In this tutorial we are going to setup encrypted keys for authentication through SSH. There are many benefits to this type of setup which include:
- No longer needing to enter a password (unless you encrypt your keys with password protection *recommended*)
- Once public/private key pair authentication is configured, you can disable password authentication completely and only allow access via the key. Stops brute force attacks in its tracks.
We first need to create a public/private key pair on the client that we will use to connect to the server.
Download and install the full PuTTY windows install from : http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Once installed lets start PuTTYgen.
You should be present with a window that looks like:
From here lets first increate the number of bits our generated keys will be to 2048.
Now lets click on Generate. Once you click on generate you will need to move your mouse around in the blank space.
Give your Key a comment and as recommended add your ssh key a password also.
Now you will want to save both the public key and private key. Click each button and save the files in a safe location on your workstation.
Now copy the Public key for pasting into OpenSSH authorized_keys file that you see in PuTTYgen.
You will need to put that public key onto the server we are trying to access via ssh keys only. To do this you can follow How to add your SSH public key to CentOS.
Now that we have generated key files its time to show how to use them. We will begin by opening up PuTTY. Once the PuTTY connection window is open we will need to set the connection to use our key.
To do this go to the option Connection > SSH > Auth
You will see Private key file for authentication. Browse for your private key file that you saved and select it.
Now connect to your server. When you connect you should be presented with a request for your phassphrase for the key not your servers root password.
login as: root Authenticating with public key "solarvps_key" Passphrase for key "solarvps_key": Last login: Sat Mar 2 11:56:08 2013 from 22.214.171.124 root@server [~]#
You have now connected to your server securely using your SSH key + Passphrase.
PuTTY also comes with Pageant which will allow you to not have to put in your Passphrase with every connection but allow you to still require it to activate the key on your workstation.
To do this open up Pageant (was provided by PuTTY installer).
You will find the icon down in the systemtray. Right click on the icon and select Add Key.
You will then browse to where you saved your private key and select it and click open.
If you entered a password when saving the files, you will be prompted to enter in the passphrase for the key. Do this and press OK.
Now right click on the Pageant icon again in the systemtray and click view keys. You should see your private key now listed there.
At this point you should be able to open up PuTTY and connect to your server that you installed the public key to without being prompted by a password.
login as: root Authenticating with public key "solarvps_key" from agent Last login: Sat Mar 2 11:35:45 2013 from root@server [~]#
Remember to remove the key from Pageant when you are done using the key as to not allow others who may have access to your workstation to easily access the servers that you have the public key installed on.