Use SSH Keys with PuTTY on Windows

SSH can handle authentication using a traditional username and password combination or by using a public and private key pair. The SSH key pair establishes trust between the client and server, thereby removing the need for a password during authentication. While not required, the SSH private key can be encrypted with a passphrase for added security.

The PuTTY SSH client for Microsoft Windows does not share the same key format as the OpenSSH client. Therefore, it is necessary to create a new SSH public and private key using the PuTTYgen tool or convert an existing OpenSSH private key.

Requirements

  • PuTTY SSH client for Microsoft Windows
  • Remote server accessible over OpenSSH

Install PuTTY and PuTTYgen

Both PuTTY and PuTTYgen are required to convert OpenSSH keys and to connect to the server over SSH. These two tools can be downloaded individually or, preferably, as a Windows installer from the PuTTY Download Page.

Once the PuTTY Windows installer is downloaded, double-click the executable in the Download folder and follow the installation wizard. The default settings are suitable for most installations. Both PuTTY and PuTTYgen should now be accessible from the Windows Programs list.

Use Existing Public and Private Keys

If you have an existing OpenSSH public and private key, copy the id_rsa key to your Windows desktop. This can be done by copying and pasting the contents of the file or using an SCP client such as PSCP which is supplied with the PuTTY install or FileZilla.

Next launch PuTTYgen from the Windows Programs list.

  1. Click "Conversions" from the PuTTY Key Generator menu and select "Import key".
  2. Navigate to the OpenSSH private key and click "Open".
  3. Under "Actions" / "Save the generated key", select "Save private key".
  4. Choose an optional passphrase to protect the private key.
  5. Save the private key to the desktop as "id_rsa.ppk".

If the public key is already appended to the "authorized_keys" file on the remote SSH server, then proceed to Connect to Server with Private Key.

Otherwise, proceed to Copy Public Key to Server.

Create New Public and Private Keys

Launch PuTTYgen from the Windows Programs list and proceed with the following steps.

  1. Under "Parameters", increase the "Number of bits in a generated key:" to a minimum value of 2048.
  2. Under "Actions" / "Generate a public/private key pair", click "Generate".
  3. You will be instructed to move the mouse cursor around within the PuTTY Key Generator window as a randomizer to generate the private key.
  4. Once the key information appears, click "Save private key" under "Actions" / "Save the generated key".
  5. Save the private key to the desktop as "id_rsa.ppk".
  6. The box under "Key" / "Public key for pasting into OpenSSH authorized_keys file:" contains the public key.

Copy Public Key to Server

The OpenSSH public key is located in the box under Key / Public key for pasting info OpenSSH authorized_keys file:. The public key begins with ssh-rsa followed by a string of characters.

  1. Highlight entire public key within the PuTTY Key Generator and copy the text.
  2. Launch PuTTY and log into the remote server with your existing user credentials.
  3. Use your preferred text editor to create and/or open the authorized_keys file:

vi ~/.ssh/authorized_keys
  1. Paste the public key into the authorized_keys file.
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBp2eUlwvehXTD3xc7jek3y41n9fO0A+TyLqfd5ZAvuqrwNcR2K7UXPVVkFmTZBes3PNnab4UkbFCki23tP6jLzJx/MufHypXprSYF3x4RFh0ZoGtRkr/J8DBKE8UiZIPUeud0bQOXztvP+pVXT+HfSnLdN62lXTxLUp9EBZhe3Eb/5nwFaKNpFg1r5NLIpREU2H6fIepi9z28rbEjDj71Z+GOKDXqYWacpbzyIzcYVrsFq8uqOIEh7QAkR9H0k4lRhKNlIANyGADCMisGWwmIiPJUIRtWkrQjUOvQgrQjtPcofuxKaWaF5NqwKCc5FDVzsysaL5IM9/gij8837QN7z rsa-key-20141103
  1. Save the file and close the text editor.

  2. Adjust the permissions of the authorized_keys file so that the file does not allow group writable permissions.

chmod 600 ~/.ssh/authorized_keys
  1. Logout of the remote server.

Connect to Server with Private Key

Now it is time to test SSH key authentication. The PuTTYgen tool can be closed and PuTTY launched again.

  1. Enter the remote server Host Name or IP address under "Session".
  2. Navigate to "Connection" > "SSH" > "Auth".
  3. Click "Browse..." under "Authentication parameters" / "Private key file for authentication".
  4. Locate the "id_rsa.ppk" private key and click "Open".
  5. Finally, click "Open" again to log into the remote server with key pair authentication.
Was this article helpful?
We use cookies on our website to provide you with the best possible user experience. By continuing to use our website or services, you agree to their use. More Information.
Page top