Key-Based SSH Logins With PuTTY

Version 1.0
Author: Falko Timme
Last edited 12/05/2006

This guide describes how to generate and use a private/public key pair to log in to a remote system with SSH using PuTTY. PuTTY is an SSH client that is available for Windows and Linux (although it is more common on Windows systems). Using key-based SSH logins, you can disable the normal username/password login procedure which means that only people with a valid private/public key pair can log in. That way, there is no way for brute-force attacks to be successful, so your system is more secure.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

In this tutorial I use a Windows desktop to connect to a Linux SSH server (Debian Sarge, IP address: 192.168.0.100).

 

2 Install PuTTY, PuTTYgen, And Pageant On The Windows System

First we need to install PuTTY, PuTTYgen, and Pageant on our Windows system. All we need to do is download the exectuable files (.exe) and save them somewhere, e.g. on the desktop. We don't need to install them as they are standalone applications. To start them, we only need to double-click them.

Download the following files from the PuTTY download page and save them on your Windows system, e.g. on the desktop:

http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe

http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe

 

3 Create A Profile With Settings For Our 192.168.0.100 Server

In PuTTY, you can create profiles for connections to your various SSH servers, so you don't have to type in the settings again when you want to connect to a certain server again.

Let's create a profile for our 192.168.0.100 server. Start PuTTY by double-clicking its executable file. You are now in the category Session (see the tree on the left side of the screenshot). Enter 192.168.0.100 under Host Name (or IP address), enter 22 under Port and select SSH under Protocol:

Then go to Connection -> Data and specify the username with that you want to log in to your SSH server under Auto-login username. In this article I use root:

Then go to Session again. Under Saved Sessions enter a name for the profile, e.g. 192.168.0.100 or any other string that lets you remember for which server the profile is. Then click on Save:

The next time you use PuTTY, you can simply select the appropriate profile from the Saved Sessions textarea, click on Load and then Open.

Share this page:

33 Comment(s)

Add comment

Comments

From: FalconsMaze at: 2010-06-19 18:43:49

Thank you for the detailed screen shots and hand holding.  I was able to set this up in five minutes.  On other blogs there are a lot of steps omitted or :"your just suppose to know that setup."


Awesome job!


 

From: dcb at: 2012-08-16 09:13:49

This is well explained thank you. Putty does it's job well, but there are few instructions around that explain how to use it. The messages from failed login attempts rarely give any clues about how PuTTY should be set up. Many thanks for taking the time to document these settings and explain them so clearly. It is much appreciated.

David.

From: DizzyBum at: 2013-02-25 16:18:57

Thanks for this article!  I use Putty non-stop at work and this is going to cut out a lot of the time I spend copying and pasting long passwords.  Very clear and simple instructions.

From: Brian at: 2013-07-23 18:58:13

Thanks for explaining the whole process! I had stumbled through the key generation but couldn't figure out how to get the public key to the server in the right spot. I've bookmarked this page for future reference, because at my new job I've got a lot of servers to ssh to.

From: at: 2006-12-09 08:08:12

$HOME/.ssh/authorized_keys2 is deprecated and only still valid because of OpenSSH trying to be backward compatible, the actual file is $HOME/.ssh/authorized_keys, see the manual page of sshd.

From: at: 2006-12-12 16:42:03

There is no reason why '~/.ssh/authorized_keys(2)' cannot be globally readable, obviously you do not want it globally writable.

If someone was to take a copy of your public key the 'worst' they could do is give you access to an additional system.... :-/

No harm  in "chmod 0600"'ing but it does imply you have missed the meaning of 'public' in public key based authentication systems. I personally use 0644.

From: Paulo at: 2008-12-13 00:44:46

Very nice how to, thanks!!! It worked for me.

From: at: 2008-12-17 14:28:03

Really good and clear explanation. Properly step-by-step, with screenshots all the way. Even a total beginner can follow this. Great job. Thanks.

From: Hb at: 2009-01-09 21:26:12

After pasting the clipboard to vi you will see Insert as status mode at the bottom of the screen. Now press Esc to get in command mode and then :wq and Enter to leave (and survive) vi.

On most systems nano is installed. Nano is probably easier to use.

From: spice at: 2011-07-20 20:36:22

I tried saving the public key as a file (on Windows), and then copied this multi-line file to my Unix server.  This didn't work.  I suspect end-of-line issues.

When I simply copied the public key from the field in Putty, and then pasted this single line into  ~/.ssh/authorized_keys things worked.

 

From: Anonymous at: 2011-09-28 11:03:23

great help!

From: Scott D. at: 2012-02-27 20:13:20

Hi, thanks for a tutorial that talks about Loading existing private keys. I managed to get putty connecting through SSH, with keys, to my Ubuntu Virtual Private Server.

From: Gallomimia at: 2012-12-11 18:15:53

This is correct. It is the private key which must be made 600 on linux systems for them to be used as outgoing connections. In fact, 400 is a better permission mode.

 Speaking of outbound private keys, why can't I use my openSSH private key as is with putty?

From: at: 2006-12-08 09:11:10

I've always wanted to do this, but have never known how. This tutorial told me exactly what I needed to know. Thanks! 

From: at: 2006-12-10 19:23:45

There is a version of PuTTY called PortaPuTTY that can be installed to USB drives, without any Registry modifications.

From: Damian at: 2009-12-14 15:17:59

Just been pulling my hair out trying to get Windows to talk nicely to Ubuntu and this nailed it. Cheers Damian

From: Anonymous at: 2009-11-07 05:01:36

Thanks for this.


 This is a great site with lots of useful stuff explained in a clear and concise manner.

From: Mikeomillian at: 2010-03-20 14:49:02

I was actually trying to admin my VPS without command line, because I had tried putty once and it didn't work. This got it working in about 10 minutes, thank you!

From: Neil at: 2010-07-21 07:37:00

Thank you so much. Easy, step by step, and it just works.


 Wonderful.

From: Thiago Cruz at: 2010-07-27 14:31:18

Excelent step-by-step. I used it with plink. Thanks

From: TeHZomB at: 2011-01-28 04:57:51

Thanks, this guide is great and really easy to follow! Even five years later, works like a charm.

From: Mike G. at: 2011-05-04 16:54:52

Excellent tutorial -- it was very clear and well written.

From: Angel S. Moreno at: 2011-05-18 03:23:07

I've been using putty for a while but never made use of the tools or settings described. Super helpful.

From: metazone at: 2011-06-07 15:48:10

This should be a model for tutorials -- succinctly states why we need to do something and then provides a very nice explanation --

From: Michael at: 2011-08-10 11:17:07

Very clear and simple, thanks.

From: uptoome at: 2011-09-13 16:31:23

This worked right out of the box. Thank you.

From: KB at: 2011-12-10 19:31:47

Very well done and easy to follow directions.

I had problems with the keys generated by putty for some unknown reason, possibly due to not adding the username, though I'm not sure.

Instead, I generated them on the server using ssh-keygen -t rsa then copied the .pub key over to authorized_keys2 and downloaded the private key to my local machine (being sure to remove the private key from the server for security purposes afterward). I then was able to import the private key into PuttyGen and save it out as a .ppk file and work with the rest of your instructions.

From: Anonymous at: 2012-02-22 16:15:28

Thanks for this great tutorial! 

From: DreadfullyDespized at: 2012-03-07 03:58:35

This is a great article, thanks for this.  It worked great on my WD My Book Live 2TB.

From: Anonymous at: 2012-07-03 17:11:49

Drove me nuts - Listening on the wrong port in sshd_config, changed it because work think it is a safer to use the known port...

From: Fredy10 at: 2013-01-03 16:46:35

Very good how to! its very easy and clear!

Thanks!

From: krumov at: 2013-01-23 15:05:03

This is really Good HowTo which is clear enough for everyone , even the newest people who are touching the mouse and the keyboard for the first time ever.

Great !

From: David Coll at: 2013-04-22 03:58:15

Doing this will result in most frequent Server resused your key.

 You must create your private key on linux using "ssh-keygen", then import the private key in putty, save it on window for putty-use.

On server you do "cat id_rsa.pub >> authorized_keys2  "

 ..and voila.