How to create a private and public key pair with PUTTYGEN

Introduction

This guide describes how to generate and use a private/public key pair to log in to a remote system with SSH using PuTTY. Using key-based SSH logins, you can disable the normal username/password login procedure which means that only people with a valid private/public key pair can log in. That way, there is no way for brute-force attacks to be successful, so your system is more secure.

 

Prerequisites

First we need to download PuTTYgen on our Windows system. PUTTYgen only usage is to create the private/public key pair, we then need Putty to connect to the VPS. Both PUTTYgen and Putty can be downloaded from this page here.

Download the exectuable files (.exe) and save them on the desktop. The files are stand alone applications so no installation is needed. Start PUTTYgen by double-clicking on it.

Create the key pair

We will use PuTTYgen to create a private/public key pair. When started, find Type of key to generate and select SSH-2 RSA and then set Number of bits in a generated key to 1024.

puttygen-1

Then click on Generate and move the mouse pointer over the blank area during the key generation to generate some randomness:

puttygen-2

When the private/public key pair has been generated it’s time to enter a comment to keep track of the key pair. Under Key comment, enter anthing you want but a pro tip is to enter something descriptive of the purpose of the key pair.

Save the public key

Then click on Save public key and save it in some safe location on your computer. You are free to choose a filename and extension, but it should be one that lets you remember for which system it is.

puttygen-3

Save the private key

Before we save the private key we should enter a Key passphrase and repeat it under Confirm passphrase. The passphrase will be used to encrypt the key on disk, without the passphrase you will not be able to use the key and it would be of no use.  If you leave the passphrase fields blank, the key will be saved unencrypted. Sometimes you may need to use a key with no passphrase like when you need to run some automated script that will connect via SSH and you can’t be there everytime to enter the passphrase. For this type of keys you shoulf generate a special key for each specific script, that way it’s easier to remove the access when job is done or the private key is compromised.

 

When the passphrase has been entered click on Save private key. You can save it in the same location as the public key but whatever you do, don’t lose it. If you do and have disabled username/password logins, you will not be able to login anymore!

Choose a filename, the only restriction is that the extension must be .ppk:

Add the public key to your server

Select All text in the textbox Public key for pasting into OpenSSH authorized_keys file, right-click and copy the public key from the PuTTYgen window:

puttygen-4

Connect to your server using the root username and password, and paste the public key into the file

~/.ssh/authorized_keys

If the directory ~/.ssh is not available, create it with the following commands:

mkdir ~/.ssh
chmod 700 ~/.ssh

Edit the authorized_keys file with nano:

nano~/.ssh/authorized_keys

and paste the content in one single line!

That authorized_keys file must be write/readable only by that user, so we chmod it:

chmod 600 ~/.ssh/authorized_keys

Save and exit nano and all is done on the server side.

 

Tell Putty to use the private key when connecting to your server

Start Putty and from the Category window, select Connection | SSH | Auth and click the Browse… button.

putty-5

Browse to your .ppk file and select open.

If you want to automatically fill in the username when opening your connection you can enter that information in the Category Connection | Data.

Leave a Reply

Your email address will not be published. Required fields are marked *