Create a private/public key pair using PUTTYgen

Introduction

This guide describes how to generate and use a private/public key pair to log in to a remote system with SSH using PuTTY. Using key-based SSH logins, you can disable the normal username/password login procedure which means that only people with a valid private/public key pair can log in. That way, there is no way for brute-force attacks to be successful, so your system is more secure.

 

Prerequisites

First we need to download PuTTYgen on our Windows system. PUTTYgen only usage is to create the private/public key pair, we then need Putty to connect to the VPS. Both PUTTYgen and Putty can be downloaded from this page here.

Download the exectuable files (.exe) and save them on the desktop. The files are stand alone applications so no installation is needed. Start PUTTYgen by double-clicking on it.

Create the key pair

We will use PuTTYgen to create a private/public key pair. When started, find Type of key to generate and select SSH-2 RSA and then set Number of bits in a generated key to 1024.

puttygen-1

Then click on Generate and move the mouse pointer over the blank area during the key generation to generate some randomness:

puttygen-2

When the private/public key pair has been generated it’s time to enter a comment to keep track of the key pair. Under Key comment, enter anthing you want but a pro tip is to enter something descriptive of the purpose of the key pair.

Save the public key

Then click on Save public key and save it in some safe location on your computer. You are free to choose a filename and extension, but it should be one that lets you remember for which system it is.

puttygen-3

Save the private key

Before we save the private key we should enter a Key passphrase and repeat it under Confirm passphrase. The passphrase will be used to encrypt the key on disk, without the passphrase you will not be able to use the key and it would be of no use.  If you leave the passphrase fields blank, the key will be saved unencrypted. Sometimes you may need to use a key with no passphrase like when you need to run some automated script that will connect via SSH and you can’t be there everytime to enter the passphrase. For this type of keys you shoulf generate a special key for each specific script, that way it’s easier to remove the access when job is done or the private key is compromised.

 

When the passphrase has been entered click on Save private key. You can save it in the same location as the public key but whatever you do, don’t lose it. If you do and have disabled username/password logins, you will not be able to login anymore!

Choose a filename, the only restriction is that the extension must be .ppk:

Add the public key to your server

Select All text in the textbox Public key for pasting into OpenSSH authorized_keys file, right-click and copy the public key from the PuTTYgen window:

puttygen-4

Connect to your server using the root username and password, and paste the public key into the file

If the directory ~/.ssh is not available, create it with the following commands:

Edit the authorized_keys file with nano:

and paste the content in one single line!

That authorized_keys file must be write/readable only by that user, so we chmod it:

Save and exit nano and all is done on the server side.

 

Tell Putty to use the private key when connecting to your server

Start Putty and from the Category window, select Connection | SSH | Auth and click the Browse… button.

putty-5Browse to your .ppk file and select open.

If you want to automatically fill in the username when opening your connection you can enter that information in the Category Connection | Data.

 

Hope this helps you all into changing from the default way of using Username / Password to login to your server and start using the more secure way with private / public keys.

 

1 comment for “Create a private/public key pair using PUTTYgen

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.