen -p -f myPrivateKey.pem -m pem
# Finally convert to PPK using PuTTYgen
puttygen myPrivateKey.pem -o myKey.ppk
Method 2: Alternative OpenSSL Command
Generate a compatible key from the start:
openssl genrsa -out myPrivateKey.pem 2048
openssl rsa -in myPrivateKey.pem -pubout -out myPublicKey.pem
Method 3: Using Python's cryptography Library
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
with open("myPrivateKey.key", "rb") as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
with open("converted_key.pem", "wb") as out_file:
out_file.write(pem)
For Windows users who don't have access to Linux tools:
- Install the latest PuTTYgen from official site
- In PuTTYgen, go to Conversions > Import Key
- Select your .key file and click "Save private key"
When creating new keys for Azure VMs, consider generating them directly in the required format:
ssh-keygen -t rsa -b 2048 -f azure_key
This creates two files: azure_key (private) and azure_key.pub (public) that are immediately compatible with most clients.