To generate SSH public and private key pairs on Windows, one of the easiest tools to use, is the PuTTY Key Generator “puttygen.exe” (which can be downloaded from here).
The resulting generated files from the PuTTY Key Generator can be used to set up public key authentication with a remote server, allowing for more secure authentication over normal password based authentication (requires disabling password based authentication).
Download the PuTTY Key Generator
You can download puttygen from the following url:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Run puttygen.exe
When puttygen has loaded you will be presented with a screen such as this:
Generate the public and private keys
Click the “Generate” button on the main window to start the process of generating the key data.
While this is happening, you will need to move your mouse around in the blank area at the top of the application. This is used to help randomize the data used to generate the keys.
Once the progress bar has gone through, the public and private key data will have been generated, and you are ready to save the keys.
Saving the public and private keys
Public Key:
Simply press the “Save public key” button. This will be used on the remote host you want to be able to connect into remotely, using the private key.
Private Key:
You have the option to enter a passphrase if you want to make the key more secure. Enter that in, and the confirmed passphrase.
After thats done (or if you dont want to use a passphrase), simply press the “Save private key” button. Store this key in a safe place.
Using the private key in PuTTY
For information on how to use the private key file in PuTTY, please check the following page:
Using SSH Private Key Files with PuTTY
The following guide shows you how to log into a remote server using your private key file. It assumes you already have the associated public key already added into the remote hosts authorized_hosts file.
Download PuTTY
Download PuTTY if you don’t have it installed yet.
You can download PuTTY from the following url:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Open PuTTY
Run Putty.
You should be presented with a screen like this:
Enter in the host name or IP address of the host you want to connect to now, ready to go onto the next step.
Select private key file
Browse the category tree on the left to Connection -> SSH -> Auth
Press browse, and select your private key file.
Connect to remote server
All that’s left to do now, is to press the “Open” button.
You will be asked for the login username as per normal. You will then be asked for the private key passphrase. If you didn’t set a passphrase, you should now be logged into the server.
SSH allows for both password based authentication, as well as public key authentication. Public key authentication is generally regarded as being more secure, as it isn’t as prone to brute force login attempts (if you disable password based authentication). The private key can also have a passphrase associated with it, which makes public key authentication even more secure if needed.
Sometimes cloud servers will let you put a public key in as a authorized authentication key when the cloud server is created, preventing the need for password based authentication to be enabled by default.
Generate a new SSH public and private key pair:
$ ssh-keygen -t rsa -C "identifying comment" -f keypair
“Identifying comment” can be any string that will assist in determining which key this is. “username@hostname” of the machine where you are connecting from would be a good example.
eg:
$ ssh-keygen -t rsa -C "identifying comment" -f keypair Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in keypair. Your public key has been saved in keypair.pub. The key fingerprint is: 54:91:95:a1:6c:c9:dc:69:22:a4:04:6a:af:1b:f7:1d identifying comment The key's randomart image is: +--[ RSA 2048]----+ | ... . o+oo | | . . o =.+.. | | o . o O + | | . . . o o | | . S | | . | | o . E | | + . . . | | . . . | +-----------------+ $
This will generate two files, “keypair” and “keypair.pub”. “keypair” being the private key that you need to keep secure, and “keypair.pub” being the public key, that can be put on servers that you want to be able to log into with the private key.
Change the filename to suit your needs. This example uses “keypair” for the examples.
The contents of the public key file “keypair.pub” can be inserted into the ~/.ssh/authorized_keys file on the machine that you want to be able to connect into remotely. This must be done for the specific user.
Insert public key into authorized keys
View the contents of the public key file:
$ cat keypair.pub
eg:
$ cat keypair.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGZyIXXpdrvMJNPvC+Mk6ziW8TRQWCQCzWq7CU4FkssTC1/p4INbEsaeC6ZS4w810QnAtzdWDgqm5u7GeJ8HNQUvTTGSLITtqzXSSDyuRq+qJehTlRQSklHWoviYwZoflz6yh6vSP9uDE9Xh75PfMBTHETVt3nqhQ/lGkrPdog6oo+F8r5rFQpjMatYKdbfsma/pVzORQnBMuaqGRCnFtqWu5mMJvUUa3Nzu07PH7lUHU8tra124OtJrOIBJfG7k0iFMmKS3v9kvNLFvymHtEDn4noclQsJ+5FQEe7BebhZwyhGxzscM0U3mTtfPd8wtwqQNLPmDr+/q8b4r23w5fR identifying comment $
Take note of the output, and copy it into the clipboard if possible, or use some other method to get this file/data onto the remote machine, as it will be used in the next step.
On the remote server you want to be able to log into:
$ echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGZyIXXpdrvMJNPvC+Mk6ziW8TRQWCQCzWq7CU4FkssTC1/p4INbEsaeC6ZS4w810QnAtzdWDgqm5u7GeJ8HNQUvTTGSLITtqzXSSDyuRq+qJehTlRQSklHWoviYwZoflz6yh6vSP9uDE9Xh75PfMBTHETVt3nqhQ/lGkrPdog6oo+F8r5rFQpjMatYKdbfsma/pVzORQnBMuaqGRCnFtqWu5mMJvUUa3Nzu07PH7lUHU8tra124OtJrOIBJfG7k0iFMmKS3v9kvNLFvymHtEDn4noclQsJ+5FQEe7BebhZwyhGxzscM0U3mTtfPd8wtwqQNLPmDr+/q8b4r23w5fR identifying comment" >> ~/.ssh/authorized_keys
If you have chosen to copy the public key file to the remote host instead, you can issue the following command instead:
$ cat keypair.pub >> ~/.ssh/authorized_keys
Logging into remote ssh server using the private key file
To connect to the remote host using SSH you can use the following command:
$ ssh -i keypair user@hostname
This will use the private key called “keypair” created earlier, and assuming the remote server has the public key added to the “user” users authorized_keys file, you should be able to log into the remote system.