Secure Shell (SSH) is a network protocol encryption for secure connections between client and server, and supports a variety of authentication mechanisms.
The two most popular mechanism is password-based authentication and verification of identity-based public key. Use SSH keys safer and more convenient than the traditional password authentication.
This tutorial explains how to use PuTTYgen generate SSH keys on Windows. We'll also show you how to set up SSH keys to verify identity based on and connect to a remote Linux server without entering a password.
Download PuTTYgen
PuTTYgen is an open source utility that allows you to the most popular Windows SSH client PuTTY SSH key generation.
PuTTYgen provided as a separate executable file, which is also part of the package PuTTY.msi installation. If you do not PuTTYgen, please go to the PuTTY download page and download the PuTTY installation package. Installation is very simple, double-click the installation package and follow the instructions.
Use PuTTYgen create SSH keys
To generate an SSH key pair PuTTYgen on Windows, follow these steps:
-
Start PuTTYgen Tools, double-click the .exe file or go to the Windows Start Menu → PuTTY (64 Wei) → PuTTYgen.
For Type of key to generate, keep the default RSA. For most people, Number of bits in a generated key 2048 is sufficient. Alternatively, you can change it to 4096.
-
Click the Generate button to start the process of generating a new key pair.
The system will ask you to move your mouse over a blank area of the Key section to generate some randomness. When you move the pointer, green progress bar will advance. This process should take a few seconds.
-
After the generation process is completed, the public key will be displayed in the window.
(Optional) If you want to use a password, type the password in the "Key passphrase" field and confirm the same password in "Confirm passphrase" field. If you choose to use a password phrase, you can get additional security by protecting against unauthorized use of the private key.
If you set a password, you need to enter a password every time when using the private key.
-
Click the "Save private key" button to save the private key. You can use .ppk extension (PuTTY private key) to save the file in any directory, it is recommended that you save can easily find its place in. Use a descriptive name for the private key file is very common.
Alternatively, you can also save the public key, but you can regenerate the public later by loading the private key.
-
Right-click labeled "Public key for pasting into OpenSSH authorized_keys file" in the text field, then click "Select All" to select all the characters. Open a text editor, paste and save the characters. Make sure you paste the entire key. We recommend saving the file in the same directory where you saved the private key, the private key and use .txt or .pub the same name as the file extension.
This is where you will add it to the key Linux servers.
Copy the public key to the Linux server
Now that you have generated SSH key pair, the next step is to copy the public key to the server to be managed.
Start PuTTY programs and log on to a remote Linux server.
If your SSH user directory does not exist, use the mkdir command to create it and set the correct permissions:
mkdir -p ~/.ssh chmod 0700 ~/.ssh
Open the text editor ~ / .ssh / authorized_keys file, and paste the copied in step 4 in a public key to ~ / .ssh / authorized_keys in:
nano ~/.ssh/authorized_keys
Text entire public should be on one line.
Run the following command chown to ensure that only you can write to the ~ / .ssh / authorized_keys file:
chmod 0600 ~/.ssh/authorized_keys
Login server using SSH keys
Pageant is a PuTTY SSH authentication agent, it will save the private key in memory. Pageant binary file is part of PuTTY.msi installation package, you can start → PuTTY (64 Wei) → Pageant by going to the Windows Start menu.
When you start Pageant, it will place an icon in the system tray. Double-click the icon, Pageant window opens.
To load a key, press the "Add key" button, which will open a new file dialog. Find the private key file and press "Open." If you have not set a password, the key will be loaded immediately. Otherwise, you will be prompted to enter the password.
Enter the password, Pageant will load the private key.
After completing the above steps, you should be able to log on to a remote server without being prompted for a password.
To test it, open a new PuTTY SSH session and try to log on to your server. PuTTY will use the key loading, you will log on Linux servers without entering a password.
Disabling SSH password authentication
To add an extra layer of security for the server, you can disable SSH authentication password authentication.
Before you disable SSH password authentication, make sure you do not need a password to log server, and the user has logged on your sudo privileges.
Log on to the remote server and use a text editor to open the SSH configuration file / etc / ssh / sshd_config:
sudo nano /etc/ssh/sshd_config
Search instructions and as such the following modifications:
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
When finished, type the following command to save the file and restart the SSH service:
sudo systemctl restart ssh
In this case, disable the password-based identity verification.
to sum up
In this tutorial, you learned how to generate a new SSH key pair and set up SSH keys based on identity. You can add the same key to multiple remote servers. We also show you how to disable the SSH password authentication and add an extra layer of security for your server.
By default, SSH listens on port 22. To change the default SSH port will automatically reduce the risk of attack.
If you encounter problems or have feedback, please leave a message below.