How to Generate SSH Keys & Connect to your VPS with PuTTY
This is a a bit (ok more than a bit) geeky but I wanted to share my notes on how to SSH to a remote server using PuTTY and public key authentication. People seem to have a lot of trouble with this - mostly with the dredded "server refused our key" error. There are several ways to set up PuTTY to use public key authentication. The method below has worked successfully for me many times - mostly connecting to our CentOS VPS. I am sharing with you assuming you already have some basic Linux command line knowledge, you know what PuTTY is and that you understand you are using these instructions at your own risk.
- ssh to server via PuTTY using your user name and password. The user name should be the same user you will be logging in as via PuTTY. I do not recommend using root. You should be in your home directory if not :
- mkdir ~/.ssh
chmod 700 ~/.ssh
- Generate the keys on the server with something like "ssh-keygen -t rsa" (or dsa - read the man pages for info on using ssh-keygen). When you see the message "Enter file in which to save the key" you can give your keys a unique name and specify where to create the keys. An example would be "/home/username/.ssh/id_rsa". Then enter a strong passphrase. This creates two files - a public key and private key. They should located in the hidden folder /home/username/.ssh.
- Now add the pub key to the "authorized_keys" file with something like:
cat id_rsa.pub >> authorized_keys
IMPORTANT - check permissions on the /home/username/.ssh folder and make sure to chmod 700 .ssh if they are wrong.
IMPORTANT - check permissions on your /home/username/.ssh/authorized_keys file and make sure to chmod 600 authorized_keys if they are wrong.
- Copy the private key (id_rsa is the default name if none was specified) to your local windows machine.
- NOW open PuTTYgen and under actions select "load" and load the id_rsa file.
- Enter the passphrase you set when you generated the key on the server. PuTTYgen will now convert the key to something that PuTTY will understand.
- Click "Save Private Key" and save that file to something like privatekey.ppk
- NOW change your PuTTY settings under "connection > SSH > auth to use privatekey.ppk
NOW try and connect. Enter the passphrase when prompted. Now all you have to do is set up Pageant (an SSH authentication agent for PuTTY) to automate entering the passphrase. Lots of info online on setting up Pageant and I am sure you will figure it out for yourself. Hope this helps.