How to Set Up SSH Keys with PuTTY

In this tutorial we are going to setup encrypted keys for authentication through SSH. There are many benefits to this type of setup which include:

  • No longer needing to enter a password (unless you encrypt your keys with password protection *recommended*)
  • Once public/private key pair authentication is configured, you can disable password authentication completely and only allow access via the key. Stops brute force attacks in its tracks.

We first need to create a public/private key pair on the client that we will use to connect to the server.

Download and install the full PuTTY windows install from : http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Once installed lets start PuTTYgen.

You should be present with a window that looks like:

putty_step1_keygen

From here lets first increate the number of bits our generated keys will be to 2048.

putty_step2_keygen

Now lets click on Generate. Once you click on generate you will need to move your mouse around in the blank space.

putty_step3_keygen

Give your Key a comment and as recommended add your ssh key a password also.

Now you will want to save both the public key and private key. Click each button and save the files in a safe location on your workstation.

Now copy the Public key for pasting into OpenSSH authorized_keys file that you see in PuTTYgen.

putty_step4_keygen

You will need to put that public key onto the server we are trying to access via ssh keys only. To do this you can follow How to add your SSH public key to CentOS.

Now that we have generated key files its time to show how to use them. We will begin by opening up PuTTY. Once the PuTTY connection window is open we will need to set the connection to use our key.

Option 1:
To do this go to the option Connection > SSH > Auth

putty_step5_keygen

You will see Private key file for authentication. Browse for your private key file that you saved and select it.

putty_step6_keygen

Now connect to your server. When you connect you should be presented with a request for your phassphrase for the key not your servers root password.

login as: root
Authenticating with public key "solarvps_key"
Passphrase for key "solarvps_key":
Last login: Sat Mar  2 11:56:08 2013 from 68.36.5.175
root@server [~]#

You have now connected to your server securely using your SSH key + Passphrase.

Option 2:
PuTTY also comes with Pageant which will allow you to not have to put in your Passphrase with every connection but allow you to still require it to activate the key on your workstation.

To do this open up Pageant (was provided by PuTTY installer).

You will find the icon down in the systemtray. Right click on the icon and select Add Key.

You will then browse to where you saved your private key and select it and click open.

If you entered a password when saving the files, you will be prompted to enter in the passphrase for the key. Do this and press OK.

Now right click on the Pageant icon again in the systemtray and click view keys. You should see your private key now listed there.

At this point you should be able to open up PuTTY and connect to your server that you installed the public key to without being prompted by a password.

login as: root
Authenticating with public key "solarvps_key" from agent
Last login: Sat Mar  2 11:35:45 2013 from
root@server [~]#

Remember to remove the key from Pageant when you are done using the key as to not allow others who may have access to your workstation to easily access the servers that you have the public key installed on.

Wayne Egerer

Leave a Reply